[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Claudio Nicora
claudio.nicora at gmail.com
Thu Mar 1 13:05:05 UTC 2018
It seems I'm talking to myself... anyway another test here:
Added the existing DC IP config to /etc/hosts and the join now shows a
more explicit LDAP error:
---
Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed
(Preauthentication failed)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C:
LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e,
v1db0> <>
Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend
'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr:
DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <>
---
The Administrator password is correct (the SRVAD-NEW computer account is
created on existing DC, then removed after fail).
What shall I do now?
New test config:
root at srvad-old:~# cat /etc/hosts
127.0.0.1 localhost
10.0.3.90 srvad-old.samdom.local srvad-old
10.0.3.100 srvad-new.samdom.local srvad-new
root at srvad-new:~# samba-tool domain join samdom.local DC
-U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo
eth_lan" --option="bind interfaces only=yes" -d3
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding CN=NTDS
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with
dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[402/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[804/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[1206/1557] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
objects[1553/1557] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 1553 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2187]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2187]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2187]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2187]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1800/2187]
linked_values[20/20]
Replicated 191 objects (20 linked attributes) for
CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1607] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1607] linked_values[0/0]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[903/1607] linked_values[0/0]
Replicated 105 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
linked_values[0/0]
Replicated 21 objects (0 linked attributes) for
DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94]
linked_values[0/0]
Replicated 94 objects (0 linked attributes) for
DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to name on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to systemFlags on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectCategory on CN=RID
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to isCriticalSystemObject on
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectClass on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to whenCreated on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to displayName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain
Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to userAccountControl on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to codePage on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to countryCode on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dBCSPwd on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to localPolicyFlags on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to logonHours on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to unicodePwd on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to ntPwdHistory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to pwdLastSet on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to primaryGroupID on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to supplementalCredentials on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectSid on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to accountExpires on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to lmPwdHistory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountType on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dNSHostName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to servicePrincipalName on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectCategory on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to isCriticalSystemObject on
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Join failed - cleaning up
ldb_wrap open of secrets.ldb
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed
(Preauthentication failed)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C:
LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e,
v1db0> <>
Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend
'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr:
DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <>
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Deleted
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in
do_join
ctx.join_add_dns_records()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
join_add_dns_records
dns_partition=domaindns_zone_dn)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in
dns_lookup
dns_partition=dns_partition)
Il 01/03/2018 11:58, Claudio Nicora ha scritto:
> Tested again to join, now clearing both Kerberos, Samba config and
> Samba private folder.
> The new log now has some more details (resolve_lmhosts: Attempting
> lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still
> not able to join.
> Wonder why is it trying to do an lmhosts lookup, 4.6 is not.
>
> An identical server (with same hostname and IP) with Samba 4.6 joins
> without issues (except for the need to manually create the DNS entries).
> NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to
> get back to the same initial conditions.
>
> NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning
> in Samba wiki
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries
> :
> "If you join a Samba DC that runs Samba 4.7 and later, samba-tool
> created all required DNS entries automatically.
> To manually create the records on an earlier version, see Verifying
> and Creating a DC DNS Record."
>
> Here you are both logs: 4.7.4 (fail) and 4.6.7 (success).
> Hope someone can help me...
