[Samba] Error joining Domain - after first try failed

Rowland Penny rowlandpenny at googlemail.com
Tue Mar 25 15:05:47 MDT 2014


On 25/03/14 20:42, Dirk Laurenz (Samba Mailinglist Account) wrote:
> Hi,
>
> yes .91 is the first dc, .92 the second. Bind is running on frist dc as dlz
> module, it is version 9.4.
I hope you mean 9.9.4 ;-)

> the first join failed due to the missing directory and some entries where
> created in the ldb files.
> Due to the abort, there are orphan entries. There for I guess, the second
> try failes. I want to delete
> The wrong entries, but don't know where to look at
Try deleting /var/lib/samba and then recreate it, if there is a smb.conf 
anywhere, remove or rename it, then run the join again.

Rowland

> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
> Auftrag von Rowland Penny
> Gesendet: Dienstag, 25. März 2014 19:56
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Error joining Domain - after first try failed
>
> On 25/03/14 18:33, Dirk Laurenz (Samba Mailinglist Account) wrote:
>> Hello,
>>
>> no problem, i will provide more information:
>>
>> First DC - Linux samba01 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64
>> GNU/Linux Samba Sernet Debian Packages - Version
>> 4.1.5-SerNet-Debian-7.wheezy Running with bind-dlz
>>
>> -----------------------------------
>> /etc/resolv.conf
>> domain local.domain.ws
>> nameserver 192.168.2.91
>                       ^^^^^^^ Is this the ipaddress of the first samba server
> ?
>
>> nameserver 8.8.8.8
>>
>> --------------------------------------
>> /etc/krb5.conf
>> [libdefaults]
>>           default_realm = LOCAL.DOMAIN.WS
>>           dns_lookup_realm = false
>>           dns_lookup_kdc = true
>>
>> ---------------------------------------
>> # Global parameters
>> [global]
>>           workgroup = DOMAIN
>>           realm = LOCAL.DOMAIN.WS
>>           netbios name = SAMBA01
>>           server role = active directory domain controller
>>           dns forwarder = 8.8.8.8
>>           allow dns updates = nonsecure
>>           idmap_ldb:use rfc2307 = yes
>>           server services = -dns
>>           client ldap sasl wrapping = sign
> I take it that you didn't provision with --dns-backend=BIND9_DLZ, what
> version of bind are you using?
>
>> [netlogon]
>>           path = /var/lib/samba/sysvol/local.DOMAIN.ws/scripts
>>           read only = No
>>
>> [sysvol]
>>           path = /var/lib/samba/sysvol
>>           read only = No
>>
>> Second DC (which has the problem) - Linux samba02 3.10.33+ #658
>> PREEMPT Tue Mar 18 17:35:55 GMT 2014 armv6l GNU/Linux (aka raspberry
>> pi)
>> (selfcompiled) - Version 4.1.6
>>
>> ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
>> --enable-fhs
> AH, you know I had exactly the same problem when I compiled on my rpi (which
> actually took a lot longer than it said it would). From your first post you
> created /var/lib/samba/private, I just created /var/lib/samba, so it should
> work, the only difference that I can see, is that I then provisioned as a
> DC, you are trying to join as a DC.
> Try altering /etc/resolv.conf to only point to the original DC.
>
> Rowland
>> -----------------------------------
>> /etc/resolv.conf
>> domain local.domain.ws
>> nameserver 192.168.2.92
>> nameserver 192.168.2.91
>> nameserver 8.8.8.8
>>
>> /etc/krb5.conf and smb.conf will be generated by samba-tool and are
>> not existant at the moment
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
>> Gesendet: Dienstag, 25. März 2014 13:25
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] Error joining Domain - after first try failed
>>
>> On 25/03/14 12:00, Dirk Domain (Samba Mailinglist Account) wrote:
>>> Hello,
>>>
>>>     
>>>
>>> i just setup a new samba domain, setting up the second dc failes.
>>>
>>> I compiled the second dc myself and the first join failed due to a
>>> missing directory (var/lib/samba/private)
>>>
>>> I created it and the called the join command again...
>>>
>>>     
>>>
>>> But now the dc seems to exist, but is not visible in domain tools or
>>> ldbedit. But I get this message.
>>>
>>> What entry is meant here?
>>>
>>>     
>>>
>>> Is the out put of samba-tool domain join..
>>>
>>>     
>>>
>>> Finding a writeable DC for domain 'local.domain.ws'
>>>
>>> Found DC samba01.local.domain.ws
>>>
>>> workgroup is DOMAIN
>>>
>>> realm is local.domain.ws
>>>
>>> checking sAMAccountName
>>>
>>> Adding CN=SAMBA02,OU=Domain Controllers,DC=local,DC=domain,DC=ws
>>>
>>> Join failed - cleaning up
>>>
>>> checking sAMAccountName
>>>
>>> ERROR(ldb): uncaught exception - LDAP error 68
>>> LDAP_ENTRY_ALREADY_EXISTS -
>>> <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
>>> objectSid in CN=SAMBA02,OU=Domain
>>> Controllers,DC=local,DC=domain,DC=ws
>>> -
>>> ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in
>>> CN=SAMBA02,OU=Domain Controllers,DC=local,DC=domain,DC=ws - ../l> <>
>>>
>>>      File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>> line 175, in _run
>>>
>>>        return self.run(*args, **kwargs)
>>>
>>>      File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>>> line 552, in run
>>>
>>>        machinepass=machinepass, use_ntvfs=use_ntvfs,
>>> dns_backend=dns_backend)
>>>
>>>      File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172,
>>> in join_DC
>>>
>>>        ctx.do_join()
>>>
>>>      File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075,
>>> in do_join
>>>
>>>        ctx.join_add_objects()
>>>
>>>      File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515,
>>> in join_add_objects
>>>
>>>        ctx.samdb.add(rec)
>>>
>>>     
>>>
>>> Thanks a lot.
>>>
>>>     
>>>
>>>     
>>>
>>> Dirk
>>>
>> I think we are going to need a bit more info here:
>> Did you compile samba on the first server yourself ?
>> what distro's are you using ?
>> what version of samba 4 are you using, are you using the same version
>> on both machines ?
>> contents of /etc/resolv.conf, /etc/krb5.conf, smb.conf from both
>> machines
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



More information about the samba mailing list