[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain

Claudio Nicora claudio.nicora at gmail.com
Thu Mar 1 13:05:05 UTC 2018


It seems I'm talking to myself... anyway another test here:

Added the existing DC IP config to /etc/hosts and the join now shows a 
more explicit LDAP error:

---
Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed 
(Preauthentication failed)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for 
ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: 
LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, 
v1db0> <>
Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend 
'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: 
DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <>
---

The Administrator password is correct (the SRVAD-NEW computer account is 
created on existing DC, then removed after fail).

What shall I do now?



New test config:

root at srvad-old:~# cat /etc/hosts
127.0.0.1       localhost
10.0.3.90       srvad-old.samdom.local srvad-old
10.0.3.100      srvad-new.samdom.local   srvad-new

root at srvad-new:~# samba-tool domain join samdom.local DC 
-U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo 
eth_lan" --option="bind interfaces only=yes" -d3

lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name 
_ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding 
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding CN=NTDS 
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with 
dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb 
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at 
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[402/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[804/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[1206/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[1553/1557] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 1553 objects (0 linked attributes) for 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2187] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2187] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2187] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2187] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1800/2187] 
linked_values[20/20]
Replicated 191 objects (20 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1607] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1607] linked_values[0/0]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[903/1607] linked_values[0/0]
Replicated 105 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] 
linked_values[0/0]
Replicated 21 objects (0 linked attributes) for 
DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] 
linked_values[0/0]
Replicated 94 objects (0 linked attributes) for 
DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] 
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to name on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to systemFlags on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectCategory on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to isCriticalSystemObject on 
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectClass on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to whenCreated on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to displayName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain 
Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to userAccountControl on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to codePage on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to countryCode on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dBCSPwd on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to localPolicyFlags on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to logonHours on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to unicodePwd on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to ntPwdHistory on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to pwdLastSet on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to primaryGroupID on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to supplementalCredentials on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectSid on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to accountExpires on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to lmPwdHistory on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountType on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dNSHostName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to servicePrincipalName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectCategory on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to isCriticalSystemObject on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes 
on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Join failed - cleaning up
ldb_wrap open of secrets.ldb
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed 
(Preauthentication failed)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for 
ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: 
LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, 
v1db0> <>
Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend 
'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: 
DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <>
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS 
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Deleted 
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
ERROR(runtime): uncaught exception - (9003, 
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
661, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in 
join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in 
do_join
     ctx.join_add_dns_records()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in 
join_add_dns_records
     dns_partition=domaindns_zone_dn)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in 
dns_lookup
     dns_partition=dns_partition)




