[Samba] Joining Samba4 to existing AD
Erick Ocrospoma
zipper1790 at gmail.com
Fri Apr 7 00:26:36 UTC 2017
Hi,
I have followed this guide on the wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
in
order to join samba to an existing Active Directory.
I'm using CentOS 7, using Samba 4.6 and compiled from source.
So the thing is that I'm stuck on step
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
Basically when I try to join Samba to the AD I get this error
[root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
"EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'EXAMPLE.COM'
Found DC dc-01.example.com
Password for [EXAMPLE\Administrator]:
workgroup is EXAMPLE
realm is example.com
Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Sites,CN=Configuration,DC=example,DC=com'
> <>
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1269, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1175, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
606, in join_add_objects
ctx.samdb.add(rec)
This is my currrent Kerberos conf
[root at samba-dc-02 ]# cat /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = EXAMPLE.COM
And the Kerberos ticket is opened successfully.
[root at samba-dc-02 ]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at EXAMPLE.COM
Valid starting Expires Service principal
04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 04/07/2017 20:42:18
The Samba server itelsf resolves to the AD ip
[root at samba-dc-02 ]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.3.251.19
Anybody have an idea what could be happening? Thanks in advance.
--
Erick.
More information about the samba
mailing list