[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain

Thu Feb 22 22:09:31 UTC 2018

On the Windows DC can you check that the A record is actually created?

> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100

It appears that the record is added over RPC, but then fails to find it
over LDAP. Presumably they are to the same domain controller, so you
should be able to see if there is a record in the domain DNS zone. Maybe
there is a race here, but that seems a little unlikely. Alternatively,
it might be storing the record in a place we do not expect. Try with
some additional debugging perhaps, using -d3 for instance and see if
there's any more detail on the DNS error.

Cheers,

Garming

On 23/02/18 05:32, Claudio Nicora via samba wrote:
> I have an existing Win2008-R2 domain with a single DC and I'd like to
> replace this DC with a Samba 4 DC.
>
> I'm using VirtualBox VMs to test the migration before going to
> production.
> I've cloned Windows 2008R2 Server into the first VM, then installed
> Ubuntu_18.04_server_x64_daily (Samba 4.7.4) into another VM.
>
> Win2008-R2:?? hostname=SRVAD-OLD, IP: 10.0.3.90
> Ubuntu_18.04: hostname=SRVAD-NEW, IP: 10.0.3.100
>
> The two machines are connected to the same virtual network and can
> ping each other.
>
> Now, when I run samba-tool to join the domain, the join fails with
> this error:
>
> ======================================================
> root at srvad-new:~# samba -V
> Version 4.7.4-Ubuntu
>
> root at srvad-new:~# samba-tool domain join samdom.local DC
> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ
> --option="interfaces=eth_lan" --verbose
>
> Finding a writeable DC for domain 'SAMDOM.LOCAL'
> Found DC SRVAD-OLD.SAMDOM.LOCAL
> Password for [SAMDOM.LOCAL\Administrator]:
> workgroup is SAMDOM
> realm is SAMDOM.LOCAL
> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT
> Adding
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT
> Adding CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT
> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT
> Setting account password for SRVAD-NEW$
> Enabling account
> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=IT with dns/
> SPN
> Setting account password for dns-SRVAD-NEW
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=SAMDOM,DC=IT
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT]
> objects[402/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT]
> objects[804/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT]
> objects[1206/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT]
> objects[1553/1557] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[402/2158]
> linked_values[0/20]
> Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[804/2158]
> linked_values[0/20]
> Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1206/2158]
> linked_values[0/20]
> Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1608/2158]
> linked_values[0/20]
> Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1803/2158]
> linked_values[20/20]
> Replicating critical objects from the base DN of the domain
> Partition[DC=SAMDOM,DC=IT] objects[97/169] linked_values[0/0]
> Partition[DC=SAMDOM,DC=IT] objects[396/1567] linked_values[0/0]
> Partition[DC=SAMDOM,DC=IT] objects[798/1567] linked_values[0/0]
> Partition[DC=SAMDOM,DC=IT] objects[908/1567] linked_values[0/0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=IT
> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=IT] objects[21/21]
> linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=IT
> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=IT] objects[94/94]
> linked_values[0/0]
> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=IT] objects[3]
> linked_values[0]
> Committing SAM database
> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
> Join failed - cleaning up
> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT
> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT
> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=IT
> Deleted CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT
> Deleted
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> ??? return self.run(*args, **kwargs)
> ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
> ??? machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
> ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
> join_DC
> ??? ctx.do_join()
> ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in
> do_join
> ??? ctx.join_add_dns_records()
> ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
> join_add_dns_records
> ??? dns_partition=domaindns_zone_dn)
> ? File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in
> dns_lookup
> ??? dns_partition=dns_partition)
> ======================================================
>
> I've googled for'WERR_DNS_ERROR_RCODE_NAME_ERROR' but haven't found
> anything.
> Hope someone could shed some light on this...
>