[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Claudio Nicora
claudio.nicora at gmail.com
Thu Mar 1 10:58:07 UTC 2018
Tested again to join, now clearing both Kerberos, Samba config and Samba
private folder.
The new log now has some more details (resolve_lmhosts: Attempting
lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still not
able to join.
Wonder why is it trying to do an lmhosts lookup, 4.6 is not.
An identical server (with same hostname and IP) with Samba 4.6 joins
without issues (except for the need to manually create the DNS entries).
NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to
get back to the same initial conditions.
NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning
in Samba wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries
:
"If you join a Samba DC that runs Samba 4.7 and later, samba-tool
created all required DNS entries automatically.
To manually create the records on an earlier version, see Verifying and
Creating a DC DNS Record."
Here you are both logs: 4.7.4 (fail) and 4.6.7 (success).
Hope someone can help me...
=============================
Test environment
=============================
Domain: SAMDOM.LOCAL
Existing DC: Win2008R2, Hostname: SRVAD-OLD, IP: 10.0.3.90
New DC: Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100
=============================
Samba 4.7.4
=============================
root at srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf
/var/lib/samba/private/*
root at srvad-new:~# samba-tool domain join samdom.local DC
-U"administrator" -d3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding CN=NTDS
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[402/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[804/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[1206/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[1553/1557] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 1553 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173]
linked_values[20/20]
Replicated 200 objects (20 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2]
Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2]
Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2]
Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
linked_values[0/0]
Replicated 21 objects (0 linked attributes) for
DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94]
linked_values[0/0]
Replicated 94 objects (0 linked attributes) for
DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to name on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to systemFlags on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectCategory on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to isCriticalSystemObject on
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectClass on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to whenCreated on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to displayName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain
Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to userAccountControl on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to codePage on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to countryCode on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dBCSPwd on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to localPolicyFlags on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to logonHours on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to unicodePwd on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to ntPwdHistory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to pwdLastSet on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to primaryGroupID on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to supplementalCredentials on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectSid on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to accountExpires on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to lmPwdHistory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountType on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dNSHostName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to servicePrincipalName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectCategory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to isCriticalSystemObject on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS linked attribute update to member on CN=Domain
Users,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch
machine account password for SAMDOM from both secrets.ldb (Could not
find entry to match filter:
'(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4636) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Deleted
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in
do_join
ctx.join_add_dns_records()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
join_add_dns_records
dns_partition=domaindns_zone_dn)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in
dns_lookup
dns_partition=dns_partition)
=============================
Samba 4.6.7
=============================
root at srvad-new:~# samba-tool domain join samdom.local DC
-U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo
eth_lan" --option="bind interfaces only=yes" -d3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
cli_credentials(WORKGROUP\Administrator) without realm, cannot use
kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
Password for [WORKGROUP\Administrator]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding CN=NTDS
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
cli_credentials(WORKGROUP\Administrator) without realm, cannot use
kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with
dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
cli_credentials(WORKGROUP\Administrator) without realm, cannot use
kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[402/1554] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[804/1554] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[1206/1554] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[1553/1554] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 1553 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995]
linked_values[20/20]
Replicated 146 objects (20 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0]
Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
linked_values[0/0]
Replicated 21 objects (0 linked attributes) for
DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93]
linked_values[0/0]
Replicated 93 objects (0 linked attributes) for
DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to name on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to systemFlags on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectCategory on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to isCriticalSystemObject on
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectClass on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to whenCreated on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to displayName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain
Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to userAccountControl on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to codePage on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to countryCode on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dBCSPwd on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to localPolicyFlags on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to logonHours on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to unicodePwd on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to ntPwdHistory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to pwdLastSet on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to primaryGroupID on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to supplementalCredentials on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectSid on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to accountExpires on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to lmPwdHistory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountType on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dNSHostName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to servicePrincipalName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectCategory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to isCriticalSystemObject on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
See /var/lib/samba/private/named.conf for an example configuration
include file for BIND
and /var/lib/samba/private/named.txt for further documentation required
for secure DNS updates
Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as a DC
Il 26/02/2018 11:33, Claudio Nicora ha scritto:
> Thanks for the time you're dedicating to solving my issue.
>
>> Is your WORKGROUP really the same as your dnsdomain ?
>> So, the command should be:
>> samba-tool domain join samdom.local DC -U Administrator
>> --dns-backend=BIND9_DLZ --verbose -d3
>
> I've replaced log sensitive data before posting it (replacing real
> domain name with SAMDOM), but replace was case-insensitive so
> everything became uppercase.
> I'm attaching the correct log below, sorry for the confusion.
> Anyway I've already tried either -U"SAMDOM.LOCAL\Administrator",
> -U"SAMDOM\Administrator" and -U Administrator and all of them fail
> with the same result.
