[Samba] join samba 4.5.12 to samba 4.1.13 failed

Allen Chen achen at harbourfrontcentre.com
Tue Jul 25 18:04:47 UTC 2017 

Hi there,

I have 2 DC servers(samba 4.1.13) working for more than 1 year.
When I join samba 4.5.12 to the domain, it fails on this error:
....
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
...

Environment:
2 existing DCs: DC1 and DC2, CentOS 6.2 32bit, compiled Samba 4.1.13
1 new DC: DC3, Centos 6.8 64bit, compiled Samba 4.5.12
DNS settings: samba 4 internal DNS.
     Windows clients use conpany DNS servers which forward AD zone to AD 
servers


What I did on the new DC DC3:
# tar xvf samba-4.5.12.tar
# cd samba-4.5.12
# ./configure --prefix=/usr/local/samba
# make
# make install

# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 
localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 
localhost6.localdomain6
192.168.1.42 dc3.mydomain.htft dc3

# cat /etc/krb5.conf
[logging]
  default = FILE:/var/log/krb5libs.log
  kdc = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
[libdefaults]
  default_realm = MYDOMAIN.HTFT
  dns_lookup_realm = false
  dns_lookup_kdc = true

#kinit administrator
Password for administrator at MYDOMAIN.HTFT:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at MYDOMAIN.HTFT

Valid starting     Expires            Service principal
07/25/17 11:37:41  07/25/17 21:37:41 krbtgt/MYDOMAIN.HTFT at MYDOMAIN.HTFT
         renew until 07/26/17 11:37:32


# /usr/local/samba/bin/samba-tool domain join mydomain.htft DC 
-U"MYDOMAIN.HTFT\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'mydomain.htft'
Found DC dc2.mydomain.htft
Password for [MYDOMAIN.HTFT\administrator]:
workgroup is MYDOMAIN
realm is mydomain.htft
Adding CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Adding 
CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hftne 
t,DC=htft
Adding CN=NTDS 
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi 
guration,DC=mydomain,DC=htft
Adding SPNs to CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Setting account password for DC3$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at 
/usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=mydomain,DC=htft
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[402/1633] 
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[804/1633] 
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1206/1633] 
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1608/1633] 
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1633/1633] 
linked_values[50/0]
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Deleted CN=NTDS 
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=htft
Deleted 
CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=htft
ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The 
specified I/O operation on %hs was not completed before the time-out 
period expired.')
   File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", 
line 652, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
line 1253, in join_DC
     ctx.do_join()
   File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
line 1153, in do_join
     ctx.join_replicate()
   File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
line 896, in join_replicate
     replica_flags=ctx.domain_replica_flags)
   File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", 
line 254, in replicate
     (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

It looks like it almost finished the join.
any idea?

Thanks
Allen

More information about the samba mailing list