[Samba] Problems attaching Windows server as secondary DC.

Matthieu Patou mat at samba.org
Sat Apr 20 22:20:42 MDT 2013 

On 04/20/2013 04:40 PM, simon+samba at matthews.eu wrote:
>
>
> On Sat, 20 Apr 2013, Matthieu Patou wrote:
>
>> On 04/13/2013 04:38 PM, simon+samba at matthews.eu wrote:
>>>
>>>  I have my Samba4 up and running. I was able to get a Windows 2012 
>>> server
>>>  to join the samba4 domain.
>>>
>>>  However, I have not been able to get the Windows server to promote 
>>> itself
>>>  to a secondary DC.
>>>
>>>  I would appreciate any suggestions on debugging this issue.
>>>
>>>  One the Server 2012 machine, in the "prerequisites check", I see the
>>>  following message:
>>>  "Verification or prerequisites for Active Directory preparation failed
>>>  ......
>>>  Exception: THe RPC server is unavailable. ....."
>>>  Adprep could not retrieve data from the server <servername> ..."
>>>
>>>  The servername is correct and resolves to my samba4 server.
>>>
>>>  On the Samba4 server, I see the following in the logs:
>>>  [2013/04/12 12:02:30,  3]
>>>  ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
>>>    Got NTLMSSP neg_flags=0xe2088235
>>>  [2013/04/12 12:02:30,  3]
>>>  ../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
>>>    Warning: 60 extra bytes in incoming RPC request
>>>  [2013/04/12 12:02:30,  3]
>>>  ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74(dcesrv_drsuapi_DsBind) 
>>>
>>>    ../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with
>>>  system_session
>>>  [2013/04/12 12:02:33,  3]
>>>  ../source4/smbd/service_stream.c:63(stream_terminate_connection)
>>>    Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
>>>  [2013/04/12 12:02:33,  3]
>>>  ../source4/smbd/process_single.c:114(single_terminate)
>>>    single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
>>>
>>>
>>>  Any ideas?
>> We don't support Windows 2012 yet, for multiple reasons:
>>
>> In order to have a Windows 2012 DC you must have a 2012 compliant 
>> schema, up to Windows 2008R2 included the way to do was to run 
>> programs provided by Microsoft on existing DC to upgrade the schema 
>> and do some adaptation to the database. With windows 2012 they have 
>> introduced a way to do it also remotely via webservices that we don't 
>> support and we dont' plan to support. So usual upgrade path is not 
>> possible.
>>
>> Up to now we have asked and received new schema from Microsoft after 
>> each new AD product but for 2012 we didn't really asked so we haven't 
>> received it yet, *if* we had it the way to go would be to run 
>> something like samba_upgradeprovision so that we would be able to add 
>> missing schema entries and modify needed objects, but this is not yet 
>> a solution (although it might be a much shorter delay before getting 
>> it).
>>
>> Last would be to add an older version of Windows (2003, 2008, 2008R2) 
>> to the domain and run the program to upgrade the schema, it won't 
>> work until you migrate schema master role to the newly added Windows 
>> DC. Then you might run into problems while synchronizing this is a 
>> known problem that we are working on and you'll face for sure if you 
>> try to join samba to a domain with a Windows 2012 schema.
>
> Are you saying that, in addition to not being able to join a Windows 
> 2012 server to a samba domain, the reverse will not work as well? I 
> can't join a Linux box to a Windows 2012 domain as a client (not as a 
> DC, but just a domain member)?
No just as DC to a 2012 domain.

Matthieu.
>
> Simon
>


-- 
Matthieu Patou
Samba Team
http://samba.org

More information about the samba mailing list