[Samba] Problems attaching Windows server as secondary DC.

simon+samba at matthews.eu simon+samba at matthews.eu
Sat Apr 20 17:40:01 MDT 2013 


On Sat, 20 Apr 2013, Matthieu Patou wrote:

> On 04/13/2013 04:38 PM, simon+samba at matthews.eu wrote:
>>
>>  I have my Samba4 up and running. I was able to get a Windows 2012 server
>>  to join the samba4 domain.
>>
>>  However, I have not been able to get the Windows server to promote itself
>>  to a secondary DC.
>>
>>  I would appreciate any suggestions on debugging this issue.
>>
>>  One the Server 2012 machine, in the "prerequisites check", I see the
>>  following message:
>>  "Verification or prerequisites for Active Directory preparation failed
>>  ......
>>  Exception: THe RPC server is unavailable. ....."
>>  Adprep could not retrieve data from the server <servername> ..."
>>
>>  The servername is correct and resolves to my samba4 server.
>>
>>  On the Samba4 server, I see the following in the logs:
>>  [2013/04/12 12:02:30,  3]
>>  ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>>    Got NTLMSSP neg_flags=0xe2088235
>>  [2013/04/12 12:02:30,  3]
>>  ../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
>>    Warning: 60 extra bytes in incoming RPC request
>>  [2013/04/12 12:02:30,  3]
>>  ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74(dcesrv_drsuapi_DsBind)
>>    ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with
>>  system_session
>>  [2013/04/12 12:02:33,  3]
>>  ../source4/smbd/service_stream.c:63(stream_terminate_connection)
>>    Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
>>  [2013/04/12 12:02:33,  3]
>>  ../source4/smbd/process_single.c:114(single_terminate)
>>    single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
>> 
>>
>>  Any ideas?
> We don't support Windows 2012 yet, for multiple reasons:
>
> In order to have a Windows 2012 DC you must have a 2012 compliant schema, up 
> to Windows 2008R2 included the way to do was to run programs provided by 
> Microsoft on existing DC to upgrade the schema and do some adaptation to the 
> database. With windows 2012 they have introduced a way to do it also remotely 
> via webservices that we don't support and we dont' plan to support. So usual 
> upgrade path is not possible.
>
> Up to now we have asked and received new schema from Microsoft after each new 
> AD product but for 2012 we didn't really asked so we haven't received it yet, 
> *if* we had it the way to go would be to run something like 
> samba_upgradeprovision so that we would be able to add missing schema entries 
> and modify needed objects, but this is not yet a solution (although it might 
> be a much shorter delay before getting it).
>
> Last would be to add an older version of Windows (2003, 2008, 2008R2) to the 
> domain and run the program to upgrade the schema, it won't work until you 
> migrate schema master role to the newly added Windows DC. Then you might run 
> into problems while synchronizing this is a known problem that we are working 
> on and you'll face for sure if you try to join samba to a domain with a 
> Windows 2012 schema.

Are you saying that, in addition to not being able to join a Windows 2012 
server to a samba domain, the reverse will not work as well? I can't join 
a Linux box to a Windows 2012 domain as a client (not as a DC, but just a 
domain member)?

Simon

More information about the samba mailing list