[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
Matthew Delfino
mdelfino.list.samba at KNOCKinc.com
Mon Nov 16 02:36:11 UTC 2015
Hello Colleagues and Mentors,
I'm attempting to join a Samba AD DC that I compiled with samba 4.3.1 on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba on Ubuntu 14.04.3, but each of them is running Canonical's pre-compiled Samba package, v4.1.6.
This already-existing domain has had it's schema updated to include Kerio Connect-specific schema (to support our mail server).
When I run the following command as root:
samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan --dns-backend=SAMBA_INTERNAL
I see the following output:
Finding a writeable DC for domain 'mydomain.lan'
Found DC AC-DC10.mydomain.lan
Password for [WORKGROUP\administrator]:
workgroup is MYDOMAIN
realm is mydomain.lan
checking sAMAccountName
Adding CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan
Adding CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
Adding CN=NTDS Settings,CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
Adding SPNs to CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan
Setting account password for AD-DC00$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=mydomain,DC=lan
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[402/1578] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[804/1578] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[1206/1578] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[1578/1578] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=mydomain,DC=lan] objects[402/1688] linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=lan] objects[804/1688] linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1206/1688] linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1608/1688] linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1688/1688] linked_values[45/0]
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=lan] objects[100/100] linked_values[34/0]
Partition[DC=mydomain,DC=lan] objects[502/755] linked_values[0/0]
No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan!
Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan!
: Object class violation
Failed to commit objects: WERR_GENERAL_FAILURE
Join failed - cleaning up
checking sAMAccountName
Deleted CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan
Deleted CN=NTDS Settings,CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
Deleted CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 621, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1183, in join_DC
ctx.do_join()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1088, in do_join
ctx.join_replicate()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 828, in join_replicate
replica_flags=ctx.domain_replica_flags)
File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 257, in replicate
schema=schema, req_level=req_level, req=req)
It appears to me that this initial replication is choking here:
No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan!
This makes me think something about my addition of specialized schema has triggered, or tripped on, a bug somewhere downstream. I searched for strings on the internet with similar warnings and found this conversation between Rowland Penny and Luke Bigum:
https://lists.samba.org/archive/samba/2015-June/192516.html
I'm wondering if I'm in a similar pickle. Could this be the bug I'm hitting?
https://bugzilla.samba.org/show_bug.cgi?id=10973#c8
Any advice on how to get myself out of this, via work-arounds or whatever, would be greatly appreciated. Thank you in advance!
Matthew
©2015 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
More information about the samba
mailing list