[Samba] SAMBA failed join domain DC

denis.shigapov denis.shigapov at stroylandiya.ru
Tue Feb 20 09:10:16 UTC 2018 

Is there any idea why Samba does not join the domain in the DC role?


By the way, to compile samba us need packages

bind-utils  libblkid-devel  libsemanage-python  libxml2-devel  perl-
Test-Base  policycoreutils-python  gcc  gdb  openldap-devel  python-
devel  readline-devel  audit-lib    s-
python  checkpolicy  libcgroup  libselinux-python  libselinux-
utils  mailcap  perl-Algorithm-Diff  perl-Archive-Extract  perl-
Archive-Zip  perl-Business-ISBN  perl-Bus    iness-ISBN-Data  perl-
CPAN  perl-CPAN-Meta  perl-CPAN-Meta-Requirements  perl-CPAN-Meta-
YAML  perl-CPANPLUS  perl-Compress-Raw-Bzip2  perl-Compress-Raw-
Zlib  perl-DBD-SQ    Lite  perl-DBI  perl-DBIx-Simple  perl-
Digest  perl-Digest-MD5  perl-Digest-SHA  perl-Digest-SHA1  perl-
Encode-Locale  perl-ExtUtils-CBuilder  perl-File-Fetch  perl-File    -
Listing  perl-File-Remove  perl-HTML-Parser  perl-HTML-Tagset  perl-
HTTP-Cookies  perl-HTTP-Daemon  perl-HTTP-Date  perl-HTTP-
Message  perl-HTTP-Negotiate  perl-IO-Comp    ress  perl-IO-HTML  perl-
IO-Socket-IP  perl-IO-Socket-SSL  perl-IPC-Cmd  perl-JSON-PP  perl-LWP-
MediaTypes  perl-Locale-Maketext  perl-Locale-Maketext-Simple  perl-
Log-M    essage  perl-Log-Message-Simple  perl-Module-Build  perl-
Module-CoreList  perl-Module-Install  perl-Module-Load  perl-Module-
Load-Conditional  perl-Module-Loaded  perl-M    odule-Metadata  perl-
Module-Pluggable  perl-Module-ScanDeps  perl-Module-Signature  perl-
Net-Daemon  perl-Net-HTTP  perl-Net-LibIDN  perl-Net-SSLeay  perl-
Object-Accesso    r  perl-PAR-Dist  perl-Package-Constants  perl-
Params-Check  perl-Parse-CPAN-Meta  perl-Perl-OSType  perl-PlRPC  perl-
Spiffy  perl-Term-UI  perl-Test-Deep  perl-Text-Dif    f  perl-
TimeDate  perl-URI  perl-WWW-RobotRules  perl-YAML  perl-YAML-
Tiny  perl-libwww-perl  perl-local-lib  perl-
version  policycoreutils  python-IPy  setools-libs  xz    -
devel  audit-
libs  cpp  libblkid  libgcc  libgomp  libmount  libselinux  libselinux-
devel  libsemanage  libuuid  libuuid-devel  openldap  python  python-
libs  readline      util-linux  

and what of them is necessary only for work?
What can I delete after compilation?

В Вт, 20/02/2018 в 08:47 +0500, denis.shigapov via samba пишет:
> samba-tool domain join example.ru DC --server=srv-dc01.example.ru
> --username=vas.lah --password=password --realm=EXAMPLE.RU --
> site=SITE2
> -d 1 > /tmp/log.txt 2>&1
> 
> --------- config ---------
> workgroup is EXAMPLE
> realm is example.ru
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> The Kerberos KDC configuration for Samba AD is located at
> /var/lib/samba/private/kdc.conf
> A Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> Merge the contents of this file with your system krb5.conf or replace
> it with this one. Do not create a symlink!
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[402/2684] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[804/2684] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[1206/2684] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[1608/2684] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[2010/2684] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[2412/2684] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=ru]
> objects[2654/2684] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=example,DC=ru] objects[402/7264]
> linked_values[0/1969]
> Partition[CN=Configuration,DC=example,DC=ru] objects[804/7264]
> linked_values[0/1969]
> ......
> Partition[CN=Configuration,DC=example,DC=ru] objects[5903/7264]
> linked_values[98/1969]
> Partition[CN=Configuration,DC=example,DC=ru] objects[6223/7264]
> linked_values[326/1969]
> Partition[CN=Configuration,DC=example,DC=ru] objects[6387/7264]
> linked_values[427/1969]
> Partition[DC=example,DC=ru] objects[165/1306] linked_values[89/25513]
> Partition[DC=example,DC=ru] objects[235/1306] linked_values[0/25513]
> Partition[DC=example,DC=ru] objects[494/42568]
> linked_values[28/25513]
> Partition[DC=example,DC=ru] objects[744/42568] linked_values[0/25513]
> Partition[DC=example,DC=ru] objects[986/42568]
> linked_values[498/25513]
> Partition[DC=example,DC=ru] objects[1182/42568]
> linked_values[303/25513]
> ......
> Partition[DC=example,DC=ru] objects[42791/42568]
> linked_values[1/25513]
> Partition[DC=example,DC=ru] objects[42887/42568]
> linked_values[3/25513]
> Partition[DC=example,DC=ru] objects[42984/42568]
> linked_values[0/25513]
> Partition[DC=example,DC=ru] objects[43020/42568]
> linked_values[0/25513]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[402/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[775/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[1144/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[1519/16777]
> linked_values[0/0]
> ......
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[21170/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[21564/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[21873/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[22275/16777]
> linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=example,DC=ru] objects[22297/16777]
> linked_values[0/0]
> Partition[DC=ForestDnsZones,DC=example,DC=ru] objects[402/2041]
> linked_values[0/0]
> Partition[DC=ForestDnsZones,DC=example,DC=ru] objects[775/2041]
> linked_values[0/0]
> .......
> linked_values[0/0]
> Partition[DC=ForestDnsZones,DC=example,DC=ru] objects[2522/2041]
> linked_values[0/0]
> Exop on[CN=RID Manager$,CN=System,DC=example,DC=ru] objects[3]
> linked_values[0]
> Adding 1 remote DNS records for SRV-SITE2-DC1.example.ru
> Adding DNS A record SRV-SITE2-DC1.example.ru for IPv4 IP: 10.2.1.15
> Could not find machine account in secrets database: Failed to fetch
> machine account password for EXAMPLE from both secrets.ldb (Could not
> find entry to match filter:
> '(&(flatname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary
> Domains': No such object: dsdb_search at
> ../source4/dsdb/common/util.c:4636) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py",
> line 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
>   File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1474,
> in join_DC
>     ctx.do_join()
>   File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1384,
> in do_join
>     ctx.join_add_dns_records()
>   File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1116,
> in join_add_dns_records
>     dns_partition=domaindns_zone_dn)
>   File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 939,
> in dns_lookup
>     dns_partition=dns_partition)
> Adding CN=SRV-SITE2-DC1,OU=Domain Controllers,DC=example,DC=ru
> Adding CN=SRV-SITE2-
> DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ru
> Adding CN=NTDS Settings,CN=SRV-SITE2-
> DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ru
> Adding SPNs to CN=SRV-SITE2-DC1,OU=Domain
> Controllers,DC=example,DC=ru
> Setting account password for SRV-SITE2-DC1$
> Enabling account
> Calling bare provision
> Provision OK for domain DN DC=example,DC=ru
> Starting replication
> Replicating critical objects from the base DN of the domain
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=example,DC=ru
> Replicating DC=ForestDnsZones,DC=example,DC=ru
> Committing SAM database
> Join failed - cleaning up
> Deleted CN=RID Set,CN=SRV-SITE2-DC1,OU=Domain
> Controllers,DC=example,DC=ru
> Deleted CN=SRV-SITE2-DC1,OU=Domain Controllers,DC=example,DC=ru
> Deleted CN=NTDS Settings,CN=SRV-SITE2-
> DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ru
> Deleted CN=SRV-SITE2-
> DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ru
> 
> В Пн, 19/02/2018 в 12:51 +0000, Rowland Penny via samba пишет:
> > On Mon, 19 Feb 2018 17:40:25 +0500
> > "denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:
> > 
> > > the first letter sent a journal
> > > 
> > > как можно 
> > > ========== log messages join DC============
> > > ....more than a thousand lines of messages
> > 
> > OK, run the command again without the '-d7' and post that output, I
> > am trying to see how far the join gets before failing.
> > 
> > Rowland
> >  
> > 
> 
>

More information about the samba mailing list