[Samba] Problems attaching Windows server as secondary DC.

Matthieu Patou mat at samba.org
Sat Apr 20 14:10:15 MDT 2013 

On 04/13/2013 04:38 PM, simon+samba at matthews.eu wrote:
>
> I have my Samba4 up and running. I was able to get a Windows 2012 
> server to join the samba4 domain.
>
> However, I have not been able to get the Windows server to promote 
> itself to a secondary DC.
>
> I would appreciate any suggestions on debugging this issue.
>
> One the Server 2012 machine, in the "prerequisites check", I see the 
> following message:
> "Verification or prerequisites for Active Directory preparation failed 
> ......
> Exception: THe RPC server is unavailable. ....."
> Adprep could not retrieve data from the server <servername> ..."
>
> The servername is correct and resolves to my samba4 server.
>
> On the Samba4 server, I see the following in the logs:
> [2013/04/12 12:02:30,  3] 
> ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>   Got NTLMSSP neg_flags=0xe2088235
> [2013/04/12 12:02:30,  3] 
> ../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
>   Warning: 60 extra bytes in incoming RPC request
> [2013/04/12 12:02:30,  3] 
> ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74(dcesrv_drsuapi_DsBind)
>   ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with 
> system_session
> [2013/04/12 12:02:33,  3] 
> ../source4/smbd/service_stream.c:63(stream_terminate_connection)
>   Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
> [2013/04/12 12:02:33,  3] 
> ../source4/smbd/process_single.c:114(single_terminate)
>   single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
>
>
> Any ideas?
We don't support Windows 2012 yet, for multiple reasons:

In order to have a Windows 2012 DC you must have a 2012 compliant 
schema, up to Windows 2008R2 included the way to do was to run programs 
provided by Microsoft on existing DC to upgrade the schema and do some 
adaptation to the database. With windows 2012 they have introduced a way 
to do it also remotely via webservices that we don't support and we 
dont' plan to support. So usual upgrade path is not possible.

Up to now we have asked and received new schema from Microsoft after 
each new AD product but for 2012 we didn't really asked so we haven't 
received it yet, *if* we had it the way to go would be to run something 
like samba_upgradeprovision so that we would be able to add missing 
schema entries and modify needed objects, but this is not yet a solution 
(although it might be a much shorter delay before getting it).

Last would be to add an older version of Windows (2003, 2008, 2008R2) to 
the domain and run the program to upgrade the schema, it won't work 
until you migrate schema master role to the newly added Windows DC. Then 
you might run into problems while synchronizing this is a known problem 
that we are working on and you'll face for sure if you try to join samba 
to a domain with a Windows 2012 schema.

HTH.

Matthieu


-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba mailing list