[Samba] Error joining Domain - after first try failed
Dirk Laurenz (Samba Mailinglist Account)
samba at laurenz.ws
Tue Mar 25 23:30:21 MDT 2014
The problem remains..
root at samba02:~# samba-tool domain join local.laurenz.ws DC -U administrator
--password='$11pisaX%'
Finding a writeable DC for domain 'local.laurenz.ws'
Found DC samba01.local.laurenz.ws
workgroup is LAURENZ
realm is local.laurenz.ws
checking sAMAccountName
Adding CN=SAMBA02,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -
<00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid
in CN=SAMBA02,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws -
../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in
CN=SAMBA02,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws> <>
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552,
in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in
do_join
ctx.join_add_objects()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in
join_add_objects
ctx.samdb.add(rec)
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im
Auftrag von Rowland Penny
Gesendet: Dienstag, 25. März 2014 22:06
An: samba at lists.samba.org
Betreff: Re: [Samba] Error joining Domain - after first try failed
On 25/03/14 20:42, Dirk Laurenz (Samba Mailinglist Account) wrote:
> Hi,
>
> yes .91 is the first dc, .92 the second. Bind is running on frist dc
> as dlz module, it is version 9.4.
I hope you mean 9.9.4 ;-)
> the first join failed due to the missing directory and some entries
> where created in the ldb files.
> Due to the abort, there are orphan entries. There for I guess, the
> second try failes. I want to delete The wrong entries, but don't know
> where to look at
Try deleting /var/lib/samba and then recreate it, if there is a smb.conf
anywhere, remove or rename it, then run the join again.
Rowland
> -----Ursprüngliche Nachricht-----
> Von: samba-bounces at lists.samba.org
> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
> Gesendet: Dienstag, 25. März 2014 19:56
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Error joining Domain - after first try failed
>
> On 25/03/14 18:33, Dirk Laurenz (Samba Mailinglist Account) wrote:
>> Hello,
>>
>> no problem, i will provide more information:
>>
>> First DC - Linux samba01 3.2.0-4-amd64 #1 SMP Debian 3.2.54-2 x86_64
>> GNU/Linux Samba Sernet Debian Packages - Version
>> 4.1.5-SerNet-Debian-7.wheezy Running with bind-dlz
>>
>> -----------------------------------
>> /etc/resolv.conf
>> domain local.domain.ws
>> nameserver 192.168.2.91
> ^^^^^^^ Is this the ipaddress of the first samba
> server ?
>
>> nameserver 8.8.8.8
>>
>> --------------------------------------
>> /etc/krb5.conf
>> [libdefaults]
>> default_realm = LOCAL.DOMAIN.WS
>> dns_lookup_realm = false
>> dns_lookup_kdc = true
>>
>> ---------------------------------------
>> # Global parameters
>> [global]
>> workgroup = DOMAIN
>> realm = LOCAL.DOMAIN.WS
>> netbios name = SAMBA01
>> server role = active directory domain controller
>> dns forwarder = 8.8.8.8
>> allow dns updates = nonsecure
>> idmap_ldb:use rfc2307 = yes
>> server services = -dns
>> client ldap sasl wrapping = sign
> I take it that you didn't provision with --dns-backend=BIND9_DLZ, what
> version of bind are you using?
>
>> [netlogon]
>> path = /var/lib/samba/sysvol/local.DOMAIN.ws/scripts
>> read only = No
>>
>> [sysvol]
>> path = /var/lib/samba/sysvol
>> read only = No
>>
>> Second DC (which has the problem) - Linux samba02 3.10.33+ #658
>> PREEMPT Tue Mar 18 17:35:55 GMT 2014 armv6l GNU/Linux (aka raspberry
>> pi)
>> (selfcompiled) - Version 4.1.6
>>
>> ./configure --prefix=/usr --localstatedir=/var --sysconfdir=/etc
>> --enable-fhs
> AH, you know I had exactly the same problem when I compiled on my rpi
> (which actually took a lot longer than it said it would). From your
> first post you created /var/lib/samba/private, I just created
> /var/lib/samba, so it should work, the only difference that I can see,
> is that I then provisioned as a DC, you are trying to join as a DC.
> Try altering /etc/resolv.conf to only point to the original DC.
>
> Rowland
>> -----------------------------------
>> /etc/resolv.conf
>> domain local.domain.ws
>> nameserver 192.168.2.92
>> nameserver 192.168.2.91
>> nameserver 8.8.8.8
>>
>> /etc/krb5.conf and smb.conf will be generated by samba-tool and are
>> not existant at the moment
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org
>> [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland Penny
>> Gesendet: Dienstag, 25. März 2014 13:25
>> An: samba at lists.samba.org
>> Betreff: Re: [Samba] Error joining Domain - after first try failed
>>
>> On 25/03/14 12:00, Dirk Domain (Samba Mailinglist Account) wrote:
>>> Hello,
>>>
>>>
>>>
>>> i just setup a new samba domain, setting up the second dc failes.
>>>
>>> I compiled the second dc myself and the first join failed due to a
>>> missing directory (var/lib/samba/private)
>>>
>>> I created it and the called the join command again...
>>>
>>>
>>>
>>> But now the dc seems to exist, but is not visible in domain tools or
>>> ldbedit. But I get this message.
>>>
>>> What entry is meant here?
>>>
>>>
>>>
>>> Is the out put of samba-tool domain join..
>>>
>>>
>>>
>>> Finding a writeable DC for domain 'local.domain.ws'
>>>
>>> Found DC samba01.local.domain.ws
>>>
>>> workgroup is DOMAIN
>>>
>>> realm is local.domain.ws
>>>
>>> checking sAMAccountName
>>>
>>> Adding CN=SAMBA02,OU=Domain Controllers,DC=local,DC=domain,DC=ws
>>>
>>> Join failed - cleaning up
>>>
>>> checking sAMAccountName
>>>
>>> ERROR(ldb): uncaught exception - LDAP error 68
>>> LDAP_ENTRY_ALREADY_EXISTS -
>>> <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
>>> objectSid in CN=SAMBA02,OU=Domain
>>> Controllers,DC=local,DC=domain,DC=ws
>>> -
>>> ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in
>>> CN=SAMBA02,OU=Domain Controllers,DC=local,DC=domain,DC=ws - ../l> <>
>>>
>>> File
>>> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>> line 175, in _run
>>>
>>> return self.run(*args, **kwargs)
>>>
>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>>> line 552, in run
>>>
>>> machinepass=machinepass, use_ntvfs=use_ntvfs,
>>> dns_backend=dns_backend)
>>>
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line
>>> 1172, in join_DC
>>>
>>> ctx.do_join()
>>>
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line
>>> 1075, in do_join
>>>
>>> ctx.join_add_objects()
>>>
>>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line
>>> 515, in join_add_objects
>>>
>>> ctx.samdb.add(rec)
>>>
>>>
>>>
>>> Thanks a lot.
>>>
>>>
>>>
>>>
>>>
>>> Dirk
>>>
>> I think we are going to need a bit more info here:
>> Did you compile samba on the first server yourself ?
>> what distro's are you using ?
>> what version of samba 4 are you using, are you using the same version
>> on both machines ?
>> contents of /etc/resolv.conf, /etc/krb5.conf, smb.conf from both
>> machines
>>
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list