Samba 4.12.5 Windows AD 2012R2 integration

Rowland penny rpenny at samba.org
Thu Jul 23 14:35:22 UTC 2020 

On 23/07/2020 14:52, Izzet Aydın via samba-technical wrote:
> Hello everybody,
>
> I'm trying to add my samba server as an additional domain controller 
> to an existing Windows Server 2012R2 AD server.
>
> However, even if i use samba 4.12.5 version i get following error:
>
> #samba-tool domain join domain.fqdn DC -U "DOMAIN\admin"
>
> INFO 2020-07-23 15:10:25,275 pid:2804 
> /usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable 
> DC for domain 'domain.fqdn'
> INFO 2020-07-23 15:10:25,284 pid:2804 
> /usr/lib/python3/dist-packages/samba/join.py #109: Found DC 
> dc1.domain.fqdn
> Password for [DOMAIN\admin]:
> INFO 2020-07-23 15:10:34,754 pid:2804 
> /usr/lib/python3/dist-packages/samba/join.py #1542: workgroup is DOMAIN
> INFO 2020-07-23 15:10:34,754 pid:2804 
> /usr/lib/python3/dist-packages/samba/join.py #1545: realm is domain.fqdn
> Adding CN=samba,OU=Domain Controllers,DC=domain,DC=fqdn
> Adding 
> CN=samba,CN=Servers,CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=fqdn
> Adding CN=NTDS 
> Settings,CN=samba,CN=Servers,CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=fqdn
> DsAddEntry failed with status WERR_ACCESS_DENIED info (8567, 
> 'WERR_DS_INCOMPATIBLE_VERSION')
> Join failed - cleaning up
> Adding CN=samba,OU=Domain Controllers,DC=domain,DC=fqdn
> Adding 
> CN=samba,CN=Servers,CN=domain,CN=Sites,CN=Configuration,DC=domain,DC=fqdn
> ERROR(runtime): uncaught exception - DsAddEntry failed
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 
> 186, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 
> 664, in run
>     join_DC(logger=logger, server=server, creds=creds, lp=lp, 
> domain=domain,
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 1558, in 
> join_DC
>     ctx.do_join()
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 1446, in 
> do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 682, in 
> join_add_objects
>     ctx.join_add_ntdsdsa()
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 607, in 
> join_add_ntdsdsa
>     ctx.DsAddEntry([rec])
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 548, in 
> DsAddEntry
>     raise RuntimeError("DsAddEntry failed")
>
> Windows 2012r2 schema version is 69.
>
> Where should i check to resolve this issue ?
>
> Thanks in advance.
>
>
What is the function level of the existing AD, if it is 2012R2, then you 
could try lowering it to 2008R2

Rowland

More information about the samba-technical mailing list