[Samba] Error trying to join samba 4.3.4 to a DC...

[Denis Cardon]

Hi Morejon,

> I'm trying to join a samba 4.3.4 (as an additional domain controller) to
> a domain with Zentyal 4.3 (That has samba 4.3.4 inside). I know that
>
> this is an old samba version but I cann't upgrade zentyal first. So,
> When I can join the samba 4.3.4 to the domain I will demote the Zentyal.
>
>
> But when I try:
>
> samba-tool domain join dtcf.etecsa.cu DC -U "DTCF\administrator"
> --dns-backend=BIND9_DLZ --domain-critical-only
>
>
> I get this:
>
> ...
>
> Committing SAM database
> descriptor_modify: Could not find SD for OU=Groups,DC=dtcf,DC=etecsa,DC=cu
> Join failed - cleaning up

this kind of Security Descriptor has been patched long ago. When doing 
an upgrade in place, you can run dbcheck afterward which will clean up a 
lot of old mess.

One thing you could do is to install a fresh Debian (or whatever distro 
you prefer) with same name as you Zential server (you'll have to change 
your Zential server name after demoting), then install a not too old 
Samba version, do the standard install like if you would create the 
first DC and stop just before provisioning. Then you copy over the samba 
databases /var/lib/samba/ and conf files /etc/samba (if Zential keep the 
standard paths).

And afterward, just upgrade to latest Samba while doing dbcheck at every 
upgrade.

Cheers,

Denis

>
> ...
>
>
> What should I do?
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr