[Samba] Joining Samba4 to existing AD

mj lists at merit.unu.edu
Fri Apr 7 07:26:52 UTC 2017 

Hi Erick,

We were unable recently to join a 4.6.1 machine to the domain as a 
domain member server. Going back to 4.5.7 solved it immediately.

In our case it turned out to be a bug that will supposedly be fixed in 
samba 4.6.3. Perhaps this same bug is what's biting you...

Try the latest 4.5.x

MJ

On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:
> Hi,
>
> I have followed this guide on the wiki
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
> in
> order to join samba to an existing Active Directory.
> I'm using CentOS 7, using Samba 4.6 and compiled from source.
>
> So the thing is that I'm stuck on step
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
>
> Basically when I try to join Samba to the AD I get this error
>
> [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
> "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'EXAMPLE.COM'
> Found DC dc-01.example.com
> Password for [EXAMPLE\Administrator]:
> workgroup is EXAMPLE
> realm is example.com
> Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
> Adding
> CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> Join failed - cleaning up
> Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
>         'CN=Sites,CN=Configuration,DC=example,DC=com'
>> <>
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> 1269, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> 1175, in do_join
>     ctx.join_add_objects()
>   File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
> 606, in join_add_objects
>     ctx.samdb.add(rec)
>
>
> This is my currrent Kerberos conf
>
> [root at samba-dc-02 ]# cat /etc/krb5.conf
> [libdefaults]
>         dns_lookup_realm = false
>         dns_lookup_kdc = true
>         default_realm = EXAMPLE.COM
>
>
> And the Kerberos ticket is opened successfully.
>
> [root at samba-dc-02 ]# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at EXAMPLE.COM
>
> Valid starting       Expires              Service principal
> 04/06/2017 20:42:24  04/07/2017 06:42:24  krbtgt/EXAMPLE.COM at EXAMPLE.COM
>         renew until 04/07/2017 20:42:18
>
> The Samba server itelsf resolves to the AD ip
>
> [root at samba-dc-02 ]# cat /etc/resolv.conf
> # Generated by NetworkManager
> search example.com
> nameserver 10.3.251.19
>
>
> Anybody have an idea what could be happening? Thanks in advance.
>
>
>

More information about the samba mailing list