error with configuring subdomain

Andrew Bartlett abartlet at
Thu Oct 4 01:51:14 MDT 2012

On Thu, 2012-10-04 at 10:41 +0300, Sergey Leschenko wrote:
> 04.10.2012 10:34, Andrew Bartlett wrote:
> > On Thu, 2012-10-04 at 10:21 +0300, Sergey Leschenko wrote:
> >> Hello, I want to get the configuration of the central tree, the branches
> >> of which are replicated in the Multi-master mode with his subordinates
> >> DCs and back. For example:
> >> There is a central dc.domain.local, which is the main DCs for the
> >> company (realm DOMAIN.LOCAL).
> >> There dc.kiev.domain.local (realm KIEV.DOMAIN.LOCAL),
> >> dc.lviv.domain.local (realm LVIV.DOMAIN.LOCAL), which are the DCs for
> >> its branches.
> >>
> >> I want that when changes are made to kiev.domain.local, so they
> >> replicated to DN: dc=kiev,dc=domain,dc=local on the main DC dc.domain.local.
> >>
> >> I thought that this should be used:
> >> samba-tool domain join domain.local SUBDOMAIN -Uadministrator
> >> -realm=DOMAIN.LOCAL -parent-domain=domain.local
> >> Say configuration I want to get possible?
> > No, it isn't.  This work was started just over a year ago, but it was
> > never finished.
> >
> > Sorry,
> >
> > Andrew Bartlett
> >
> Are there any prospects for this functionality? Where can I view the 
> status of this development?

No, there is no prospect of any change at this point.  Development of
new AD features stalled out this time last year, and since then I've
been focussed on the changes required to bring the AD server to the 4.0
release (specifically the file server integration has taken a lot of

As new developers take an interest or old developers find the resources
to work on this again I'll be happy to brief them on the status. 

The first task will be to finish the implementation in 'make test', and
to the look into if we need to restructure our code to have a common

Inter-domain trusts may require significant changes there to cope with
NTLMSSP logins, but When using only krb5 some functionality may be
available before that is done. 

The specific error you see may be easily worked around - it seems like
simply trying to join a DC using the same name already in use - but
other challenges are much bigger. 

Andrew Bartlett
Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list