[Samba] Unable to Join the Active Directory as a Domain Controller

Luke Barone lukebarone at gmail.com
Wed Dec 20 22:37:07 UTC 2017 

What is the schema level on your Server 2012?

On Wed, Dec 20, 2017 at 1:55 PM, Marc-Henri Pamiseux via samba <
samba at lists.samba.org> wrote:

> Hello,
>
> I am trying to use Samba in version 4.7.0 as a replication of an Active
> Directory running on Windows 2012-R2.
>
> For that, I execute the process described on this page:
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_
> Existing_Active_Directory
>
> When I run the command to join the domain controller, samba-tool returns
> the following error:
> DsAddEntry failed with status WERR_ACCESS_DENIED info (8567,
> 'WERR_DS_INCOMPATIBLE_VERSION')
>
> I read the documentation that specifies which version of Samba is
> compatible with the version of the Active Directory schema:
> https://wiki.samba.org/index.php/AD_Schema_Version_Support
>
> I was able to check on the Windows 2012-R2 server that the Active
> Directory schema is in version 69, so theoretically compatible with
> Samba 4.7.
>
> User "MYDOMAIN\marcori" is a domain admin.
> Do you have a way to explore further?
>
> Respectfully,
>
> Marc-Henri Pamiseux
>
> PS: Here is the command invoked and its error message:
>
> # samba-tool domain join example.com DC -U"MYDOMAIN\marcori"
> --dns-backend=SAMBA_INTERNAL --realm=EXAMPLE.COM -W MYDOMAIN
> Finding a writeable DC for domain 'example.com'
> Found DC SRV-ADM1.example.com
> Password for [MYDOMAIN\marcori]:
> workgroup is MYDOMAIN
> realm is example.com
> Adding CN=SRVSMB-DC1,OU=Domain Controllers,DC=example,DC=com
> Adding
> CN=SRVSMB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=
> Sites,CN=Configuration,DC=example,DC=com
> Adding CN=NTDS
> Settings,CN=SRVSMB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
> Configuration,DC=example,DC=com
> DsAddEntry failed with status WERR_ACCESS_DENIED info (8567,
> 'WERR_DS_INCOMPATIBLE_VERSION')
> Join failed - cleaning up
> Deleted CN=SRVSMB-DC1,OU=Domain Controllers,DC=example,DC=com
> Deleted
> CN=SRVSMB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=
> Sites,CN=Configuration,DC=example,DC=com
> ERROR(runtime): uncaught exception - DsAddEntry failed
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
> join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in
> do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 639, in
> join_add_objects
>     ctx.join_add_ntdsdsa()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 570, in
> join_add_ntdsdsa
>     ctx.DsAddEntry([rec])
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 521, in
> DsAddEntry
>     raise RuntimeError("DsAddEntry failed")
>
> # samba -V
> Version 4.7.0-Debian
>
> --
> Marc-Henri Pamiseux - SARL Libricks - www.libricks.fr
> 6 rue LĂ©onard de Vinci - CS 20119, 53001 LAVAL Cedex
> Tel. : 02.30.96.15.24 / Mobile : 06.26.71.30.97
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list