[Samba] Error joining Domain - after first try failed

samba at laurenz.ws samba at laurenz.ws
Wed Mar 26 06:38:35 MDT 2014 

there's no CN=SAMBA02, i tried this instead:

root at samba01:~# ldapsearch -x -h 127.0.0.1 -b "OU=Domain  
Controllers,DC=local,DC=laurenz,DC=ws" -D  
CN=Administrator,CN=Users,DC=local,DC=laurenz,DC=ws -w
# extended LDIF
#
# LDAPv3
# base <OU=Domain Controllers,DC=local,DC=laurenz,DC=ws> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# RID Set, SAMBA01, Domain Controllers, local.laurenz.ws
dn: CN=RID Set,CN=SAMBA01,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws
objectClass: top
objectClass: rIDSet
cn: RID Set
instanceType: 4
whenCreated: 20140313062527.0Z
whenChanged: 20140313062527.0Z
uSNCreated: 3584
uSNChanged: 3584
showInAdvancedViewOnly: TRUE
name: RID Set
objectGUID:: wUhY6IBgiEOF5NggI+IZaA==
rIDAllocationPool: 6867652707404
rIDPreviousAllocationPool: 6867652707404
rIDUsedPool: 0
objectCategory: CN=RID-Set,CN=Schema,CN=Configuration,DC=local,DC=laurenz,DC=w
  s
rIDNextRID: 1105
distinguishedName: CN=RID Set,CN=SAMBA01,OU=Domain Controllers,DC=local,DC=lau
  renz,DC=ws

# SAMBA01, Domain Controllers, local.laurenz.ws
dn: CN=SAMBA01,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
cn: SAMBA01
instanceType: 4
whenCreated: 20140313062527.0Z
uSNCreated: 3583
name: SAMBA01
objectGUID:: o44amXtC902aVA8UiYg5cQ==
userAccountControl: 532480
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
localPolicyFlags: 0
pwdLastSet: 130391655270000000
primaryGroupID: 516
objectSid:: AQUAAAAAAAUVAAAAUIJInqoCGgrd7s866AMAAA==
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: SAMBA01$
sAMAccountType: 805306369
operatingSystem: Samba
operatingSystemVersion: 4.1.5-SerNet-Debian-7.wheezy
dNSHostName: samba01.local.laurenz.ws
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=local,DC=laurenz,DC=
  ws
isCriticalSystemObject: TRUE
rIDSetReferences: CN=RID Set,CN=SAMBA01,OU=Domain Controllers,DC=local,DC=laur
  enz,DC=ws
serverReferenceBL: CN=SAMBA01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C
  N=Configuration,DC=local,DC=laurenz,DC=ws
msDS-SupportedEncryptionTypes: 31
servicePrincipalName: HOST/samba01.local.laurenz.ws
servicePrincipalName: HOST/samba01.local.laurenz.ws/LAURENZ
servicePrincipalName: ldap/samba01.local.laurenz.ws/LAURENZ
servicePrincipalName: GC/samba01.local.laurenz.ws/local.laurenz.ws
servicePrincipalName: ldap/samba01.local.laurenz.ws
servicePrincipalName: HOST/samba01.local.laurenz.ws/local.laurenz.ws
servicePrincipalName: ldap/samba01.local.laurenz.ws/local.laurenz.ws
servicePrincipalName: HOST/SAMBA01
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/90def2ae-0c56-4670-
  96ef-e7f886f260a6/local.laurenz.ws
servicePrincipalName: ldap/90def2ae-0c56-4670-96ef-e7f886f260a6._msdcs.local.l
  aurenz.ws
servicePrincipalName: ldap/SAMBA01
servicePrincipalName: RestrictedKrbHost/SAMBA01
servicePrincipalName: RestrictedKrbHost/samba01.local.laurenz.ws
servicePrincipalName: ldap/samba01.local.laurenz.ws/DomainDnsZones.local.laure
  nz.ws
servicePrincipalName: ldap/samba01.local.laurenz.ws/ForestDnsZones.local.laure
  nz.ws
whenChanged: 20140313075707.0Z
uSNChanged: 3769
distinguishedName: CN=SAMBA01,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws

# Domain Controllers, local.laurenz.ws
dn: OU=Domain Controllers,DC=local,DC=laurenz,DC=ws
objectClass: top
objectClass: organizationalUnit
ou: Domain Controllers
description: Default container for domain controllers
instanceType: 4
whenCreated: 20140313062527.0Z
whenChanged: 20140313062527.0Z
uSNCreated: 3378
uSNChanged: 3378
showInAdvancedViewOnly: FALSE
name: Domain Controllers
objectGUID:: IAGdaBl9KkS1r8zriWEH/w==
systemFlags: -1946157056
objectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=local,DC=
  laurenz,DC=ws
isCriticalSystemObject: TRUE
gPLink: [LDAP://CN={6AC1786C-016F-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
  m,DC=local,DC=laurenz,DC=ws;0]
distinguishedName: OU=Domain Controllers,DC=local,DC=laurenz,DC=ws

# search result
search: 2
result: 0 Success

# numResponses: 4
# numEntries: 3
root at samba01:~#



Zitat von Rowland Penny <rowlandpenny at googlemail.com>:

> On 26/03/14 05:36, Dirk Laurenz (Samba Mailinglist Account) wrote:
>> As the problem still exists, there must be an orphan entry on the first
>> dc.... but I can't find it...
>>
>> Finding a writeable DC for domain 'local.laurenz.ws'
>> Found DC samba01.local.laurenz.ws
>> workgroup is LAURENZ
>> realm is local.laurenz.ws
>> checking sAMAccountName
>> Adding CN=SAMBA02,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws
>> Join failed - cleaning up
>> checking sAMAccountName
>> ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -
>
> I think the problem is that the entry for the second DC already exists in AD
>
> Try searching in AD on the original DC:
>
> ldapsearch -x -h 127.0.0.1 -b "CN=SAMBA02,OU=Domain  
> Controllers,DC=local,DC=laurenz,DC=ws" -D  
> CN=Administrator,CN=Users,DC=local,DC=laurenz,DC=ws -w  
> <yoursamba4password>
>
> Report back with the results
>
> Rowland
>
>> <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid
>> in CN=SAMBA02,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws -
>> ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in
>> CN=SAMBA02,OU=Domain Controllers,DC=local,DC=laurenz,DC=ws> <>
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552,
>> in run
>>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in
>> join_DC
>>     ctx.do_join()
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in
>> do_join
>>     ctx.join_add_objects()
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in
>> join_add_objects
>>     ctx.samdb.add(rec)
>>
>> I guess objectSID seems to be the problem, that at the first try it was
>> taken but not cleaned up.... and at the second try isn't available anymore
>>
>>

More information about the samba mailing list