>
> =============================
> Test environment
> =============================
> Domain: SAMDOM.LOCAL
> Existing DC: Win2008R2, Hostname: SRVAD-OLD, IP: 10.0.3.90
> New DC: Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100
>
> =============================
> Samba 4.7.4
> =============================
> root at srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf
> /var/lib/samba/private/*
>
> root at srvad-new:~# samba-tool domain join samdom.local DC
> -U"administrator" -d3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'samdom.local'
> resolve_lmhosts: Attempting lmhosts lookup for name
> _ldap._tcp.samdom.local<0x0>
> Found DC SRVAD-OLD.SAMDOM.LOCAL
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> workgroup is SAMDOM
> realm is SAMDOM.LOCAL
> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Adding
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Adding CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Setting account password for SRVAD-NEW$
> Enabling account
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> ldb_wrap open of hklm.ldb
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of metadata.tdb
> gave: (null)
> A Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
> Starting replication
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[402/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[804/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[1206/1557] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[1553/1557] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 1553 objects (0 linked attributes) for
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173]
> linked_values[20/20]
> Replicated 200 objects (20 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Replicating critical objects from the base DN of the domain
> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2]
> Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2]
> Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2]
> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2]
> Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for
> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94]
> linked_values[0/0]
> Replicated 94 objects (0 linked attributes) for
> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
> linked_values[0]
> Discarding older DRS attribute update to objectClass on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to name on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to systemFlags on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectCategory on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to isCriticalSystemObject on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectClass on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to whenCreated on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to displayName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to name on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to userAccountControl on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to codePage on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to countryCode on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dBCSPwd on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to localPolicyFlags on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to logonHours on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to unicodePwd on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to ntPwdHistory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to pwdLastSet on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to primaryGroupID on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to supplementalCredentials on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectSid on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to accountExpires on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to lmPwdHistory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountType on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dNSHostName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to servicePrincipalName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectCategory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to isCriticalSystemObject on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
> on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Committing SAM database
> Discarding older DRS linked attribute update to member on
> CN=Enterprise Admins,CN=Users,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS linked attribute update to member on CN=Domain
> Users,CN=Users,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for SAMDOM from both secrets.ldb (Could not
> find entry to match filter:
> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
> Domains': No such object: dsdb_search at
> ../source4/dsdb/common/util.c:4636) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Deleted CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Deleted
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
> machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend)
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
> join_DC
> ctx.do_join()
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in
> do_join
> ctx.join_add_dns_records()
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
> join_add_dns_records
> dns_partition=domaindns_zone_dn)
> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in
> dns_lookup
> dns_partition=dns_partition)
>
>
> =============================
> Samba 4.6.7
> =============================
> root at srvad-new:~# samba-tool domain join samdom.local DC
> -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo
> eth_lan" --option="bind interfaces only=yes" -d3
>
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'samdom.local'
> resolve_lmhosts: Attempting lmhosts lookup for name
> _ldap._tcp.samdom.local<0x0>
> Found DC SRVAD-OLD.SAMDOM.LOCAL
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> cli_credentials(WORKGROUP\Administrator) without realm, cannot use
> kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> Password for [WORKGROUP\Administrator]:
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> workgroup is SAMDOM
> realm is SAMDOM.LOCAL
> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Adding
> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Adding CN=NTDS
> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> cli_credentials(WORKGROUP\Administrator) without realm, cannot use
> kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
> Setting account password for SRVAD-NEW$
> Enabling account
> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with
> dns/ SPN
> Setting account password for dns-SRVAD-NEW
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> ldb_wrap open of hklm.ldb
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added:
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of metadata.tdb
> gave: (null)
> A Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
> Starting replication
> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> SRVAD-OLD.SAMDOM.LOCAL<0x20>
> cli_credentials(WORKGROUP\Administrator) without realm, cannot use
> kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[402/1554] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[804/1554] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[1206/1554] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
> objects[1553/1554] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 1553 objects (0 linked attributes) for
> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995]
> linked_values[20/20]
> Replicated 146 objects (20 linked attributes) for
> CN=Configuration,DC=SAMDOM,DC=LOCAL
> Replicating critical objects from the base DN of the domain
> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0]
> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0]
> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0]
> Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for
> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93]
> linked_values[0/0]
> Replicated 93 objects (0 linked attributes) for
> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
> linked_values[0]
> Discarding older DRS attribute update to objectClass on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to whenCreated on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to showInAdvancedViewOnly on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to name on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to fSMORoleOwner on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
> Discarding older DRS attribute update to systemFlags on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectCategory on CN=RID
> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to isCriticalSystemObject on
> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
> a9e55326-e32f-4da3-8baa-8cf29cbafded
> Discarding older DRS attribute update to objectClass on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to whenCreated on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to displayName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to nTSecurityDescriptor on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to name on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to userAccountControl on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to codePage on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to countryCode on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dBCSPwd on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to localPolicyFlags on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to logonHours on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to unicodePwd on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to ntPwdHistory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to pwdLastSet on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to primaryGroupID on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to supplementalCredentials on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectSid on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to accountExpires on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to lmPwdHistory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to sAMAccountType on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to dNSHostName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to servicePrincipalName on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to objectCategory on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to isCriticalSystemObject on
> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
> on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
> 5129d5e2-1df1-4299-bede-1eed9ff37869
> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
> Committing SAM database
> Sending DsReplicaUpdateRefs for all the replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> See /var/lib/samba/private/named.conf for an example configuration
> include file for BIND
> and /var/lib/samba/private/named.txt for further documentation
> required for secure DNS updates
> Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as
> a DC
>
>
> Il 26/02/2018 11:33, Claudio Nicora ha scritto:
>> Thanks for the time you're dedicating to solving my issue.
