[Samba] Cannot Join Samba 4.1 to an existing Windows 2008 domain as a Backup DC

L.P.H. van Belle belle at bazuin.nl
Wed Feb 5 06:23:59 MST 2014


Still this is strange. 

When i joined my servers ( as backup DC ) in my 2008R2 domain. 
( samba 4.1.3 sernet on debian and ubuntu ) 
even without any acl in my fstab this worked flawless. 

both systems used ext4. 

you missed something im guessing ... look at my howto for ubuntu, change it to you distro commands.. , 
but keep the order do-ing things in the howto. 

( google for "samba4 ubuntu W.I.P." )

Can you try it? 

 
Top link. 

Greetz, 

Louis


>-----Oorspronkelijk bericht-----
>Van: abartlet at samba.org [mailto:samba-bounces at lists.samba.org] 
>Namens Andrew Bartlett
>Verzonden: woensdag 5 februari 2014 9:42
>Aan: Lucas Burdick
>CC: samba at lists.samba.org
>Onderwerp: Re: [Samba] Cannot Join Samba 4.1 to an existing 
>Windows 2008 domain as a Backup DC
>
>On Thu, 2014-01-30 at 11:14 -0800, Lucas Burdick wrote:
>> Hi Everybody,
>>  
>> I'm stumped. I'm pretty sure I've tried everything to get 
>this to work.  I'm trying to join my CentOS 6 server to my 
>Server 2008 AD Domain.  
>>  
>> I'm using SerNet's samba4 packages:
>>  
>> [root at files ~]# samba -V
>> Version 4.1.4-SerNet-RedHat-7.el6
>>  
>> I've done the xattr and acl tests and they all come out just 
>fine. So I don't think it has to do with ACLs but I have no idea.
>>  
>> I'm also getting LDB errors but I have no idea how to fix them.
>>  
>> [root at files ~]# samba-tool domain join MYDOMAIN DC 
>-Uadministrator --realm=MYDOMAIN.COM
>> Finding a writeable DC for domain 'MYDOMAIN'
>> Found DC PSI2.mydomain.com
>> Password for [MYDOMAIN\administrator]:
>> workgroup is MYDOMAIN
>> realm is mydomain.com
>> checking sAMAccountName
>> Adding CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
>> Adding 
>CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
>iguration,DC=mydomain,DC=com
>> Adding CN=NTDS 
>Settings,CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Site
>s,CN=Configuration,DC=mydomain,DC=com
>> Adding SPNs to CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
>> Setting account password for FILES$
>> Enabling account
>> Calling bare provision
>> No IPv6 address will be assigned
>> ldb: module schema_load initialization failed : No such object
>> ldb: module rootdse initialization failed : No such object
>> ldb: module samba_dsdb initialization failed : No such object
>> ldb: Unable to load modules for 
>/var/lib/samba/private/sam.ldb: (null)
>> samdb_connect failed
>> VFS connect failed!
>> Join failed - cleaning up
>> checking sAMAccountName
>> Deleted CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
>> Deleted CN=NTDS 
>Settings,CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Site
>s,CN=Configuration,DC=mydomain,DC=com
>> Deleted 
>CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
>iguration,DC=mydomain,DC=com
>> ERROR(<class 'samba.provision.ProvisioningError'>): uncaught 
>exception - ProvisioningError: Your filesystem or build does 
>not support posix ACLs, which s3fs requires.  Try the mounting 
>the filesystem with the 'acl' option.
>>   File 
>"/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
>line 175, in _run
>>     return self.run(*args, **kwargs)
>>   File 
>"/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", 
>line 552, in run
>>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
>dns_backend=dns_backend)
>>   File "/usr/lib64/python2.6/site-packages/samba/join.py", 
>line 1172, in join_DC
>>     ctx.do_join()
>>   File "/usr/lib64/python2.6/site-packages/samba/join.py", 
>line 1076, in do_join
>>     ctx.join_provision()
>>   File "/usr/lib64/python2.6/site-packages/samba/join.py", 
>line 727, in join_provision
>>     use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend)
>>   File 
>"/usr/lib64/python2.6/site-packages/samba/provision/__init__.py
>", line 2052, in provision
>>     raise ProvisioningError("Your filesystem or build does 
>not support posix ACLs, which s3fs requires.  Try the mounting 
>the filesystem with the 'acl' option.")
>>  
>> Here's what happens when I try to use ntvfs:
>>  
>> [root at files ~]# samba-tool domain join MYDOMAIN DC 
>-Uadministrator --realm=MYDOMAIN.COM --use-ntvfs
>> Finding a writeable DC for domain 'MYDOMAIN'
>> Found DC PSI2.mydomain.com
>> Password for [MYDOMAIN\administrator]:
>> workgroup is MYDOMAIN
>> realm is mydomain.com
>> checking sAMAccountName
>> Adding CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
>> Adding 
>CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
>iguration,DC=mydomain,DC=com
>> Adding CN=NTDS 
>Settings,CN=FILES,CN=Servers,CN=Default-First-Site-Name,CN=Site
>s,CN=Configuration,DC=mydomain,DC=com
>> Adding SPNs to CN=FILES,OU=Domain Controllers,DC=mydomain,DC=com
>> Setting account password for FILES$
>> Enabling account
>> Calling bare provision
>> No IPv6 address will be assigned
>> Bad talloc magic value - unknown value
>> Aborted
>
>If you could run that under gdb as 'gdb
>--args /usr/bin/python /usr/bin/samba-tool domain join MYDOMAIN DC
>-Uadministrator --realm=MYDOMAIN.COM --use-ntvfs' and get me 
>the bt full
>when it crashes, I would be most curious. 
>
>> [root at files ~]# cat /etc/fstab
>>  
>> #
>> # /etc/fstab
>> # Created by anaconda on Wed Sep 25 08:59:45 2013
>> #
>> # Accessible filesystems, by reference, are maintained under 
>'/dev/disk'
>> # See man pages fstab(5), findfs(8), mount(8) and/or 
>blkid(8) for more info
>> #
>> UUID=8db22947-18c7-4b32-880c-1b9349af0420 /                  
>     ext4    defaults,user_xattr,acl,barrier=1        1 1
>> UUID=acca5b8b-374f-47d8-bde5-28db11dc25e0 /boot              
>     ext4    defaults        1 2
>> UUID=8df4a877-87c8-430d-b691-5a2d5445888f /files             
>     ext4    defaults        1 2
>> UUID=6873769d-1c8b-41a2-8703-c14adb434920 swap               
>     swap    defaults        0 0
>> tmpfs                   /dev/shm                tmpfs   
>defaults        0 0
>> devpts                  /dev/pts                devpts  
>gid=5,mode=620  0 0
>> sysfs                   /sys                    sysfs   
>defaults        0 0
>> proc                    /proc                   proc    
>defaults        0 0
>>  
>> 
>> 
>> Can somebody please point me in the right direction?
>
>Remove the private directory and try again.  I think you tried once as
>non-root, and it's got some files and not others owned by your normal
>user, or is in some other half-way state.  Also, I now have patches in
>master that should avoid this happening as often, should you be curious
>to try that. 
>
>Andrew Bartlett
>
>-- 
>Andrew Bartlett                       http://samba.org/~abartlet/
>Authentication Developer, Samba Team  http://samba.org
>Samba Developer, Catalyst IT          
>http://catalyst.net.nz/services/samba
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>



More information about the samba mailing list