[Samba] SAMBA failed join domain DC

denis.shigapov denis.shigapov at stroylandiya.ru
Mon Feb 19 11:59:07 UTC 2018

No I'm join samba to Windows DC(srv-dc01), he not server RODC

>> If they do, try pre-creating the new DC in AD.
in Windows manager console AD  may create only RODC, it does not suit

run samba-tool domain join example.ru DC --server=srv-dc01.example.ru
--username=vas.lah --password=password --realm=EXAMPLE.RU --site=SITE2

Failed to fetch machine account password for EXAMPLE from both
secrets.ldb (Could not find entry to match filter:
'(&(f$atname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4636) and from
DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=SRV-SITE2-
DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=NTDS
(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')  File "/usr/lib64/python2.7/site-
packages/samba/netcmd/__init__.py", line 176, in _run    return
self.run(*args, **kwargs)  File "/usr/lib64/python2.7/site-
packages/samba/netcmd/domain.py", line 661, in
run    machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)  File "/usr/lib64/python2.7/site-
packages/samba/join.py", line 1474, in join_DC    ctx.do_join()  File
"/usr/lib64/python2.7/site-packages/samba/join.py", line 1384, in
do_join    ctx.join_add_dns_records()  File "/usr/lib64/python2.7/site-
packages/samba/join.py", line 1116, in
join_add_dns_records    dns_partition=domaindns_zone_dn)  File
"/usr/lib64/python2.7/site-packages/samba/samdb.py", line 939, in
dns_lookup    dns_partition=dns_partition)

В Пн, 19/02/2018 в 11:43 +0000, Rowland Penny via samba пишет:
> On Mon, 19 Feb 2018 16:28:37 +0500
> > Yes, DNS runnig on Windows Server 2008R2(srv-dc01.example.ru)
> > DNS integrated to AD
> > in the domain management snap-in is created RODC,
> I think what you are trying to say is, you are trying to join the
> Samba
> machine (as a DC) to a windows RODC. I don't think this will work,
> an RODC contains all the AD records except the passwords, but they
> are
> read-only.
> > is it possible to translate it into a normal DC?
> No, I am fairly sure you would have to demote it, then promote it as
> a
> a DC, If you can do this, then why not just point the Samba machine
> at
> a normal DC instead ?
> Rowland

More information about the samba mailing list