Il 01/03/2018 11:58, Claudio Nicora ha scritto:
> Tested again to join, now clearing both Kerberos, Samba config and 
> Samba private folder.
> The new log now has some more details (resolve_lmhosts: Attempting 
> lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still 
> not able to join.
> Wonder why is it trying to do an lmhosts lookup, 4.6 is not.
>
> An identical server (with same hostname and IP) with Samba 4.6 joins 
> without issues (except for the need to manually create the DNS entries).
> NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to 
> get back to the same initial conditions.
>
> NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning 
> in Samba wiki
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries 
> :
> "If you join a Samba DC that runs Samba 4.7 and later, samba-tool 
> created all required DNS entries automatically.
> To manually create the records on an earlier version, see Verifying 
> and Creating a DC DNS Record."
>
> Here you are both logs: 4.7.4 (fail) and 4.6.7 (success).
> Hope someone can help me...
>
> =============================
> Test environment
> =============================
> Domain:      SAMDOM.LOCAL
> Existing DC: Win2008R2,   Hostname: SRVAD-OLD, IP: 10.0.3.90
> New DC:      Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100
>
> =============================
> Samba 4.7.4
> =============================
> root at srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf 
> /var/lib/samba/private/*
>
> root at srvad-new:~# samba-tool domain join samdom.local DC 
> -U"administrator" -d3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'samdom.local'
> resolve_lmhosts: Attempting lmhosts lookup for name 
> _ldap._tcp.samdom.local<0x0>
> Found DC SRVAD-OLD.SAMDOM.LOCAL
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> workgroup is SAMDOM
> realm is SAMDOM.LOCAL
> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Adding 
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Adding CN=NTDS 
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Setting account password for SRVAD-NEW$
> Enabling account
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> ldb_wrap open of hklm.ldb
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows 
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows 
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal 
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Terminal 
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of metadata.tdb 
> gave: (null)
> A Kerberos configuration suitable for Samba AD has been generated at 
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
> Starting replication
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[402/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[804/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[1206/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[1553/1557] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 1553 objects (0 linked attributes) for 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173] 
> linked_values[20/20]
> Replicated 200 objects (20 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Replicating critical objects from the base DN of the domain
> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2]
> Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2]
> Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2]
> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2]
> Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] 
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for 
> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] 
> linked_values[0/0]
> Replicated 94 objects (0 linked attributes) for 
> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] 
> linked_values[0]
> Discarding older DRS attribute update to objectClass on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to name on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to systemFlags on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectCategory on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to isCriticalSystemObject on 
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectClass on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to whenCreated on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to displayName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to name on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to userAccountControl on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to codePage on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to countryCode on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dBCSPwd on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to localPolicyFlags on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to logonHours on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to unicodePwd on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to ntPwdHistory on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to pwdLastSet on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to primaryGroupID on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to supplementalCredentials on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectSid on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to accountExpires on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to lmPwdHistory on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountType on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dNSHostName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to servicePrincipalName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectCategory on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to isCriticalSystemObject on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to msDS-SupportedEncryptionTypes 
> on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Committing SAM database
> Discarding older DRS linked attribute update to member on 
> CN=Enterprise Admins,CN=Users,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS linked attribute update to member on CN=Domain 
> Users,CN=Users,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch 
> machine account password for SAMDOM from both secrets.ldb (Could not 
> find entry to match filter: 
> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary 
> Domains': No such object: dsdb_search at 
> ../source4/dsdb/common/util.c:4636) and from 
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Deleted CN=NTDS 
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Deleted 
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> ERROR(runtime): uncaught exception - (9003, 
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
> 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
> dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in 
> join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in 
> do_join
>     ctx.join_add_dns_records()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in 
> join_add_dns_records
>     dns_partition=domaindns_zone_dn)
>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in 
> dns_lookup
>     dns_partition=dns_partition)
>
>
> =============================
> Samba 4.6.7
> =============================
> root at srvad-new:~# samba-tool domain join samdom.local DC 
> -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo 
> eth_lan" --option="bind interfaces only=yes" -d3
>
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'samdom.local'
> resolve_lmhosts: Attempting lmhosts lookup for name 
> _ldap._tcp.samdom.local<0x0>
> Found DC SRVAD-OLD.SAMDOM.LOCAL
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> cli_credentials(WORKGROUP\Administrator) without realm, cannot use 
> kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> Password for [WORKGROUP\Administrator]:
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> workgroup is SAMDOM
