[Samba] samba 4.6.0 dc provisioning fails with exception

Sat Mar 11 16:04:55 UTC 2017

Hello,

I found the cause. It was the default kerberos config on CentOS: 
/etc/krb5.conf

Please add to the wiki page:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

that before provisioning we should remove this file.

It wasn't confusing only for me, as the resolution I found was in bugzilla:

https://bugzilla.samba.org/show_bug.cgi?id=11573

Maybe you could add some error description for this exception during 
provisioning, so the installing person is not totally in the dark?

Best regards,

Olaf

On 3/11/2017 4:20 PM, Olaf Frączyk wrote:
> Hello,
>
> I have a problem with samba provisioning as DC. CentOS 7, built from 
> tarball using samba howto.
>
> Below is the output. I would have filled bug report, but the "New 
> Account" in bugzilla is not working also :(
>
> [root at dc samba-4.6.0]# samba-tool domain provision --use-rfc2307 
> --realm navidom.office.navi.pl --domain NAVIDOM --server-role dc 
> --adminpass DuDu778$$# --dns-backend SAMBA_INTERNAL
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Adding DomainDN: DC=navidom,DC=office,DC=navi,DC=pl
> Adding configuration container
> Setting up sam.ldb schema
> Setting up sam.ldb configuration data
> Setting up display specifiers
> Modifying display specifiers
> Adding users container
> Modifying users container
> Adding computers container
> Modifying computers container
> Setting up sam.ldb data
> Setting up well known security principals
> Setting up sam.ldb users and groups
> ERROR(ldb): uncaught exception - operations error at 
> ../source4/dsdb/samdb/ldb_modules/password_hash.c:2820
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", 
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", 
> line 471, in run
>     nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", 
> line 2175, in provision
>     skip_sysvolacl=skip_sysvolacl)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", 
> line 1787, in provision_fill
>     next_rid=next_rid, dc_rid=dc_rid)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/__init__.py", 
> line 1447, in fill_samdb
>     "KRBTGTPASS_B64": b64encode(krbtgtpass.encode('utf-16-le'))
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/provision/common.py", 
> line 55, in setup_add_ldif
>     ldb.add_ldif(data, controls)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/__init__.py", 
> line 225, in add_ldif
>     self.add(msg, controls)
>
> Best regards,
>
> Olaf Frączyk
>