[Samba] Samba-tool SUBDOMAIN Problem

Andrew Bartlett abartlet at samba.org
Wed Nov 2 07:32:16 UTC 2016 

On Wed, 2016-11-02 at 00:27 +0100, Simon 'Pimmal' König via samba
wrote:
> Hi,
> 
> i have setted up a DC ESC.LAN, if i try to do "samba-tool domain
> join 
> MUNICH.ESC.LAN SUBDOMAIN -Uadministrator" i get the following error,
> how 
> can i build up a AD Subdomain (Domain Tree)
> 
> [root at MUC-PDC ~]# samba-tool domain join MUNICH.ESC.LAN SUBDOMAIN 
> -Uadministrator
> Administrator password will be set randomly!
> Finding a writeable DC for domain 'ESC.LAN'
> Found DC esc-pdc.esc.lan
> Password for [ESC\administrator]:
> Reconnecting to naming master 
> 6f13c3e5-b440-4696-8e07-359f4a3955bf._msdcs.esc.lan
> DNS name of new naming master is esc-pdc.esc.lan
> Deleted CN=NTDS 
> Settings,CN=MUC-PDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=esc,DC=lan
> Deleted 
> CN=MUC-PDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=esc,DC=lan
> ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
>    File 
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/__init__.py", 
> line 176, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/domain.py", 
> line 671, in run
>      adminpass=adminpass)
>    File "/usr/local/samba/lib64/python2.7/site-
> packages/samba/join.py", 
> line 1332, in join_subdomain
>      ctx.do_join()
>    File "/usr/local/samba/lib64/python2.7/site-
> packages/samba/join.py", 
> line 1147, in do_join
>      ctx.cleanup_old_join()
>    File "/usr/local/samba/lib64/python2.7/site-
> packages/samba/join.py", 
> line 264, in cleanup_old_join
>      objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED)

I'm sorry, but currently subdomain support is only partially
implemented.  That is why we don't talk about it much, but the partial
parts are in the codebase.

Sadly this need substantially more work to progress further.

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list