[Samba] Can't join Samba as a DC to an existing Domain

L.P.H. van Belle belle at bazuin.nl
Wed Jun 17 03:18:53 MDT 2015 

ai.. this does not look ok to me.
 
ERROR(ldb): uncaught exception - Indexed and full searches both failed! 
I hope you have a good backup, without this error.. 
 
please read : 
https://lists.samba.org/archive/samba/2014-July/182966.html 
 
I cant help you as of this point.. sorry for that. 
i think you need support of a developer. 
 
Greetz, 
 
Louis
 
 

Van: Sarah Lee [mailto:sarah.leecb at gmail.com] 
Verzonden: woensdag 17 juni 2015 10:41
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Can't join Samba as a DC to an existing Domain



tq for reply, 

currently our samba not run smoothly, i suspect some ldb corrupted..


////////////////////////////////////////////////////////////////////////////////////////////////
samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS Settings,CN=SOGOSAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=melaka,DC=gov
RidAllocationMasterRole owner: CN=NTDS Settings,CN=SOGOSAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=melaka,DC=gov
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=SOGOSAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=melaka,DC=gov
DomainNamingMasterRole owner: CN=NTDS Settings,CN=SOGOSAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=melaka,DC=gov
SchemaMasterRole owner: CN=NTDS Settings,CN=SOGOSAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=melaka,DC=gov

////////////////////////////////////////////////////////////////////////////////////////////////


i run this command:


/////////////////////////////////////////////////////////////////////////////////////////////////
samba-tool dbcheck --cross-ncs ltdb: tdb(/var/lib/samba4/private/sam.ldb.d/DC=DOMAINDNSZONES,DC=MELAKA,DC=GOV.ldb): tdb_rec_read bad magic 0xd9fee666 at offset=9283212


ERROR(ldb): uncaught exception - Indexed and full searches both failed!


  File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/dbcheck.py", line 117, in run
    controls=controls, attrs=attrs)
  File "/usr/lib64/python2.6/site-packages/samba/dbchecker.py", line 71, in check_database
    res = self.samdb.search(base=DN, scope=scope, attrs=['dn'], controls=controls)
///////////////////////////////////////////////////////////////////////////////////////////



On Wed, Jun 17, 2015 at 2:26 PM, L.P.H. van Belle <belle at bazuin.nl> wrote:
Hai Sarah,
 
ok, this wil be a hard one for me since i dont have any redhat/centos os here.
ok, first, make sure that the DC with FSMO roles its database is checked and ok.
 
can you run :
samba-tool dbcheck --cross-ncs
 
i've seen and old bug report, but no solution there.
And can you try to install a higher non sogo samba version. samba 4.0.1 is a bit old.
if you switch to debian or ubuntu you can run sogo with samba 4.1.18
 
 
Greetz,
 
Louis
 


Van: Sarah Lee [mailto:sarah.leecb at gmail.com]
Verzonden: dinsdag 16 juni 2015 15:15
Aan: L.P.H. van Belle
Onderwerp: Re: Can't join Samba as a DC to an existing Domain



Tq for reply.. We use centos. 6.5 , package samba version 4.0.1 sogo repo.

Already remove smb.conf and rejoin but still stuck.

On Tuesday, June 16, 2015, L.P.H. van Belle <belle at bazuin.nl> wrote:
can you provide more info.

like:
OS running?
samba version?
Samba package or from source?

samba AD DC version and OS?

If there is and smb.conf when you join, remove it or rename it and try joining again.


