[Samba] Problem joining a samba Dc to a winbdows domain
me at tdiehl.org
me at tdiehl.org
Thu Jun 21 18:32:49 UTC 2018
Hi Rowland,
On Thu, 21 Jun 2018, Rowland Penny via samba wrote:
> On Thu, 21 Jun 2018 12:02:41 -0400 (EDT)
> Tom Diehl via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>>
>> I am trying to join a self compiled samba 4.8.2 DC to an existing
>> Windows domain using
>> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
>> as instructions.
>>
>> The smb.conf looks like the following:
>>
>> [global]
>> netbios name = PHT-VDC1
>> realm = EXAMPLE.COM
>> server role = active directory domain controller
>> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = EXAMPLE
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/example.com/scripts
>> read only = No
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>>
>> The above was generated by the following samba-tool command line:
>> samba-tool domain join example.com DC -U"example\admin"
>> --dns-backend=BIND9_DLZ
>>
>> When I run samba-tool I get the following output:
>> (pht-vdc1 pts10) # samba-tool domain join example.com DC
>> -U"example\admin" --dns-backend=BIND9_DLZ Finding a writeable DC for
>> domain 'example.com' Found DC PHT1.example.com
>> Password for [EXAMPLE\admin]:
>> workgroup is EXAMPLE
>> realm is example.com
>> Adding CN=PHT-VDC1,OU=Domain Controllers,DC=example,DC=com
>> Adding
>> CN=PHT-VDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
>> Adding CN=NTDS
>> Settings,CN=PHT-VDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
>> Adding SPNs to CN=PHT-VDC1,OU=Domain Controllers,DC=example,DC=com
>> Setting account password for PHT-VDC1$ Enabling account Adding DNS
>> account CN=dns-PHT-VDC1,CN=Users,DC=example,DC=com with dns/ SPN
>> Setting account password for dns-PHT-VDC1 Calling bare provision
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> Unable to determine the DomainSID, can not enforce uniqueness
>> constraint on local domainSIDs
>>
>> A Kerberos configuration suitable for Samba AD has been generated
>> at /usr/local/samba/private/krb5.conf Merge the contents of this file
>> with your system krb5.conf or replace it with this one. Do not create
>> a symlink! Provision OK for domain DN DC=example,DC=com Starting
>> replication Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[402/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[804/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[1206/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[1608/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[2010/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[2412/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[2814/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[3216/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[3618/4383] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=com]
>> objects[3735/4383] linked_values[0/0] Analyze and apply schema
>> objects Partition[CN=Configuration,DC=example,DC=com]
>> objects[402/7722] linked_values[0/355]
>> Partition[CN=Configuration,DC=example,DC=com] objects[804/7722]
>> linked_values[0/355] ...
>> Partition[CN=Configuration,DC=example,DC=com] objects[6376/7722]
>> linked_values[0/355] Partition[CN=Configuration,DC=example,DC=com]
>> objects[6510/7722] linked_values[12/355] Replicating critical objects
>> from the base DN of the domain Partition[DC=example,DC=com]
>> objects[105/156] linked_values[42/388] Partition[DC=example,DC=com]
>> objects[296/7902] linked_values[1/388] Partition[DC=example,DC=com]
>> objects[466/7902] linked_values[72/388] Failed to commit objects: DOS
>> code 0x000021bf Join failed - cleaning up
>
> This is where it seems to fail and 0x000021bf is this:
>
> The replication operation failed because the target object referenced
> by a link value is recycled.
>
> So it might be an idea to check the DC you are trying to join to.
Check it for what? If I understand correctly the error is saying that the target
object is not there. The problem is I do not understand what the target
object is or how to find it. Assuming that the error is referring to
Partition[DC=example,DC=com] objects[466/7952] linked_values[72/388]
How do I figure out what the error is referring to?
As I said in a separate message, I can successfully join using 4.7.7.
If this is a problem with the existing MS DC, why does 4.7.7 join without
error?
To be clear I am not doubting your advice and I do appreciate it. I am just
trying to understand.
Regards,
--
Tom me at tdiehl.org
More information about the samba
mailing list