[Samba] Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses

Dominic Evans oldmanuk at gmail.com
Thu Jul 3 06:27:34 MDT 2014

Attempting to connect a second DC to an existing domain:

~# samba-tool domain join mydomain.com DC -UMYDOMAIN/administrator
Finding a writeable DC for domain 'mydomain.com'
Found DC dc1.mydomain.com
Password for [MYDOMAIN\administrator]:
workgroup is MYDOMAIN
realm is mydomain.com
checking sAMAccountName
Adding CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 65 LDAP_OBJECT_CLASS_VIOLATION
-  <00002014: objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes'
on entry 'CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com' does not exist
in the specified objectclasses!> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552,
in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in

It appears that there is some problem in the data held in LDAP for the
domain. However, the domain is working fine and it is not obvious how I
could attempt to fix this? samba-tool dbcheck doesn't appear to find any
problems...any thoughts?


More information about the samba mailing list