[Samba] Join an additional Samba DC to an existing Active Directory

Rowland Penny rpenny at samba.org
Thu Aug 25 11:24:14 UTC 2016 

On Thu, 25 Aug 2016 12:46:50 +0200
basti via samba <samba at lists.samba.org> wrote:

> On 25.08.2016 12:24, Rowland Penny via samba wrote:
> > On Thu, 25 Aug 2016 12:03:30 +0200
> > basti via samba <samba at lists.samba.org> wrote:
> > 
> >> Hello,
> >> I try to add a BDC to my AD using this Howto
> >> https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#Preparing_the_host_for_the_domain_join
> >>
> >> host -t A pdc.kes.local
> >> pdc.kes.local has address 192.168.122.2
> >>
> >> ldapsearch -h pdc.kes.local -b'dc=kes,dc=local' -x
> >> # extended LDIF
> >> #
> >> # LDAPv3
> >> # base <dc=kes,dc=local> with scope subtree
> >> # filter: (objectclass=*)
> >> # requesting: ALL
> >> #
> >>
> >> # kes.local
> >> dn: dc=kes,dc=local
> >> objectClass: top
> >> objectClass: dcObject
> >> objectClass: organization
> >> o: kes.local
> >> dc: kes
> >>
> >> ...
> >>
> >> but when I try
> >>
> >> samba-tool domain join kes.local DC -Uadministrator
> >> --realm=KES.local --dns-backend=SAMBA_INTERNAL
> >> Finding a writeable DC for domain 'kes.local'
> >> Found DC pdc.kes.local
> >> Failed to bind - LDAP client internal error: NT code 0x80090302
> >> Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap':
> >> (null) ERROR(ldb): uncaught exception - None
> >>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> >> line 175, in _run
> >>     return self.run(*args, **kwargs)
> >>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
> >> line 657, in run
> >>     dns_backend=dns_backend)
> >>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
> >> 1116, in join_RODC
> >>     machinepass, use_ntvfs, dns_backend, promote_existing)
> >>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 85,
> >> in __init__
> >>     credentials=ctx.creds, lp=ctx.lp)
> >>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57,
> >> in __init__
> >>     options=options)
> >>   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line
> >> 115, in __init__
> >>     self.connect(url, flags, options)
> >>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72,
> >> in connect
> >>     options=options)
> >> root at rtr:/home/user# man samba-tool
> >>
> >> On my pdc I use BIND aus DNS backend.
> >>
> >> Thanks for any support.
> >> Best Regards
> >>
> > 
> > Bit obvious really, use bind on the second DC as well. You should
> > also note that you DO NOT HAVE A PDC, you have a DC, your second DC
> > will not be a BDC, it will just be another DC. Please do not use
> > the terms 'PDC' & 'BDC' when referring to AD DCs, those terms are
> > only used when referring to NT4-style domain controllers.
> > 
> > Rowland 
> > 
> 
> This does not fix ther error.
> samba is still unable to connect to ldap.
> 
> Found DC pdc.kes.local
> Failed to bind - LDAP client internal error: NT code 0x80090302
> Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap':
> (null)
> 

OK, provided that you have installed Bind9 and set it up (it doesn't
need to be running), it should work.

One other thought, have you created /etc/krb5.conf ?

Try the command like this:

samba-tool domain join kes.local DC -Uadministrator --realm=KES.LOCAL
--dns-backend=BIND9_DLZ --password=<PUT YOUR ADMINISTRATOR PASWWORD
HERE>

Rowland

More information about the samba mailing list