Greetz,

Louis


>-----Oorspronkelijk bericht-----
>Van: sarah.leecb at gmail.com
>[mailto:samba-bounces at lists.samba.org] Namens Sarah Lee
>Verzonden: maandag 15 juni 2015 23:17
>Aan: samba at lists.samba.org
>Onderwerp: [Samba] Can't join Samba as a DC to an existing Domain
>
>Hello all,
>
>we follow
>https://wiki.samba.org/index.php/Join_a_domain_as_a_DC to join
>samba as a DC but fail. below is our error. we need your advice
>
>///////////////////////////////////////////////////////////////
>/////////////////////////////////////////
>samba-tool domain join MELAKA.GOV DC -Uadministrator --realm=MELAKA.GOV
>--dns-backend=BIND9_DLZ
>Finding a writeable DC for domain 'MELAKA.GOV'
>Found DC sogosamba.melaka.gov
>Password for [MELAKA\administrator]:
>Password for [MELAKA\administrator]:
>workgroup is MELAKA
>realm is melaka.gov
>checking sAMAccountName
>Adding CN=SOGOSAMBAREP,OU=Domain Controllers,DC=melaka,DC=gov
>Adding
>CN=SOGOSAMBAREP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=melaka,DC=gov
>Adding CN=NTDS
>Settings,CN=SOGOSAMBAREP,CN=Servers,CN=Default-First-Site-Name,
CN=Sites,CN=Configuration,DC=melaka,DC=gov
>Adding SPNs to CN=SOGOSAMBAREP,OU=Domain Controllers,DC=melaka,DC=gov
>Setting account password for SOGOSAMBAREP$
>Enabling account
>Calling bare provision
>Provision OK for domain DN DC=melaka,DC=gov
>Starting replication
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[402/2620]
>linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[804/2620]
>linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[1206/2620]
>linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[1608/2620]
>linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[2010/2620]
>linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[2412/2620]
>linked_values[0/0]
>Schema-DN[CN=Schema,CN=Configuration,DC=melaka,DC=gov]
>objects[2620/2620]
>linked_values[0/0]
>Analyze and apply schema objects
>Partition[CN=Configuration,DC=melaka,DC=gov] objects[402/1748]
>linked_values[0/0]
>Partition[CN=Configuration,DC=melaka,DC=gov] objects[804/1748]
>linked_values[0/0]
>Partition[CN=Configuration,DC=melaka,DC=gov] objects[1206/1748]
>linked_values[0/0]
>Partition[CN=Configuration,DC=melaka,DC=gov] objects[1608/1748]
>linked_values[0/0]
>Partition[CN=Configuration,DC=melaka,DC=gov] objects[1748/1748]
>linked_values[24/0]
>Replicating critical objects from the base DN of the domain
>Partition[DC=melaka,DC=gov] objects[97/97] linked_values[55/0]
>Partition[DC=melaka,DC=gov] objects[499/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[901/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[1303/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[1705/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[2107/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[2509/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[2911/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[3313/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[3715/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[4117/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[4519/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[4921/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[5323/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[5725/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[6127/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[6529/29898] linked_values[0/0]
>Partition[DC=melaka,DC=gov] objects[6931/29898] linked_values[0/0]
>Join failed - cleaning up
>checking sAMAccountName
>Deleted CN=SOGOSAMBAREP,OU=Domain Controllers,DC=melaka,DC=gov
>Deleted CN=NTDS
>Settings,CN=SOGOSAMBAREP,CN=Servers,CN=Default-First-Site-Name,
CN=Sites,CN=Configuration,DC=melaka,DC=gov
>Deleted
>CN=SOGOSAMBAREP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=melaka,DC=gov
>ERROR(runtime): uncaught exception - (8437,
>'WERR_DS_DRA_INVALID_PARAMETER')
>  File
>"/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line
>175, in _run
>    return self.run(*args, **kwargs)
>  File
>"/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
>552, in run
>    machinepass=machinepass, use_ntvfs=use_ntvfs,
>dns_backend=dns_backend)
>  File "/usr/lib64/python2.6/site-packages/samba/join.py",
>line 1104, in
>join_DC
>    ctx.do_join()
>  File "/usr/lib64/python2.6/site-packages/samba/join.py",
>line 1009, in
>do_join
>    ctx.join_replicate()
>  File "/usr/lib64/python2.6/site-packages/samba/join.py", line 748, in
>join_replicate
>    replica_flags=ctx.domain_replica_flags)
>  File
>"/usr/lib64/python2.6/site-packages/samba/drs_utils.py", line 248,
>in replicate
>    (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
>req_level, req)
>///////////////////////////////////////////////////////////////
>////////////////////////////////////////
>--
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>
>

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list