[Samba] Problem joining a samba Dc to a winbdows domain

Rowland Penny rpenny at samba.org
Thu Jun 21 17:46:38 UTC 2018 

On Thu, 21 Jun 2018 12:02:41 -0400 (EDT)
Tom Diehl via samba <samba at lists.samba.org> wrote:

> Hi,
> 
> I am trying to join a self compiled samba 4.8.2 DC to an existing
> Windows domain using
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
> as instructions.
> 
> The smb.conf looks like the following:
> 
> [global]
>      netbios name = PHT-VDC1
>      realm = EXAMPLE.COM
>      server role = active directory domain controller
>      server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = EXAMPLE
> 
> [netlogon]
>      path = /usr/local/samba/var/locks/sysvol/example.com/scripts
>      read only = No
> 
> [sysvol]
>      path = /usr/local/samba/var/locks/sysvol
>      read only = No
> 
> The above was generated by the following samba-tool command line:
> samba-tool domain join example.com DC -U"example\admin"
> --dns-backend=BIND9_DLZ
> 
> When I run samba-tool I get the following output:
> (pht-vdc1 pts10) # samba-tool domain join example.com DC
> -U"example\admin" --dns-backend=BIND9_DLZ Finding a writeable DC for
> domain 'example.com' Found DC PHT1.example.com
> Password for [EXAMPLE\admin]:
> workgroup is EXAMPLE
> realm is example.com
> Adding CN=PHT-VDC1,OU=Domain Controllers,DC=example,DC=com
> Adding
> CN=PHT-VDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> Adding CN=NTDS
> Settings,CN=PHT-VDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> Adding SPNs to CN=PHT-VDC1,OU=Domain Controllers,DC=example,DC=com
> Setting account password for PHT-VDC1$ Enabling account Adding DNS
> account CN=dns-PHT-VDC1,CN=Users,DC=example,DC=com with dns/ SPN
> Setting account password for dns-PHT-VDC1 Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
> 
> A Kerberos configuration suitable for Samba AD has been generated
> at /usr/local/samba/private/krb5.conf Merge the contents of this file
> with your system krb5.conf or replace it with this one. Do not create
> a symlink! Provision OK for domain DN DC=example,DC=com Starting
> replication Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[402/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[804/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[1206/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[1608/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[2010/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[2412/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[2814/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[3216/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[3618/4383] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
> objects[3735/4383] linked_values[0/0] Analyze and apply schema
> objects Partition[CN=Configuration,DC=example,DC=com]
> objects[402/7722] linked_values[0/355]
> Partition[CN=Configuration,DC=example,DC=com] objects[804/7722]
> linked_values[0/355] ...
> Partition[CN=Configuration,DC=example,DC=com] objects[6376/7722]
> linked_values[0/355] Partition[CN=Configuration,DC=example,DC=com]
> objects[6510/7722] linked_values[12/355] Replicating critical objects
> from the base DN of the domain Partition[DC=example,DC=com]
> objects[105/156] linked_values[42/388] Partition[DC=example,DC=com]
> objects[296/7902] linked_values[1/388] Partition[DC=example,DC=com]
> objects[466/7902] linked_values[72/388] Failed to commit objects: DOS
> code 0x000021bf Join failed - cleaning up

This is where it seems to fail and 0x000021bf is this:

The replication operation failed because the target object referenced
by a link value is recycled.

So it might be an idea to check the DC you are trying to join to.

Rowland

More information about the samba mailing list