[Samba] Unable to join new domain controller to Samba4 domain

Alex Ferrara alex at receptiveit.com.au
Tue Sep 9 22:09:55 MDT 2014 

Hi folks,

Everything is working great and I am not having any issues with the three domain controllers that I currently have set up. We are migrating from Puppet to Ansible for configuration management, and I decided to create a playbook that will do all the things necessary to set up a DC and join the domain. I have found that in the domain joining process, an error stops replication from happening, and therefore stops the join. Replication to the currently joined servers is working fine, as reported by "samba-tool drs showrepl"

In the past, I extended the Samba4 schema to allow for our groupware SOGo server to load calendar resources from AD (http://wiki.sogo.nu/ResourceConfiguration). This did not cause me any grief at the time, but the object that is generating the errors is one of the calendar resources that I have created.

Below is the output from the attempted domain join

# samba-tool domain join hq.domain.com.au DC -Uadministrator --realm=hq.achievecorp.com.au --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'hq.domain.com.au'
Found DC zeus.hq.domain.com.au
Password for [DOMAIN\administrator]:
workgroup is DOMAIN
realm is hq.domain.com.au
checking sAMAccountName
Adding CN=SERVER,OU=Domain Controllers,DC=hq,DC=domain,DC=com,DC=au
Adding CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au
Adding CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au
Adding SPNs to CN=SERVER,OU=Domain Controllers,DC=hq,DC=domain,DC=com,DC=au
Setting account password for SERVER$
Enabling account
Adding DNS account CN=dns-SERVER,CN=Users,DC=hq,DC=domain,DC=com,DC=au with dns/ SPN
Setting account password for dns-SERVER
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=hq,DC=domain,DC=com,DC=au
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[402/2383] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[804/2383] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[1206/2383] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[1608/2383] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[2010/2383] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[2383/2383] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[402/1634] linked_values[0/0]
Partition[CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[804/1634] linked_values[0/0]
Partition[CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[1206/1634] linked_values[0/0]
Partition[CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[1608/1634] linked_values[0/0]
Partition[CN=Configuration,DC=hq,DC=domain,DC=com,DC=au] objects[1634/1634] linked_values[48/0]
Replicating critical objects from the base DN of the domain
Partition[DC=hq,DC=domain,DC=com,DC=au] objects[103/103] linked_values[34/0]
Partition[DC=hq,DC=domain,DC=com,DC=au] objects[505/543] linked_values[0/0]
Partition[DC=hq,DC=domain,DC=com,DC=au] objects[646/543] linked_values[389/0]
No objectClass found in replPropertyMetaData for CN=Wealth Room,OU=Resources,OU=Users,OU=Site,DC=hq,DC=domain,DC=com,DC=au!

Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: No objectClass found in replPropertyMetaData for CN=Wealth Room,OU=Resources,OU=Users,OU=Site,DC=hq,DC=domain,DC=com,DC=au!�: Object class violation
Failed to commit objects: WERR_GENERAL_FAILURE
Join failed - cleaning up
checking sAMAccountName
Deleted CN=SERVER,OU=Domain Controllers,DC=hq,DC=domain,DC=com,DC=au
Deleted CN=dns-SERVER,CN=Users,DC=hq,DC=domain,DC=com,DC=au
Deleted CN=NTDS Settings,CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au
Deleted CN=SERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hq,DC=domain,DC=com,DC=au
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 555, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1077, in do_join
    ctx.join_replicate()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 817, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 256, in replicate
    schema=schema, req_level=req_level, req=req)


Alex Ferrara
Director
Receptive IT Solutions

P 0403 604 604
F (02) 4822 7700
E alex at receptiveit.com.au
W www.receptiveit.com.au

More information about the samba mailing list