[Samba] Join an additional Samba DC to an existing Active Directory

Rowland Penny rpenny at samba.org
Thu Aug 25 10:24:45 UTC 2016 

On Thu, 25 Aug 2016 12:03:30 +0200
basti via samba <samba at lists.samba.org> wrote:

> Hello,
> I try to add a BDC to my AD using this Howto
> https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#Preparing_the_host_for_the_domain_join
> 
> host -t A pdc.kes.local
> pdc.kes.local has address 192.168.122.2
> 
> ldapsearch -h pdc.kes.local -b'dc=kes,dc=local' -x
> # extended LDIF
> #
> # LDAPv3
> # base <dc=kes,dc=local> with scope subtree
> # filter: (objectclass=*)
> # requesting: ALL
> #
> 
> # kes.local
> dn: dc=kes,dc=local
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: kes.local
> dc: kes
> 
> ...
> 
> but when I try
> 
> samba-tool domain join kes.local DC -Uadministrator --realm=KES.local
> --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'kes.local'
> Found DC pdc.kes.local
> Failed to bind - LDAP client internal error: NT code 0x80090302
> Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap':
> (null) ERROR(ldb): uncaught exception - None
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 657, in run
>     dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
> join_RODC
>     machinepass, use_ntvfs, dns_backend, promote_existing)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 85, in
> __init__
>     credentials=ctx.creds, lp=ctx.lp)
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
> __init__
>     options=options)
>   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115,
> in __init__
>     self.connect(url, flags, options)
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
> connect
>     options=options)
> root at rtr:/home/user# man samba-tool
> 
> On my pdc I use BIND aus DNS backend.
> 
> Thanks for any support.
> Best Regards
> 

Bit obvious really, use bind on the second DC as well. You should also
note that you DO NOT HAVE A PDC, you have a DC, your second DC will not
be a BDC, it will just be another DC. Please do not use the terms 'PDC'
& 'BDC' when referring to AD DCs, those terms are only used when
referring to NT4-style domain controllers.

Rowland

More information about the samba mailing list