[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
Rowland Penny
rpenny at samba.org
Thu Dec 21 18:39:05 UTC 2017
On Thu, 21 Dec 2017 13:16:05 -0500 (EST)
Daniel McFeeters <danielj.mcfeeters at lcdhd.org> wrote:
> I thought I had posted already, but my first message may have been
> confusing. Here is the output of the domain join:
>
> $ sudo samba-tool domain join redacted.domain.local DC
> -U"REDACTED\my.domain.admin" --dns-backend=SAMBA_INTERNAL Finding a
> writeable DC for domain 'redacted.domain.local' Found DC
> samba4dom.redacted.domain.local Password for
> [REDACTED\my.domain.admin]: NO DNS zone information found in source
Are you not running a dns server on the original DC ?
> domain, not replicating DNS workgroup is REDACTED
> realm is redacted.domain.local
> Adding CN=SAMBA4DC2,OU=Domain
> Controllers,DC=redacted,DC=domain,DC=local Adding
> CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
> Adding CN=NTDS
> Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
> Adding SPNs to CN=SAMBA4DC2,OU=Domain
> Controllers,DC=redacted,DC=domain,DC=local Setting account password
> for SAMBA4DC2$ Enabling account Calling bare provision Looking up
> IPv4 addresses Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba AD has been generated
> at /var/lib/samba/private/krb5.conf Provision OK for domain DN
> DC=redacted,DC=domain,DC=local Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[1550/1550] linked_values[0/0] Analyze and apply schema
> objects Partition[CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[402/1606] linked_values[0/0]
> Partition[CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[804/1606] linked_values[0/0]
> Partition[CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[1206/1606] linked_values[0/0]
> Partition[CN=Configuration,DC=redacted,DC=domain,DC=local]
> objects[1605/1606] linked_values[22/22] Replicating critical objects
> from the base DN of the domain
> Partition[DC=redacted,DC=domain,DC=local] objects[76/74]
> linked_values[21/21] Partition[DC=redacted,DC=domain,DC=local]
> objects[478/19960] linked_values[0/0] Failed to commit objects:
> WERR_DS_DRA_MISSING_PARENT Join failed - cleaning up Deleted
> CN=SAMBA4DC2,OU=Domain Controllers,DC=redacted,DC=domain,DC=local
> Deleted CN=NTDS
> Settings,CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
> Deleted
> CN=SAMBA4DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=redacted,DC=domain,DC=local
> ERROR(runtime): uncaught exception - (8460, "Failed to process
> 'chunk' of DRS replicated objects: WERR_DS_DRA_MISSING_PARENT") File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run return self.run(*args, **kwargs) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661,
> in run machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend) File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
> join_DC ctx.do_join() File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in
> do_join ctx.join_replicate() File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 936, in
> join_replicate replica_flags=ctx.domain_replica_flags) File
> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 295, in
> replicate schema=schema, req_level=req_level, req=req) $
>
Two thoughts here, are you using the ntvfs backend on the first DC ?
this has now been deprecated and is only used in the Samba test.
Does your admin user have all the required permissions ? Have you tried
using 'Administrator' ?
Rowland
More information about the samba
mailing list