[Samba] join samba 4.5.12 to samba 4.1.13 failed

L.P.H. van Belle belle at bazuin.nl
Wed Jul 26 07:05:40 UTC 2017 

Hai, 

I must ask first, did you check the "before and after the update" steps,
found here https://wiki.samba.org/index.php/Updating_Samba

Your error looks like and it might have todo with samba 4.1.x and ntvfs: 
https://wiki.samba.org/index.php/Migrating_the_ntvfs_File_Server_Back_End_to_s3fs 

Last, if the join keeps failing, upgrade the DC with FSMO roles. 
Change ntvfs to s3fs and the join of DC3. 

Thats only what i can suggest, maybe Rowland has a better option but these are old bugs your hitting. 
It might have todo with the ntvfs, or can be corrupted DB, or slow network connection, or AD DB size. (total number of object) 
And that in combination with samba 4.1. upgrade to 4.5 is a big step.

The config shown looks ok, so i dont think is a config/setup error.


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Allen Chen via samba
> Verzonden: dinsdag 25 juli 2017 20:05
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] join samba 4.5.12 to samba 4.1.13 failed
> 
> Hi there,
> 
> I have 2 DC servers(samba 4.1.13) working for more than 1 year.
> When I join samba 4.5.12 to the domain, it fails on this error:
> ....
> Replicating critical objects from the base DN of the domain 
> Partition[DC=mydomain,DC=htft] objects[98/98] 
> linked_values[33/0] Join failed - cleaning up Deleted 
> CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft ...
> 
> Environment:
> 2 existing DCs: DC1 and DC2, CentOS 6.2 32bit, compiled Samba 4.1.13
> 1 new DC: DC3, Centos 6.8 64bit, compiled Samba 4.5.12 DNS 
> settings: samba 4 internal DNS.
>      Windows clients use conpany DNS servers which forward AD 
> zone to AD servers
> 
> 
> What I did on the new DC DC3:
> # tar xvf samba-4.5.12.tar
> # cd samba-4.5.12
> # ./configure --prefix=/usr/local/samba
> # make
> # make install
> 
> # cat /etc/hosts
> 127.0.0.1   localhost localhost.localdomain localhost4 
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6 
> localhost6.localdomain6
> 192.168.1.42 dc3.mydomain.htft dc3
> 
> # cat /etc/krb5.conf
> [logging]
>   default = FILE:/var/log/krb5libs.log
>   kdc = FILE:/var/log/krb5kdc.log
>   admin_server = FILE:/var/log/kadmind.log
> [libdefaults]
>   default_realm = MYDOMAIN.HTFT
>   dns_lookup_realm = false
>   dns_lookup_kdc = true
> 
> #kinit administrator
> Password for administrator at MYDOMAIN.HTFT:
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: administrator at MYDOMAIN.HTFT
> 
> Valid starting     Expires            Service principal
> 07/25/17 11:37:41  07/25/17 21:37:41 
> krbtgt/MYDOMAIN.HTFT at MYDOMAIN.HTFT
>          renew until 07/26/17 11:37:32
> 
> 
> # /usr/local/samba/bin/samba-tool domain join mydomain.htft DC 
> -U"MYDOMAIN.HTFT\administrator" --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'mydomain.htft'
> Found DC dc2.mydomain.htft
> Password for [MYDOMAIN.HTFT\administrator]:
> workgroup is MYDOMAIN
> realm is mydomain.htft
> Adding CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
> Adding 
> CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
> guration,DC=hftne 
> t,DC=htft
> Adding CN=NTDS 
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Confi 
> guration,DC=mydomain,DC=htft
> Adding SPNs to CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
> Setting account password for DC3$
> Enabling account
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba 4 has been generated at 
> /usr/local/samba/private/krb5.conf
> Provision OK for domain DN DC=mydomain,DC=htft
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
> objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
> objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] 
> objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=mydomain,DC=htft] objects[402/1633] 
> linked_values[0/0]
> Partition[CN=Configuration,DC=mydomain,DC=htft] objects[804/1633] 
> linked_values[0/0]
> Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1206/1633] 
> linked_values[0/0]
> Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1608/1633] 
> linked_values[0/0]
> Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1633/1633] 
> linked_values[50/0]
> Replicating critical objects from the base DN of the domain
> Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
> Join failed - cleaning up
> Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
> Deleted CN=NTDS 
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites
> ,CN=Configuration,DC=mydomain,DC=htft
> Deleted 
> CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
> guration,DC=mydomain,DC=htft
> ERROR(runtime): uncaught exception - (-1073741643, '{Device 
> Timeout} The 
> specified I/O operation on %hs was not completed before the time-out 
> period expired.')
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/_
> _init__.py", 
> line 176, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/d
> omain.py", 
> line 652, in run
>      machinepass=machinepass, use_ntvfs=use_ntvfs, 
> dns_backend=dns_backend)
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
> line 1253, in join_DC
>      ctx.do_join()
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
> line 1153, in do_join
>      ctx.join_replicate()
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", 
> line 896, in join_replicate
>      replica_flags=ctx.domain_replica_flags)
>    File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", 
> line 254, in replicate
>      (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, 
> req_level, req)
> 
> It looks like it almost finished the join.
> any idea?
> 
> Thanks
> Allen
>  
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list