[Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain

Thu Dec 21 21:47:46 UTC 2017

Hi,

If you slowly turn up the debug level for the join, there may be some
clues as to which object is causing the issues. Do note, that these logs
can contain sensitive data.

Cheers,

Garming

On 22/12/17 08:51, Daniel McFeeters via samba wrote:
> Yes, I am running 4.7.3 on both servers. One has been upgraded (many times). The new one, obviously, is freshly installed.
>
> I am running DNS on the domain controller. In fact, I'm running all the default "server services". As I said, I have had some problems in the past, and for a while the DNS was not working (perhaps due to some database corruption) and I had to switch it off in smb.conf. DNS seems to be working fine now. However, I am wondering if there are still some inconsistencies in the database which would cause this?
>
> Here is my smb.conf file:
>
> [global]
>         workgroup = REDACTED
>         realm = redacted.domain.local
>         netbios name = SAMBA4DOM
>         server role = active directory domain controller
>         log level = 2
>         allow dns updates = signed
>         encrypt passwords = yes
>         lanman auth = No
>         client ntlmv2 auth = Yes
>         ntlm auth = Yes
>         client lanman auth = No
>         client plaintext auth = No
>         client min protocol = SMB2
>         client signing = mandatory
>         server signing = mandatory
>
> [netlogon]
>         path = /var/lib/samba/sysvol/redacted.domain.local/scripts
>         read only = No
>
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
>
>
> Daniel McFeeters 
>
> ----- Original Message -----
>> From: "samba" <samba at lists.samba.org>
>> To: "Daniel McFeeters" <danielj.mcfeeters at lcdhd.org>, "samba" <samba at lists.samba.org>
>> Sent: Thursday, December 21, 2017 1:44:41 PM
>> Subject: Re: [Samba] WERR_DS_DRA_MISSING_PARENT while Joining Samba4 DC to Samba4 Domain
>> On Thu, 2017-12-21 at 11:04 -0500, Daniel McFeeters via samba wrote:
>>> I have a Samba4 Domain Controller, which we have run in production since ~2009
>>> (early alpha). It's had a few issues over the years which we've managed to
>>> recover from. I'm trying to join a second Samba4 DC to the domain, but having
>>> trouble when I issue the join. I have run dbcheck on the existing DC, which
>>> found and fixed some errors. There are still about 60+ errors like this:
>>> # samba-tool dbcheck --cross-ncs
>>> ...
>>> ERROR: no target object found for GUID component for objectCategory in object
>>> DC=...
>>> Not removing dangling forward link
>>> I'm running the same Samba version on both systems. Just upgraded to 4.7.3
>>> (Ubuntu 18.04 beta) in attempting to resolve this problem. (I attempted with
>>> earlier versions with the same problem.)
>>> Any suggestions would be greatly appreciated!
>>> Here is the output from the second DC when I attempt to join:
>>> $ samba --version
>>> Version 4.7.3-Ubuntu
>> So both versions servers run Samba 4.7.3? I would normally expect this
>> only if the existing server was much older.
>> Thanks,
>> Andrew Bartlett
>> --
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba