[Samba] SAMBA failed join domain DC

denis.shigapov denis.shigapov at stroylandiya.ru
Tue Feb 20 12:34:00 UTC 2018 

Not join((
samba-tool domain join example.ru DC -Uvas.lah --password=password --realm=EXAMPLE.RU --site=SITE2 -d 4 

samba find srv-site3-dc01 and failed join to server DC srv-site3-dc01


lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
resolve_lmhosts: Attempting lmhosts lookup for name srv-site3-dc01.example.ru<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
getlmhostsent: lmhost entry: 192.168.55.1 srv-dc01 
Advancing clock by 3 seconds to cope with clock skew
workgroup is EXAMPLE
realm is EXAMPLE.ru
Adding CN=SRV-SITE2-DC01,OU=Domain Controllers,DC=example,DC=ru
Adding CN=SRV-SITE2-DC01,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ru
Adding CN=NTDS Settings,CN=SRV-SITE2-DC01,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ru
Using binding ncacn_ip_tcp:srv-site3-dc01.EXAMPLE.ru[,seal]
Mapped to DCERPC endpoint 135
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
resolve_lmhosts: Attempting lmhosts lookup for name srv-site3-dc01.EXAMPLE.ru<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
getlmhostsent: lmhost entry: 192.168.55.1 srv-dc01 
Mapped to DCERPC endpoint 50244
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0
resolve_lmhosts: Attempting lmhosts lookup for name srv-site3-dc01.example.ru<0x20>
getlmhostsent: lmhost entry: 127.0.0.1 localhost 
getlmhostsent: lmhost entry: 192.168.55.1 srv-dc01 
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for EXAMPLE from both secrets.ldb (Could not find entry to match
filter: '(&(fl
atname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from
/var/lib/samba/private/
secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=SRV-SITE2-DC01,OU=Domain Controllers,DC=example,DC=ru
Deleted CN=NTDS Settings,CN=SRV-SITE2-DC01,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=EXAMPLE,DC=ru
Deleted CN=SRV-SITE2-DC01,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=EXAMPLE,DC=ru
ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -  <0000202B: RefErr: DSID-030A0B09, data 0, 1 access points
        ref 1: '7bbe1649-5261-430c-b473-9b85a36719b5._msdcs.EXAMPLE.ru'
> <ldap://7bbe1649-5261-430c-b473-9b85a36719b5._msdcs.EXAMPLE.ru>
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1375, in do_join
    ctx.join_add_objects()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 668, in join_add_objects
    ctx.samdb.modify(m)


В Вт, 20/02/2018 в 11:47 +0000, Rowland Penny via samba пишет:
> On Tue, 20 Feb 2018 14:10:16 +0500
> "denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:
> 
> It seems that the problem starts here:
> 
> Could not find machine account in secrets database
> 
> Yet near the top there is: Setting up secrets.ldb
> 
> It seems that either 'secrets.ldb' doesn't contain the required info or
> 'vas.lah' doesn't have the required permissions to read it.
> 
> You also shouldn't need to set the DC to join to, Samba can find a DC
> to use.
> 
> Is it possible you could try the join command like this:
> 
> samba-tool domain join EXAMPLE DC -UAdministrator --password=password
> --realm=EXAMPLE.RU --site=SITE2
> 
> Rowland
>

More information about the samba mailing list