[Samba] Samba 4.1.0 join Windows 2003 Server with BIND9_DLZ

Rowland Penny rowlandpenny at googlemail.com
Fri Oct 11 09:49:47 MDT 2013 

On 11/10/13 16:36, Jacó Ramos wrote:
> With SAMBA_INTERNAL works properly!
>
> Grato.
> Jacó Ramos
>
>
> 2013/10/11 Jacó Ramos <j4c0r4m0s at gmail.com>
>
>> Hi Greg
>>
>> My passwords are correct and account i am using to join with is valid, and
>> works properly!
>>
>> Grato
>> Jacó Ramos
>>
>>
>> 2013/10/11 Gregory Sloop <gregs at sloop.net>
>>
>>> Wild guess:
>>> The errors I see all have to do with an account that doesn't have a
>>> password, the password is expired etc.
>>>
>>> Are you *sure* the account you're using to join with is valid, and
>>> works properly in other contexts?
>>>
>>> Do some google searches on: [SvcErr: DSID-031A0FC0, problem 5003
>>> (WILL_NOT_PERFORM), data 0] and you'll see what I mean.
>>>
>>> That doesn't mean that's the problem, but that's what I get out of it
>>> - perhaps incorrectly.
>>>
>>> -Greg
>>>
>>> JR> Hi guys,
>>>
>>> JR> When run join in DC
>>>
>>> JR> root at samba4:~# samba-tool domain join jacoramos.net.br DC
>>> -Uadministrador
>>> JR> --realm=jacoramos.net.br --dns-backend=BIND9_DLZ
>>> JR> Finding a writeable DC for domain 'jacoramos.net.br'
>>> JR> Found DC win2003.jacoramos.net.br
>>> JR> Password for [WORKGROUP\administrador]:
>>> JR> workgroup is JACORAMOS
>>> JR> realm is jacoramos.net.br
>>> JR> checking sAMAccountName
>>> JR> Adding CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br
>>> JR> Adding
>>> JR>
>>> CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br
>>> JR> Adding CN=NTDS
>>> JR>
>>> Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br
>>> JR> Adding SPNs to CN=SAMBA4,OU=Domain
>>> JR> Controllers,DC=jacoramos,DC=net,DC=br
>>> JR> Setting account password for SAMBA4$
>>> JR> Enabling account
>>> JR> Adding DNS account
>>> JR> CN=dns-SAMBA4,CN=Users,DC=jacoramos,DC=net,DC=br with
>>> JR> dns/ SPN
>>> JR> Join failed - cleaning up
>>> JR> checking sAMAccountName
>>> JR> Deleted CN=SAMBA4,OU=Domain Controllers,DC=jacoramos,DC=net,DC=br
>>> JR> Deleted CN=NTDS
>>> JR>
>>> Settings,CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br
>>> JR> Deleted
>>> JR>
>>> CN=SAMBA4,CN=Servers,CN=Primeiro-site-padrao,CN=Sites,CN=Configuration,DC=jacoramos,DC=net,DC=br
>>> JR> ERROR(ldb): uncaught exception - LDAP error 53
>>> LDAP_UNWILLING_TO_PERFORM -
>>> JR> <0000052D: SvcErr: DSID-031A0FC0, problem 5003 (WILL_NOT_PERFORM),
>>> data 0
>>>>> <>
>>> JR>   File
>>> JR>
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>> JR> line 175, in _run
>>> JR>     return self.run(*args, **kwargs)
>>> JR>   File
>>> JR>
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
>>> JR> 552, in run
>>> JR>     machinepass=machinepass, use_ntvfs=use_ntvfs,
>>> dns_backend=dns_backend)
>>> JR>   File
>>> JR> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>>> JR> 1169, in join_DC
>>> JR>     ctx.do_join()
>>> JR>   File
>>> JR> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>>> JR> 1072, in do_join
>>> JR>     ctx.join_add_objects()
>>> JR>   File
>>> JR> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>>> JR> 616, in join_add_objects
>>> JR>     ctx.samdb.add(msg)
>>> JR> root at samba4:~#
>>>
>>> JR> -----------------------------------------------
>>>
>>> JR> Anyone have any  ideas?
>>>
>>> JR> --
>>>
>>> JR> *"O homem não foi criado para ser feliz nem para vencer, mas para
>>> viver
>>> JR> para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
>>> JR> *
>>> JR> *
>>> JR> $whoami*
>>>
>>> JR>    - Perito Forense Computacional
>>> JR>    - Pentester
>>> JR>    - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
>>> JR>    Forense Computacional - FACID
>>> JR>    - Bacharel em Ciência da Computação - UESPI
>>> JR>    - Administrador de Redes de Computadores
>>> JR>    - CCNA Modulo II
>>> JR>    - Lattes: *http://lattes.cnpq.br/1591329268136905*
>>>
>>>
>>> JR> Esta mensagem pode conter informações confidenciais e/ou
>>> privilegiadas. Se
>>> JR> você não for o destinatário ou a pessoa autorizada a receber esta
>>> mensagem,
>>> JR> não deve usar, copiar ou divulgar as informações nela contida ou tomar
>>> JR> qualquer ação baseada nessas informações.
>>>
>>>
>>>
>>
>> --
>>
>> *"O homem não foi criado para ser feliz nem para vencer, mas para viver
>> para Deus. Quando vive para Deus é feliz e vence." Isaltino Gomes
>> *
>> *
>> $whoami*
>>
>>     - Perito Forense Computacional
>>     - Pentester
>>     - Esp. em Segurança de Redes de Computadores com enfâse a Perícia
>>     Forense Computacional - FACID
>>     - Bacharel em Ciência da Computação - UESPI
>>     - Administrador de Redes de Computadores
>>     - CCNA Modulo II
>>     - Lattes: *http://lattes.cnpq.br/1591329268136905*
>>
>>
>> Esta mensagem pode conter informações confidenciais e/ou privilegiadas. Se
>> você não for o destinatário ou a pessoa autorizada a receber esta mensagem,
>> não deve usar, copiar ou divulgar as informações nela contida ou tomar
>> qualquer ação baseada nessas informações.
>>
>
>
Hi, I had a similar problem when I tried to add a second DC to my small 
domain, the first DC was using bind 9 and I tried to add the second DC 
with the internal DNS server and it failed very similarly to the OP. I 
had to install bind 9 on the second DC before it would join, I also seem 
to remember somebody else having the same problem.
Does this mean that if are joining another DC, it has to be configured 
like the first DC ?

Rowland

More information about the samba mailing list