> realm is SAMDOM.LOCAL
> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Adding 
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Adding CN=NTDS 
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> cli_credentials(WORKGROUP\Administrator) without realm, cannot use 
> kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Setting account password for SRVAD-NEW$
> Enabling account
> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with 
> dns/ SPN
> Setting account password for dns-SRVAD-NEW
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> ldb_wrap open of hklm.ldb
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows 
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows 
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal 
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Terminal 
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: 
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of metadata.tdb 
> gave: (null)
> A Kerberos configuration suitable for Samba AD has been generated at 
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
> Starting replication
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> cli_credentials(WORKGROUP\Administrator) without realm, cannot use 
> kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[402/1554] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[804/1554] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[1206/1554] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
> objects[1553/1554] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 1553 objects (0 linked attributes) for 
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995] 
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995] 
> linked_values[20/20]
> Replicated 146 objects (20 linked attributes) for 
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Replicating critical objects from the base DN of the domain
> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0]
> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0]
> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0]
> Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] 
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for 
> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93] 
> linked_values[0/0]
> Replicated 93 objects (0 linked attributes) for 
> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] 
> linked_values[0]
> Discarding older DRS attribute update to objectClass on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to showInAdvancedViewOnly on 
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to name on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to systemFlags on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectCategory on CN=RID 
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to isCriticalSystemObject on 
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectClass on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to whenCreated on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to displayName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to nTSecurityDescriptor on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to name on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to userAccountControl on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to codePage on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to countryCode on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dBCSPwd on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to localPolicyFlags on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to logonHours on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to unicodePwd on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to ntPwdHistory on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to pwdLastSet on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to primaryGroupID on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to supplementalCredentials on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectSid on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to accountExpires on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to lmPwdHistory on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountType on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dNSHostName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to servicePrincipalName on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectCategory on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to isCriticalSystemObject on 
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to msDS-SupportedEncryptionTypes 
> on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Committing SAM database
> Sending DsReplicaUpdateRefs for all the replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> See /var/lib/samba/private/named.conf for an example configuration 
> include file for BIND
> and /var/lib/samba/private/named.txt for further documentation 
> required for secure DNS updates
> Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as 
> a DC
>
>
> Il 26/02/2018 11:33, Claudio Nicora ha scritto:
>> Thanks for the time you're dedicating to solving my issue.
>>
>>> Is your WORKGROUP really the same as your dnsdomain ?
>>> So, the command should be:
>>> samba-tool domain join samdom.local DC -U Administrator 
>>> --dns-backend=BIND9_DLZ --verbose -d3
>>
>> I've replaced log sensitive data before posting it (replacing real 
>> domain name with SAMDOM), but replace was case-insensitive so 
>> everything became uppercase.
>> I'm attaching the correct log below, sorry for the confusion.
>> Anyway I've already tried either -U"SAMDOM.LOCAL\Administrator", 
>> -U"SAMDOM\Administrator" and -U Administrator and all of them fail 
>> with the same result.
>>
>> Additional info: before testing Sabma 4.7.4, I've tested to join 
>> previous Samba version server (Ubuntu 17.10, Samba 4.6.7) and it worked.
>>
>> Here's the new log (with case-preserved replacement), together with 
>> other required files:
>>
>> =========================================
>> root at srvad-new:~# samba-tool domain join samdom.local DC 
>> -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo 
>> eth_lan" --option="bind interfaces only=yes" -d3
>>
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'naclrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Finding a writeable DC for domain 'samdom.local'
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> _ldap._tcp.samdom.local<0x0>
>> Found DC SRVAD-OLD.SAMDOM.LOCAL
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> workgroup is SAMDOM
>> realm is SAMDOM.LOCAL
>> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Adding 
>> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Adding CN=NTDS 
>> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Setting account password for SRVAD-NEW$
>> Enabling account
>> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with 
>> dns/ SPN
>> Setting account password for dns-SRVAD-NEW
>> Calling bare provision
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up secrets.ldb
>> Setting up the registry
>> ldb_wrap open of hklm.ldb
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> partition_metadata: Migrating partition metadata: open of 
>> metadata.tdb gave: (null)
>> A Kerberos configuration suitable for Samba AD has been generated at 
>> /var/lib/samba/private/krb5.conf
>> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
>> Starting replication
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
>> objects[402/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
>> objects[804/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
>> objects[1206/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
>> objects[1553/1557] linked_values[0/0]
>> Analyze and apply schema objects
