[Samba] adding samba to win2008Rd domain as DC

L.P.H. van Belle belle at bazuin.nl
Wed Oct 23 02:43:11 MDT 2013 

Hai. 
 
Im trying to add my samba to a win 2008R2 domain. 
 
Im following howto, but its not clear.  
 
what i did already. 
did read ( and follow http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC ) 
1 installed samba and its packages, ( sernet samba is used ) 
( apt-get install sernet-samba-ad , extra are installed also ) 
samba -V gives :  Version 4.0.10-SerNet-Ubuntu-6.precise  
 
kinit and klist output is ok. 
klist output: 
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at MYDOMAIN.LAN
Valid starting    Expires           Service principal
23/10/2013 10:13  23/10/2013 20:13  krbtgt/MYDOMAIN.LAN at MYDOMAIN.LAN
        renew until 24/10/2013 10:13

my readonly dns servers are in the /etc/resolve.conf   ( and these servers have a copy of my domain, bind based and is ok ) 
So, im followin howto and now at point join as a DC. 
 
here:   Since samba4 rc2 the internal DNS server is default. If you want to join this or a higher version with using BIND as DNS backend, use the following command: 
# samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan --dns-backend=BIND9_DLZ

but, first.. BIND as DNS.. setup. check.  http://wiki.samba.org/index.php/Dns-backend_bind 
using bind9.8 , as it states.  
During provisioning/upgrading, a file ('/usr/local/samba/private/named.conf') was created, that must be included in your Bind named.conf: 
 
i have these three files : 
/usr/share/samba/setup/named.conf
/usr/share/samba/setup/named.conf.dlz
/usr/share/samba/setup/named.conf.update

when i look in   /usr/share/samba/setup/named.conf  : ( is see variables not filled in, and thats correct, since no providioning done yet. ) 
 
# This file should be included in your main BIND configuration file
#
# For example with
# include "${NAMED_CONF}";
 
zone "${DNSDOMAIN}." IN {
        type master;
        file "${ZONE_FILE}";
        /*
         * the list of principals and what they can change is created
         * dynamically by Samba, based on the membership of the domain controllers
         * group. The provision just creates this file as an empty file.
         */
        include "${NAMED_CONF_UPDATE}";
 
        /* we need to use check-names ignore so _msdcs A records can be created */
        check-names ignore;
};

BUT WAIT ! 
the howto says... 

During provisioning/upgrading, a file ('/usr/local/samba/private/named.conf') was created, that must be included in your Bind named.conf: 

still no provisioning done, im in a loop of howtos.... 

any suggestions ? 
 
So, im at point http://wiki.samba.org/index.php/Dns-backend_bind 
Configuring Bind as Samba Active Directory backend 

include "/usr/local/samba/private/named.conf"; ( i know this file is located after provisioning in /var/lib/samba/private for sernet samba. ) 

and i need some help. following the howtos is not helping me. :-(( 
this is the error i get.

root at ms249-lin-007:/etc# samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'mydomain.lan'
Found DC MS249-DB-001.mydomain.lan
Password for [WORKGROUP\administrator]:
workgroup is MYDOMAIN
realm is mydomain.lan
checking sAMAccountName
Adding CN=MS249-LIN-007,OU=Domain Controllers,DC=mydomain,DC=lan
Adding CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
Adding CN=NTDS Settings,CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
Adding SPNs to CN=MS249-LIN-007,OU=Domain Controllers,DC=mydomain,DC=lan
Setting account password for MS249-LIN-007$
Enabling account
Adding DNS account CN=dns-MS249-LIN-007,CN=Users,DC=mydomain,DC=lan with dns/ SPN
Join failed - cleaning up
checking sAMAccountName
Deleted CN=MS249-LIN-007,OU=Domain Controllers,DC=mydomain,DC=lan
Deleted CN=NTDS Settings,CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
Deleted CN=MS249-LIN-007,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  <0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0
> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1169, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1072, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 616, in join_add_objects
    ctx.samdb.add(msg)


someone any sugestions? 

 

Thanks, 

Louis

More information about the samba mailing list