[Samba] error with joining new DC to domain

Rowland Penny rpenny at samba.org
Wed Dec 12 15:36:53 UTC 2018 

On Wed, 12 Dec 2018 16:01:52 +0100
"peter.grotz--- via samba" <samba at lists.samba.org> wrote:

> Thanks Rowland for your answer. 
> 
> these are sernet-packages from their subscription. 
> 
> There are 4 DCs (all with last sernet-rpms) 2 are demoted with probs
> (dc-01 and dc-02 both centos6) and 2 are running (dc-10 and  dc-11 on
> centos 7) 
> 
> dc-11 has all  fsmo. joining with the old dc-01 and dc-02 doesn´t even
> work. 
> 
> dc-01 joins but gives me this: 
> 
> Deleted
> CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan
> Adding CN=DC-01,OU=Domain Controllers,DC=obel,DC=lan
> Adding
> CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan
> Adding CN=NTDS
> Settings,CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan
> Adding SPNs to CN=DC-01,OU=Domain Controllers,DC=obel,DC=lan
> Setting account password for DC-01$
> Enabling account
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
> 
> A Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> Merge the contents of this file with your system krb5.conf or replace
> it with this one. Do not create a symlink!
> Provision OK for domain DN DC=obel,DC=lan
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[402/1550]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[804/1550]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan]
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan]
> objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=obel,DC=lan] objects[402/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[804/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[1206/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[1608/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[1646/1646]
> linked_values[44/44]
> Failed to commit objects: DOS code 0x000021bf
> Missing target object - retrying with DRS_GET_TGT
> Partition[CN=Configuration,DC=obel,DC=lan] objects[2048/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[2450/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[2852/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[3254/1646]
> linked_values[0/0]
> Partition[CN=Configuration,DC=obel,DC=lan] objects[3292/1646]
> linked_values[44/44]
> Replicating critical objects from the base DN of the domain
> Partition[DC=obel,DC=lan] objects[98/98] linked_values[34/34]
> Partition[DC=obel,DC=lan] objects[501/669] linked_values[0/24]
> Partition[DC=obel,DC=lan] objects[767/669] linked_values[585/585]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=obel,DC=lan
> Partition[DC=DomainDnsZones,DC=obel,DC=lan] objects[229/229]
> linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=obel,DC=lan
> Partition[DC=ForestDnsZones,DC=obel,DC=lan] objects[35/35]
> linked_values[0/0]
> WARNING: Unable to replicate own RID Set, as server dc-10.obel.lan
> (the server we joined) is not the RID Master.
> NOTE: This is normal and expected, Samba will be able to create users
> after it contacts the RID Master at first startup.
> Committing SAM database
> Adding 1 remote DNS records for DC-01.obel.lan
> Adding DNS A record DC-01.obel.lan for IPv4 IP: 192.168.0.101
> Adding DNS CNAME record
> 96ed5e12-99b8-4f8d-b9bf-f58b9c82eaa5._msdcs.obel.lan for
> DC-01.obel.lan All other DNS records (like _ldap SRV records) will be
> created samba_dnsupdate on first startup
> Replicating new DNS records in DC=DomainDnsZones,DC=obel,DC=lan
> Partition[DC=DomainDnsZones,DC=obel,DC=lan] objects[2/2]
> linked_values[0/0]
> Replicating new DNS records in DC=ForestDnsZones,DC=obel,DC=lan
> Partition[DC=ForestDnsZones,DC=obel,DC=lan] objects[2/2]
> linked_values[0/0]
> Sending DsReplicaUpdateRefs for all the replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> Joined domain OBEL (SID S-1-5-21-1994583749-1469429152-1855221660) as
> a DC 
> 
> Then he joined but is not really working (now drs replicatin on
> samba-tool drs showrepl 
> 
> demoting dc-01 brings me the following: 
> 
> [root at dc-01 samba]# samba-tool domain demote --server=dc-10
> -Uadministrator
> Using dc-10 as partner server for the demotion
> Password for [OBEL\administrator]:
> Deactivating inbound replication
> Asking partner server dc-10 to synchronize from us
> Error while replicating out last local changes from
> 'CN=Schema,CN=Configuration,DC=obel,DC=lan' for demotion, re-enabling
> inbound replication
> ERROR(<class 'samba.WERRORError'>): Error while sending a
> DsReplicaSync for partition
> 'CN=Schema,CN=Configuration,DC=obel,DC=lan' - (2,
> 'WERR_FILE_NOT_FOUND') File
> "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
> 855, in run drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
> [root at dc-01 samba]# samba-tool domain demote --server=dc-10
> -Uadministrator
> Using dc-10 as partner server for the demotion
> Password for [OBEL\administrator]:
> Deactivating inbound replication
> Asking partner server dc-10 to synchronize from us
> Error while replicating out last local changes from
> 'CN=Schema,CN=Configuration,DC=obel,DC=lan' for demotion, re-enabling
> inbound replication
> ERROR(<class 'samba.WERRORError'>): Error while sending a
> DsReplicaSync for partition
> 'CN=Schema,CN=Configuration,DC=obel,DC=lan' - (2,
> 'WERR_FILE_NOT_FOUND') File
> "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line
> 855, in run drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) 
> 
> Peter
> 
> Am 12.12.2018 15:53, schrieb Rowland Penny via samba:
> 
> > On Wed, 12 Dec 2018 15:43:09 +0100
> > peter grotz via samba <samba at lists.samba.org> wrote:
> > 
> >> I forgot: this is samba 4.9.3 on centos 7
> > 
> > Where did you get Samba 4.9.3 from ?
> > 
> >> Thanks
> >> 
> >> Hello,
> >> 
> >> I got a problem with adding an new dc to a domain. when I try to
> >> join I get the following:
> > 
> > What are the other DC(s) ?
> > 
> > Rowland

There was a similar thread here:

https://lists.samba.org/archive/samba/2018-June/216543.html

Rowland

More information about the samba mailing list