[Samba] Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses

Andrew Bartlett abartlet at samba.org
Fri Jul 4 05:00:34 MDT 2014 

On Thu, 2014-07-03 at 13:27 +0100, Dominic Evans wrote:
> Attempting to connect a second DC to an existing domain:
> 
> ~# samba-tool domain join mydomain.com DC -UMYDOMAIN/administrator
> Finding a writeable DC for domain 'mydomain.com'
> Found DC dc1.mydomain.com
> Password for [MYDOMAIN\administrator]:
> workgroup is MYDOMAIN
> realm is mydomain.com
> checking sAMAccountName
> Adding CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com
> Join failed - cleaning up
> checking sAMAccountName
> ERROR(ldb): uncaught exception - LDAP error 65 LDAP_OBJECT_CLASS_VIOLATION
> -  <00002014: objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes'
> on entry 'CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com' does not exist
> in the specified objectclasses!> <>
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552,
> in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in
> join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in
> do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in
> join_add_objects
>     ctx.samdb.add(rec)
> 
> It appears that there is some problem in the data held in LDAP for the
> domain. However, the domain is working fine and it is not obvious how I
> could attempt to fix this? samba-tool dbcheck doesn't appear to find any
> problems...any thoughts?

What version of Windows or Samba does the existing server use, and what
version are you joining to, and what function level is the current
domain?

This looks like a schema issue.  You may wish to join with a lower
functional level.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list