[Samba] Sysprep joins fail on Samba >= 4.2.0

Webmaster IESCDM admies at ieschandomonte.edu.es
Mon Aug 3 14:02:10 UTC 2015 

Isn't anyone around using > 4.2 and SYSPREP with AUTO JOIN?

2015-06-24 10:52 GMT+02:00 Webmaster IESCDM <admies at ieschandomonte.edu.es>:

> Hi,
>
> We have a samba 4.2.2 setup compiled from source, single DC, internal DNS.
> We've been using this samba setup in production since version 4.0.3. All
> clients are Windows 7-x64.
>
> Since we upgraded to samba 4.2.0 back in march 2015, we are not able to
> join client machines to the domain using our sysprep unattended image, but
> joining machines via the manual procedure using the Windows GUI works
> perfectly.
>
> Perhaps we're overlooking something very obvious, but we've done 3+ weeks
> of research on the issue and we've come up to these conclusions:
>
> - samba < 4.2.0: unattended joins using sysprep work OK
>
> - samba >= 4.2.0 unattended joins using sysprep fail. Netsetup.log errors
> 0x54a and 1354 (ERROR_INVALID_DOMAIN_ROLE This operation is only allowed
> for the primary Domain Controller of the domain.)
>
> To discard possible own database corruptions, we've rolled back to our
> past 4.1.17 setup and sysprep domain join works flawlessly. Then we update
> this environment to 4.2.2 and it stops working.
>
> We've also tested pushing all our current databases from our current setup
> (4.2.2) into a 4.1.17 samba and it works!
>
> So it leads us to think it might be a problem with some change introduced
> at 4.2.0
> regarding domain join that only shows up when trying to do unattended
> joins.
>
> In case this is of any help, packet-level research using wireshark shows
> that the only difference between versions that work and those which
> doesn't
> is the following:
>
> - samba < 4.2.0 (works): the RPC_NETL DsrGetDcNameEx2 response returns the
> DC name field as DCSERVER.DOMAIN.LOCAL and the unattended join process
> works OK from that point onwards.
>
> - samba >= 4.2.0 (fails): the DsrGetDcNameEx2 response returns the DC name
> field as
> DCSERVER and the unattended join process doesn't work. It keeps retrying
> that
> DsrGetDcNameEx2 request to no avail.
>
> Are there any changes on 4.2.0 that might point to this failure for
> unattended joins? Joining the domain through the usual GUI procedure in
> Windows 7 works OK using any version.
>
> NB. We are using a .local TLD, and our current fileserver is the same as
> the DC. We missed those recommendations
>
> Thanks in advance for any help
>
> Regards,
>
> IT Team IES Chan do Monte
>
>
>

More information about the samba mailing list