[Samba] Joining Samba4 to existing AD

Erick Ocrospoma zipper1790 at gmail.com
Wed Apr 12 16:54:42 UTC 2017


Hi guys,

I changed my /etc/hosts and looks like this:


[root at lim-inf1-dns-02 ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6
localhost6.localdomain6
10.3.251.19      dc-01.example.com  dc-01
172.28.240.252  dc-02.example.com  dc-02



So, to be clear, dc-01.example.com is the Windows AD hostname.
dc-02.example.com is the linux machine itself

I tried to join domain again but it is pretty the same error :(


[root at ldc-02 ~]# samba-tool domain join EXAMPLE.COM DC -UAdministrator
 --realm=EXAMPLE.COM --dns-backend=SAMBA_INTERNAL --debug 3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'EXAMPLE.COM'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.EXAMPLE.COM
<0x0>
Found DC dc-01.example.com
resolve_lmhosts: Attempting lmhosts lookup for name dc-01.example.com<0x20>
Password for [WORKGROUP\Administrator]:
Aquiring initiator credentials failed: kinit for Administrator at EXAMPLE.COM
failed (Wrong realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is EXAMPLE
realm is example.com
Adding CN=DC-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for EXAMPLE from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=EXAMPLE)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4575) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Sites,CN=Configuration,DC=example,DC=com'
> <>
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1253, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1151, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
593, in join_add_objects
    ctx.samdb.add(rec)



On 12 April 2017 at 10:49, Rowland Penny via samba <samba at lists.samba.org>
wrote:

> On Wed, 12 Apr 2017 17:28:39 +0200
> "L.P.H. van Belle via samba" <samba at lists.samba.org> wrote:
>
> > Correct you need a smb.conf.
>
> No he doesn't, he is trying to join another DC.
>
> > And please do correct your hosts file before you join.
> >
> >
> >
> > >>  127.0.0.1   localhost localhost.localdomain localhost4
> > >>localhost4.localdomain4 dc-02.example.com dc-02 << NOT GOOD
> >
> > ::1         localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> >
> > 10.3.251.19                    dc-01.example.com  dc-01  << CORRECT
>
> Well it is correct if the last line is the information for the DC he is
> trying to join.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 


Erick.


-------------------------------------------
IRC     :   zerick
Blog    : http://zerick.me
About :  http://about.me/zerick
Linux User ID :  549567


More information about the samba mailing list