Join Fails - no machine account?

[Bill Mccabe]

Hi,

I am trying to join a new samba DC to a domain that already has a samba4 AD
in it. The primary DC with samba4 AD has been upgraded recently to
version 4.7.6 on ubuntu bionic. Previously it was running a much older
version of samba4 (whatever normally comes with ubuntu 14.04).

When I run the following command to join a new DC, also running samba 4.7.6
from bionic, to the domain:

samba-tool domain join bousys.com DC -U"BOUSYS\administrator"
--dns-backend=BIND9_DLZ --option="interfaces=lo enp1s0" --option="bind
interfaces only=yes" --option='idmap_ldb:use rfc2307 = yes' --verbose

The command times out after beginning to add the NTDS Settings entries into
active directory. With the debugging turned up I see a more informative
error:

Could not find machine account in secrets database: Failed to fetch machine
account password from secrets.ldb: Could not find entry to match filter:
'(&(flatname=BOUSYS)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636
and failed to open /var/lib/samba/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO

I assume that the join command is attempting to look for the names of the
Primary Domains in AD, but is it trying to open a secrets.tdb on the
already setup domain controller or the new one? Also what do I need to do
to make the join work? I have already tried fixing the AD, with various
samba-tool dbcheck commands and many fixes were made.

I believe my /etc/hosts files are correct, and neither apparmor, firewalls
or selinux are getting in the way. The only strange thing about this
connection is that it is running over a vxlan tunnel, but I would not think
that running that the tunnel would produce such a specific error from samba
if there was something wrong with it.

Any help would be greatly appreciated.

Thanks,

Bill