[Samba] Error joining Domain - after first try failed

Dirk Laurenz (Samba Mailinglist Account) samba at laurenz.ws
Tue Mar 25 14:42:21 MDT 2014 

Hi,

yes .91 is the first dc, .92 the second. Bind is running on frist dc as dlz
module, it is version 9.4.
the first join failed due to the missing directory and some entries where
created in the ldb files.
Due to the abort, there are orphan entries. There for I guess, the second
try failes. I want to delete
The wrong entries, but don't know where to look at

-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Rowland Penny
Gesendet: Dienstag, 25. März 2014 19:56
An: samba at lists.samba.org
Betreff: Re: [Samba] Error joining Domain - after first try failed

On 25/03/14 18:33, Dirk Laurenz (Samba Mailinglist Account) wrote:
> Hello,
>
> no problem, i will provide more information:
>
> First DC - Linux samba01 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64 
> GNU/Linux Samba Sernet Debian Packages - Version 
> 4.1.5-SerNet-Debian-7.wheezy Running with bind-dlz
>
> -----------------------------------
> /etc/resolv.conf
> domain local.domain.ws
> nameserver 192.168.2.91
                     ^^^^^^^ Is this the ipaddress of the first samba server
?

> nameserver 8.8.8.8
>
> --------------------------------------
> /etc/krb5.conf
> [libdefaults]
>          default_realm = LOCAL.DOMAIN.WS
>          dns_lookup_realm = false
>          dns_lookup_kdc = true
>
> ---------------------------------------
> # Global parameters
> [global]
>          workgroup = DOMAIN
>          realm = LOCAL.DOMAIN.WS
>          netbios name = SAMBA01
>          server role = active directory domain controller
>          dns forwarder = 8.8.8.8
>          allow dns updates = nonsecure
>          idmap_ldb:use rfc2307 = yes
>          server services = -dns
>          client ldap sasl wrapping = sign

I take it that you didn't provision with --dns-backend=BIND9_DLZ, what
version of bind are you using?

> [netlogon]
>          path = /var/lib/samba/sysvol/local.DOMAIN.ws/scripts
>          read only = No
>
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
>
> Second DC (which has the problem) - Linux samba02 3.10.33+ #658 
> PREEMPT Tue Mar 18 17:35:55 GMT 2014 armv6l GNU/Linux (aka raspberry 
> pi)
> (selfcompiled) - Version 4.1.6
>
> ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc 
> --enable-fhs
AH, you know I had exactly the same problem when I compiled on my rpi (which
actually took a lot longer than it said it would). From your first post you
created /var/lib/samba/private, I just created /var/lib/samba, so it should
work, the only difference that I can see, is that I then provisioned as a
DC, you are trying to join as a DC.
Try altering /etc/resolv.conf to only point to the original DC.

Rowland
> -----------------------------------
> /etc/resolv.conf
> domain local.domain.ws
> nameserver 192.168.2.92
> nameserver 192.168.2.91
> nameserver 8.8.8.8
>
> /etc/krb5.conf and smb.conf will be generated by samba-tool and are 
> not existant at the moment
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org 
> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
> Gesendet: Dienstag, 25. März 2014 13:25
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Error joining Domain - after first try failed
>
> On 25/03/14 12:00, Dirk Domain (Samba Mailinglist Account) wrote:
>> Hello,
>>
>>    
>>
>> i just setup a new samba domain, setting up the second dc failes.
>>
>> I compiled the second dc myself and the first join failed due to a 
>> missing directory (var/lib/samba/private)
>>
>> I created it and the called the join command again...
>>
>>    
>>
>> But now the dc seems to exist, but is not visible in domain tools or 
>> ldbedit. But I get this message.
>>
>> What entry is meant here?
>>
>>    
>>
>> Is the out put of samba-tool domain join..
>>
>>    
>>
>> Finding a writeable DC for domain 'local.domain.ws'
>>
>> Found DC samba01.local.domain.ws
>>
>> workgroup is DOMAIN
>>
>> realm is local.domain.ws
>>
>> checking sAMAccountName
>>
>> Adding CN=SAMBA02,OU=Domain Controllers,DC=local,DC=domain,DC=ws
>>
>> Join failed - cleaning up
>>
>> checking sAMAccountName
>>
>> ERROR(ldb): uncaught exception - LDAP error 68 
>> LDAP_ENTRY_ALREADY_EXISTS -
>> <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index 
>> objectSid in CN=SAMBA02,OU=Domain 
>> Controllers,DC=local,DC=domain,DC=ws
>> -
>> ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in 
>> CN=SAMBA02,OU=Domain Controllers,DC=local,DC=domain,DC=ws - ../l> <>
>>
>>     File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>
>>       return self.run(*args, **kwargs)
>>
>>     File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>> line 552, in run
>>
>>       machinepass=machinepass, use_ntvfs=use_ntvfs,
>> dns_backend=dns_backend)
>>
>>     File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, 
>> in join_DC
>>
>>       ctx.do_join()
>>
>>     File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, 
>> in do_join
>>
>>       ctx.join_add_objects()
>>
>>     File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, 
>> in join_add_objects
>>
>>       ctx.samdb.add(rec)
>>
>>    
>>
>> Thanks a lot.
>>
>>    
>>
>>    
>>
>> Dirk
>>
> I think we are going to need a bit more info here:
> Did you compile samba on the first server yourself ?
> what distro's are you using ?
> what version of samba 4 are you using, are you using the same version 
> on both machines ?
> contents of /etc/resolv.conf, /etc/krb5.conf, smb.conf from both 
> machines
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list