>>
>>> Is your WORKGROUP really the same as your dnsdomain ?
>>> So, the command should be:
>>> samba-tool domain join samdom.local DC -U Administrator
>>> --dns-backend=BIND9_DLZ --verbose -d3
>>
>> I've replaced log sensitive data before posting it (replacing real
>> domain name with SAMDOM), but replace was case-insensitive so
>> everything became uppercase.
>> I'm attaching the correct log below, sorry for the confusion.
>> Anyway I've already tried either -U"SAMDOM.LOCAL\Administrator",
>> -U"SAMDOM\Administrator" and -U Administrator and all of them fail
>> with the same result.
>>
>> Additional info: before testing Sabma 4.7.4, I've tested to join
>> previous Samba version server (Ubuntu 17.10, Samba 4.6.7) and it worked.
>>
>> Here's the new log (with case-preserved replacement), together with
>> other required files:
>>
>> =========================================
>> root at srvad-new:~# samba-tool domain join samdom.local DC
>> -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo
>> eth_lan" --option="bind interfaces only=yes" -d3
>>
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> GENSEC backend 'gssapi_spnego' registered
>> GENSEC backend 'gssapi_krb5' registered
>> GENSEC backend 'gssapi_krb5_sasl' registered
>> GENSEC backend 'spnego' registered
>> GENSEC backend 'schannel' registered
>> GENSEC backend 'naclrpc_as_system' registered
>> GENSEC backend 'sasl-EXTERNAL' registered
>> GENSEC backend 'ntlmssp' registered
>> GENSEC backend 'ntlmssp_resume_ccache' registered
>> GENSEC backend 'http_basic' registered
>> GENSEC backend 'http_ntlm' registered
>> GENSEC backend 'krb5' registered
>> GENSEC backend 'fake_gssapi_krb5' registered
>> Finding a writeable DC for domain 'samdom.local'
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> _ldap._tcp.samdom.local<0x0>
>> Found DC SRVAD-OLD.SAMDOM.LOCAL
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> workgroup is SAMDOM
>> realm is SAMDOM.LOCAL
>> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Adding
>> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Adding CN=NTDS
>> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Setting account password for SRVAD-NEW$
>> Enabling account
>> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with
>> dns/ SPN
>> Setting account password for dns-SRVAD-NEW
>> Calling bare provision
>> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up secrets.ldb
>> Setting up the registry
>> ldb_wrap open of hklm.ldb
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> partition_metadata: Migrating partition metadata: open of
>> metadata.tdb gave: (null)
>> A Kerberos configuration suitable for Samba AD has been generated at
>> /var/lib/samba/private/krb5.conf
>> Provision OK for domain DN DC=SAMDOM,DC=LOCAL
>> Starting replication
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[402/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[804/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[1206/1557] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL]
>> objects[1553/1557] linked_values[0/0]
>> Analyze and apply schema objects
>> Discarding older DRS attribute update to objectClass on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectClass on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectClass on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectVersion on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to name on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to objectCategory on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to schemaInfo on
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Replicated 1553 objects (0 linked attributes) for
>> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2508]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2508]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2508]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2508]
>> linked_values[0/20]
>> Replicated 402 objects (0 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1833/2508]
>> linked_values[20/20]
>> Replicated 224 objects (20 linked attributes) for
>> CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
>> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1918] linked_values[0/0]
>> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1918] linked_values[0/0]
>> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Partition[DC=SAMDOM,DC=LOCAL] objects[936/1918] linked_values[0/0]
>> Replicated 138 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
>> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21]
>> linked_values[0/0]
>> Replicated 21 objects (0 linked attributes) for
>> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
>> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
>> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94]
>> linked_values[0/0]
>> Replicated 94 objects (0 linked attributes) for
>> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
>> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3]
>> linked_values[0]
>> Discarding older DRS attribute update to objectClass on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to whenCreated on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to showInAdvancedViewOnly on
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to name on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to fSMORoleOwner on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
>> Discarding older DRS attribute update to systemFlags on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectCategory on CN=RID
>> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to isCriticalSystemObject on
>> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from
>> a9e55326-e32f-4da3-8baa-8cf29cbafded
>> Discarding older DRS attribute update to objectClass on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to whenCreated on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to displayName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to nTSecurityDescriptor on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to name on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to userAccountControl on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to codePage on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to countryCode on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to dBCSPwd on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to localPolicyFlags on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to logonHours on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to unicodePwd on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to ntPwdHistory on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to pwdLastSet on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to primaryGroupID on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to supplementalCredentials on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectSid on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to accountExpires on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to lmPwdHistory on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to sAMAccountName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to sAMAccountType on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to dNSHostName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to servicePrincipalName on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to objectCategory on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to isCriticalSystemObject on
>> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from
>> 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Discarding older DRS attribute update to
>> msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain
>> Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
>> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
>> Committing SAM database
>> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
>> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
>> Join failed - cleaning up
>> ldb_wrap open of secrets.ldb
>> Could not find machine account in secrets database: Failed to fetch
>> machine account password for SAMDOM from both secrets.ldb (Could not
>> find entry to match filter:
>> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
>> Domains': No such object: dsdb_search at
>> ../source4/dsdb/common/util.c:4636) and from
>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
>> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
>> Deleted CN=NTDS
>> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> Deleted
>> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
>> ERROR(runtime): uncaught exception - (9003,
>> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 176, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
>> line 661, in run
>> machinepass=machinepass, use_ntvfs=use_ntvfs,
>> dns_backend=dns_backend)
>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474,
>> in join_DC
>> ctx.do_join()
>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384,
>> in do_join
>> ctx.join_add_dns_records()
>> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116,
>> in join_add_dns_records
>> dns_partition=domaindns_zone_dn)
>> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939,
>> in dns_lookup
>> dns_partition=dns_partition)
>>
>>
>>
>> root at srvad-new:~# cat /etc/hosts
>> 127.0.0.1 localhost
>> 10.0.3.90 srvad-old.samdom.local srvad-old
>> 10.0.3.100 srvad-new.samdom.local srvad-new
>>
>> # The following lines are desirable for IPv6 capable hosts
>> ::1 localhost ip6-localhost ip6-loopback
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters
>>
>>
>> root at srvad-new:~# cat /etc/hostname
>> srvad-new.samdom.local (---> also tried with "srvad-new" only)
>>
>>
>> root at srvad-new:~# cat /etc/resolv.conf
>> nameserver 10.0.3.90
>> search samdom.local
>> =======================
>>
>>
>>
>>
>>
>>
>>
>>
>> Il 25/02/2018 14:30, Rowland Penny via samba ha scritto:
>>> On Sun, 25 Feb 2018 12:28:39 +0100
>>> Claudio Nicora via samba <samba at lists.samba.org> wrote:
>>>
>>>> Tried again to join, now with full cleanup of /var/lib/samba/private
>>>> folder on new server... same error.
>>>>
>>>> Anyone have an idea of what's going wrong?
>>>>
>>>>
>>>>> ============================================================
>>>>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC
>>>>> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ
>>>>> --option="interfaces=eth_lan" --verbose -d3
>>>>>
>>> Is your WORKGROUP really the same as your dnsdomain ?
>>>
>>>
>>>>> Finding a writeable DC for domain 'SAMDOM.LOCAL'
>>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>>> _ldap._tcp.SAMDOM.LOCAL<0x0>
>>>>> Found DC SRVAD-OLD.SAMDOM.LOCAL
>>>>> resolve_lmhosts: Attempting lmhosts lookup for name
>>>>> SRVAD-OLD.SAMDOM.LOCAL<0x20>
>>>>> Password for [SAMDOM.LOCAL\Administrator]:
>>>>> workgroup is SAMDOM
>>>>> realm is SAMDOM.LOCAL
>>> Seemingly not ;-)
>>>
>>> So, the command should be:
>>>
>>> samba-tool domain join samdom.local DC -U Administrator
>>> --dns-backend=BIND9_DLZ --verbose -d3
>>>
>>> Can you post your /etc/hosts and /etc/resolv.conf files
>>>
>>> Can you also tell us the ipaddresses of the original DC and the new DC
>>>
>>> Rowland
>>>
>>
>
More information about the samba
mailing list