>> Discarding older DRS attribute update to objectClass on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectClass on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectClass on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Replicated 1553 objects (0 linked attributes) for 
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2508] 
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for 
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2508] 
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for 
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2508] 
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for 
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2508] 
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for 
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1833/2508] 
>> linked_values[20/20]
>> Replicated 224 objects (20 linked attributes) for 
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
>> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1918] linked_values[0/0]
>> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1918] linked_values[0/0]
>> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[936/1918] linked_values[0/0]
>> Replicated 138 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
>> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] 
>> linked_values[0/0]
>> Replicated 21 objects (0 linked attributes) for 
>> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
>> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
>> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] 
>> linked_values[0/0]
>> Replicated 94 objects (0 linked attributes) for 
>> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
>> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] 
>> linked_values[0]
>> Discarding older DRS attribute update to objectClass on CN=RID 
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on CN=RID 
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to showInAdvancedViewOnly on 
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on 
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to name on CN=RID 
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on CN=RID 
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to systemFlags on CN=RID 
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectCategory on CN=RID 
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to isCriticalSystemObject on 
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectClass on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to whenCreated on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to displayName on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to nTSecurityDescriptor on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to name on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to userAccountControl on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to codePage on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to countryCode on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to dBCSPwd on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to localPolicyFlags on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to logonHours on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to unicodePwd on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to ntPwdHistory on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to pwdLastSet on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to primaryGroupID on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to supplementalCredentials on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectSid on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to accountExpires on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to lmPwdHistory on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to sAMAccountName on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to sAMAccountType on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to dNSHostName on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to servicePrincipalName on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectCategory on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to isCriticalSystemObject on 
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to 
>> msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain 
>> Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Committing SAM database
>> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name 
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
>> Join failed - cleaning up
>> ldb_wrap open of secrets.ldb
>> Could not find machine account in secrets database: Failed to fetch 
>> machine account password for SAMDOM from both secrets.ldb (Could not 
>> find entry to match filter: 
>> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary 
>> Domains': No such object: dsdb_search at 
>> ../source4/dsdb/common/util.c:4636) and from 
>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
>> Deleted CN=NTDS 
>> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Deleted 
>> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> ERROR(runtime): uncaught exception - (9003, 
>> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
>> line 176, in _run
>>     return self.run(*args, **kwargs)
>>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", 
>> line 661, in run
>>     machinepass=machinepass, use_ntvfs=use_ntvfs, 
>> dns_backend=dns_backend)
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, 
>> in join_DC
>>     ctx.do_join()
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, 
>> in do_join
>>     ctx.join_add_dns_records()
>>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, 
>> in join_add_dns_records
>>     dns_partition=domaindns_zone_dn)
>>   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, 
>> in dns_lookup
>>     dns_partition=dns_partition)
>>
>>
>>
>> root at srvad-new:~# cat /etc/hosts
>> 127.0.0.1       localhost
>> 10.0.3.90       srvad-old.samdom.local  srvad-old
>> 10.0.3.100      srvad-new.samdom.local  srvad-new
>>
>> # The following lines are desirable for IPv6 capable hosts
>> ::1     localhost ip6-localhost ip6-loopback
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>>
>>
>> root at srvad-new:~# cat /etc/hostname
>> srvad-new.samdom.local  (---> also tried with "srvad-new" only)
>>
>>
>> root at srvad-new:~# cat /etc/resolv.conf
>> nameserver 10.0.3.90
>> search samdom.local
>> =======================
>>
>>
>>
>>
>>
>>
>>
>>
>> Il 25/02/2018 14:30, Rowland Penny via samba ha scritto:
>>> On Sun, 25 Feb 2018 12:28:39 +0100
>>> Claudio Nicora via samba <samba at lists.samba.org> wrote:
>>>
>>>> Tried again to join, now with full cleanup of /var/lib/samba/private
>>>> folder on new server... same error.
>>>>
>>>> Anyone have an idea of what's going wrong?
>>>>
>>>>
>>>>> ============================================================
>>>>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC
>>>>> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ
>>>>> --option="interfaces=eth_lan" --verbose -d3
>>>>>
>>> Is your WORKGROUP really the same as your dnsdomain ?
>>>
>>>
>>>>> Finding a writeable DC for domain 'SAMDOM.LOCAL'
>>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>>> _ldap._tcp.SAMDOM.LOCAL<0x0>
>>>>> Found DC SRVAD-OLD.SAMDOM.LOCAL
>>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>>>>> Password for [SAMDOM.LOCAL\Administrator]:
>>>>> workgroup is SAMDOM
>>>>> realm is SAMDOM.LOCAL
>>> Seemingly not ;-)
>>>
>>> So, the command should be:
>>>
>>> samba-tool domain join samdom.local DC -U Administrator
>>> --dns-backend=BIND9_DLZ --verbose -d3
>>>
>>> Can you post your /etc/hosts and /etc/resolv.conf files
>>>
>>> Can you also tell us the ipaddresses of the original DC and the new DC
>>>
>>> Rowland
>>>
>>
>




More information about the samba mailing list