[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain

Daniel McFeeters danielj.mcfeeters at lcdhd.org
Thu Dec 21 19:51:13 UTC 2017 

Yes, I am running 4.7.3 on both servers. One has been upgraded (many times). The new one, obviously, is freshly installed.

I am running DNS on the domain controller. In fact, I'm running all the default "server services". As I said, I have had some problems in the past, and for a while the DNS was not working (perhaps due to some database corruption) and I had to switch it off in smb.conf. DNS seems to be working fine now. However, I am wondering if there are still some inconsistencies in the database which would cause this?

Here is my smb.conf file:

[global]
        workgroup = REDACTED
        realm = redacted.domain.local
        netbios name = SAMBA4DOM
        server role = active directory domain controller
        log level = 2
        allow dns updates = signed
        encrypt passwords = yes
        lanman auth = No
        client ntlmv2 auth = Yes
        ntlm auth = Yes
        client lanman auth = No
        client plaintext auth = No
        client min protocol = SMB2
        client signing = mandatory
        server signing = mandatory

[netlogon]
        path = /var/lib/samba/sysvol/redacted.domain.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


Daniel McFeeters 

----- Original Message -----
> From: "samba" <samba at lists.samba.org>
> To: "Daniel McFeeters" <danielj.mcfeeters at lcdhd.org>, "samba" <samba at lists.samba.org>
> Sent: Thursday, December 21, 2017 1:44:41 PM
> Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain

> On Thu, 2017-12-21 at 11:04 -0500, Daniel McFeeters via samba wrote:
>> I have a Samba4 Domain Controller, which we have run in production since ~2009
>> (early alpha). It's had a few issues over the years which we've managed to
>> recover from. I'm trying to join a second Samba4 DC to the domain, but having
>> trouble when I issue the join. I have run dbcheck on the existing DC, which
> > found and fixed some errors. There are still about 60+ errors like this:

> > # samba-tool dbcheck --cross-ncs
> > ...
>> ERROR: no target object found for GUID component for objectCategory in object
> > DC=...
> > Not removing dangling forward link

>> I'm running the same Samba version on both systems. Just upgraded to 4.7.3
>> (Ubuntu 18.04 beta) in attempting to resolve this problem. (I attempted with
> > earlier versions with the same problem.)

> > Any suggestions would be greatly appreciated!

> > Here is the output from the second DC when I attempt to join:

> > $ samba --version
> > Version 4.7.3-Ubuntu

> So both versions servers run Samba 4.7.3? I would normally expect this
> only if the existing server was much older.

> Thanks,

> Andrew Bartlett

> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba

> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba

More information about the samba mailing list