[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain

Garming Sam garming at catalyst.net.nz
Sun Feb 25 20:33:38 UTC 2018


Can you specify the full DN of the DNS record in question?

Afterwards, maybe you can also try deleting that DNS record and retry
the join?

Failed to find machine account is almost certainly an unrelated debug
message. I don't think it has any relation to your issue.

Cheers,

Garming

On 26/02/18 00:28, Claudio Nicora via samba wrote:
> Tried again to join, now with full cleanup of /var/lib/samba/private
> folder on new server... same error.
>
> Anyone have an idea of what's going wrong?
>
>
> Il 23/02/2018 09:52, Claudio Nicora via samba ha scritto:
>> Thanks for your help.
>>
>>> On the Windows DC can you check that the A record is actually created?
>>
>> Yes, it is, and it persists after join failure.
>> Another sign of presence of SRVAD-NEW on the old DC is the new
>> computer account, created in "Domain controllers" folder in "Active
>> Directory Users and Computers" at the beginning of join procedure
>> then automatically removed just after the failure message.
>>
>> > Try with some additional debugging perhaps, using -d3
>>
>> That's exactly what I meant with "shed some light"... that option
>> should be mentioned in the "Joining a Samba DC to an Existing Active
>> Directory" Wikipage ;)
>>
>> Here's the new log:
>>
>> ============================================================
>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC
>> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ
>> --option="interfaces=eth_lan" --verbose -d3
>>
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'naclrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Finding a writeable DC for domain 'SAMDOM.LOCAL'
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> _ldap._tcp.SAMDOM.LOCAL<0x0>
>> Found DC SRVAD-OLD.SAMDOM.LOCAL
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Password for [SAMDOM.LOCAL\Administrator]:
>> workgroup is SAMDOM
>> realm is SAMDOM.LOCAL
>> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Adding
>> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Adding CN=NTDS
>> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Setting account password for SRVAD-NEW$
>> Enabling account
>> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with
>> dns/ SPN
>> Setting account password for dns-SRVAD-NEW
>> Calling bare provision
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up secrets.ldb
>> Setting up the registry
>> ldb_wrap open of hklm.ldb
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> partition_metadata: Migrating partition metadata: open of
>> metadata.tdb gave: (null)
>> A Kerberos configuration suitable for Samba AD has been generated at
>> /var/lib/samba/private/krb5.conf
>> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
>> Starting replication
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[402/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[804/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[1206/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[1553/1557] linked_values[0/0]
>> Analyze and apply schema objects
>> Discarding older DRS attribute update to objectClass on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectClass on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectClass on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Replicated 1553 objects (0 linked attributes) for
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2386]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2386]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2386]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2386]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1812/2386]
>> linked_values[20/20]
>> Replicated 203 objects (20 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
>> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1750] linked_values[0/0]
>> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1750] linked_values[0/0]
>> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[917/1750] linked_values[0/0]
>> Replicated 119 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
>> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
>> linked_values[0/0]
>> Replicated 21 objects (0 linked attributes) for
>> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
>> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
>> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94]
>> linked_values[0/0]
>> Replicated 94 objects (0 linked attributes) for
>> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
>> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
>> linked_values[0]
>> Discarding older DRS attribute update to objectClass on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to name on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to systemFlags on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectCategory on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to isCriticalSystemObject on
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectClass on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to whenCreated on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to displayName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to name on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to userAccountControl on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to codePage on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to countryCode on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to dBCSPwd on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to localPolicyFlags on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to logonHours on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to unicodePwd on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to ntPwdHistory on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to pwdLastSet on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to primaryGroupID on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to supplementalCredentials on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectSid on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to accountExpires on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to lmPwdHistory on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to sAMAccountName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to sAMAccountType on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to dNSHostName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to servicePrincipalName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectCategory on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to isCriticalSystemObject on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to
>> msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain
>> Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Committing SAM database
>> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
>> Join failed - cleaning up
>> ldb_wrap open of secrets.ldb
>> Could not find machine account in secrets database: Failed to fetch
>> machine account password for SAMDOM from both secrets.ldb (Could not
>> find entry to match filter:
>> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
>> Domains': No such object: dsdb_search at
>> ../source4/dsdb/common/util.c:4636) and from
>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
>> Deleted CN=NTDS
>> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Deleted
>> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> ERROR(runtime): uncaught exception - (9003,
>> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 176, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>> line 661, in run
>>     machinepass=machinepass, use_ntvfs=use_ntvfs,
>> dns_backend=dns_backend)
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474,
>> in join_DC
>>     ctx.do_join()
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384,
>> in do_join
>>     ctx.join_add_dns_records()
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116,
>> in join_add_dns_records
>>     dns_partition=domaindns_zone_dn)
>>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939,
>> in dns_lookup
>>     dns_partition=dns_partition)
>> ============================================================
>>
>>
>> This caught my attention, but I don't know how to fix it:
>> ===
>> Could not find machine account in secrets database: Failed to fetch
>> machine account password for SAMDOM from both secrets.ldb (Could not
>> find entry to match filter:
>> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
>> Domains': No such object: dsdb_search at
>> ../source4/dsdb/common/util.c:4636) and from
>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>> ===
>>
>> Thanks again for your help.
>>
>>
>>
>> Il 22/02/2018 23:09, Garming Sam via samba ha scritto:
>>> On the Windows DC can you check that the A record is actually created?
>>>
>>>> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
>>> It appears that the record is added over RPC, but then fails to find it
>>> over LDAP. Presumably they are to the same domain controller, so you
>>> should be able to see if there is a record in the domain DNS zone.
>>> Maybe
>>> there is a race here, but that seems a little unlikely. Alternatively,
>>> it might be storing the record in a place we do not expect. Try with
>>> some additional debugging perhaps, using -d3 for instance and see if
>>> there's any more detail on the DNS error.
>>>
>>> Cheers,
>>>
>>> Garming
>>
>>
>
>




More information about the samba mailing list