>
> Additional info: before testing Sabma 4.7.4, I've tested to join
> previous Samba version server (Ubuntu 17.10, Samba 4.6.7) and it worked.
>
> Here's the new log (with case-preserved replacement), together with
> other required files:
>
> =========================================
> root at srvad-new:~# samba-tool domain join samdom.local DC
> -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo
> eth_lan" --option="bind interfaces only=yes" -d3
>
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'samdom.local'
> resolve_lmhosts: Attempting lmhosts lookup for name
> _ldap._tcp.samdom.local<0x0>
> Found DC SRVAD-OLD.SAMDOM.LOCAL
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> workgroup is SAMDOM
> realm is SAMDOM.LOCAL
> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Adding
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Adding CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Setting account password for SRVAD-NEW$
> Enabling account
> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with
> dns/ SPN
> Setting account password for dns-SRVAD-NEW
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> ldb_wrap open of hklm.ldb
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of metadata.tdb
> gave: (null)
> A Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
> Starting replication
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[402/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[804/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[1206/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[1553/1557] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 1553 objects (0 linked attributes) for
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2508]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2508]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2508]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2508]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1833/2508]
> linked_values[20/20]
> Replicated 224 objects (20 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Replicating critical objects from the base DN of the domain
> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1918] linked_values[0/0]
> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1918] linked_values[0/0]
> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[936/1918] linked_values[0/0]
> Replicated 138 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for
> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94]
> linked_values[0/0]
> Replicated 94 objects (0 linked attributes) for
> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
> linked_values[0]
> Discarding older DRS attribute update to objectClass on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to name on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to systemFlags on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectCategory on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to isCriticalSystemObject on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectClass on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to whenCreated on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to displayName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to name on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to userAccountControl on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to codePage on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to countryCode on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dBCSPwd on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to localPolicyFlags on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to logonHours on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to unicodePwd on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to ntPwdHistory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to pwdLastSet on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to primaryGroupID on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to supplementalCredentials on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectSid on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to accountExpires on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to lmPwdHistory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountType on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dNSHostName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to servicePrincipalName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectCategory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to isCriticalSystemObject on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
> on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Committing SAM database
> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for SAMDOM from both secrets.ldb (Could not
> find entry to match filter:
> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
> Domains': No such object: dsdb_search at
> ../source4/dsdb/common/util.c:4636) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
> Deleted CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Deleted
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
> machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
> join_DC
> ctx.do_join()
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in
> do_join
> ctx.join_add_dns_records()
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
> join_add_dns_records
> dns_partition=domaindns_zone_dn)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in
> dns_lookup
> dns_partition=dns_partition)
>
>
>
> root at srvad-new:~# cat /etc/hosts
> 127.0.0.1 localhost
> 10.0.3.90 srvad-old.samdom.local srvad-old
> 10.0.3.100 srvad-new.samdom.local srvad-new
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
>
> root at srvad-new:~# cat /etc/hostname
> srvad-new.samdom.local (---> also tried with "srvad-new" only)
>
>
> root at srvad-new:~# cat /etc/resolv.conf
> nameserver 10.0.3.90
> search samdom.local
> =======================
>
>
>
>
>
>
>
>
> Il 25/02/2018 14:30, Rowland Penny via samba ha scritto:
>> On Sun, 25 Feb 2018 12:28:39 +0100
>> Claudio Nicora via samba <samba at lists.samba.org> wrote:
>>
>>> Tried again to join, now with full cleanup of /var/lib/samba/private
>>> folder on new server... same error.
>>>
>>> Anyone have an idea of what's going wrong?
>>>
>>>
>>>> ============================================================
>>>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC
>>>> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ
>>>> --option="interfaces=eth_lan" --verbose -d3
>>>>
>> Is your WORKGROUP really the same as your dnsdomain ?
>>
>>
>>>> Finding a writeable DC for domain 'SAMDOM.LOCAL'
>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>> _ldap._tcp.SAMDOM.LOCAL<0x0>
>>>> Found DC SRVAD-OLD.SAMDOM.LOCAL
>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>>>> Password for [SAMDOM.LOCAL\Administrator]:
>>>> workgroup is SAMDOM
>>>> realm is SAMDOM.LOCAL
>> Seemingly not ;-)
>>
>> So, the command should be:
>>
>> samba-tool domain join samdom.local DC -U Administrator
>> --dns-backend=BIND9_DLZ --verbose -d3
>>
>> Can you post your /etc/hosts and /etc/resolv.conf files
>>
>> Can you also tell us the ipaddresses of the original DC and the new DC
>>
>> Rowland
>>
>
More information about the samba
mailing list