[Samba] Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses

Dominic Evans oldmanuk at gmail.com
Fri Jul 4 06:14:48 MDT 2014


The domain was previously at Windows 2003 server level, but was migrated
back in 2012 to Samba 4 when it was released as stable. The domain
functional level was subsequently raised to 2008 R2 using samba-tool.

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

So I presume at this point I cannot join at a lower level because lowest
required is 2008 R2.


On 4 July 2014 12:00, Andrew Bartlett <abartlet at samba.org> wrote:

> On Thu, 2014-07-03 at 13:27 +0100, Dominic Evans wrote:
> > Attempting to connect a second DC to an existing domain:
> >
> > ~# samba-tool domain join mydomain.com DC -UMYDOMAIN/administrator
> > Finding a writeable DC for domain 'mydomain.com'
> > Found DC dc1.mydomain.com
> > Password for [MYDOMAIN\administrator]:
> > workgroup is MYDOMAIN
> > realm is mydomain.com
> > checking sAMAccountName
> > Adding CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com
> > Join failed - cleaning up
> > checking sAMAccountName
> > ERROR(ldb): uncaught exception - LDAP error 65
> LDAP_OBJECT_CLASS_VIOLATION
> > -  <00002014: objectclass_attrs: attribute
> 'msDS-SupportedEncryptionTypes'
> > on entry 'CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com' does not exist
> > in the specified objectclasses!> <>
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> > 175, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 552,
> > in run
> >     machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
> >   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in
> > join_DC
> >     ctx.do_join()
> >   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in
> > do_join
> >     ctx.join_add_objects()
> >   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in
> > join_add_objects
> >     ctx.samdb.add(rec)
> >
> > It appears that there is some problem in the data held in LDAP for the
> > domain. However, the domain is working fine and it is not obvious how I
> > could attempt to fix this? samba-tool dbcheck doesn't appear to find any
> > problems...any thoughts?
>
> What version of Windows or Samba does the existing server use, and what
> version are you joining to, and what function level is the current
> domain?
>
> This looks like a schema issue.  You may wish to join with a lower
> functional level.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT
> http://catalyst.net.nz/services/samba
>
>
>


More information about the samba mailing list