[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain

Claudio Nicora claudio.nicora at gmail.com
Fri Mar 2 10:43:37 UTC 2018


If I create SRVAD-NEW DNS record manually, under samdom.local zone, this 
is what I see with adsiedit:

distinguishedName: 
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL

In "Active Directory Users and Computers" under "Domain Controllers" I 
see this object (that disappears after failure):

distinguishedName: CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL


> > Garming asked you to see if you could locate
> > where the records got put the records by hand
>
> Sorry, I can't understand what you mean with "if you could locate 
> where the records got put"...
> Are you're asking me to create the DNS record by hand with RSAT on 
> SRVAD_OLD, then run samba-tool join again?
> If so, yes I've tried to create the record manually and re-run 
> samba-tool with the same error.
>
> Sorry for the misunderstand
>
>>> I'm still focusing on log lines after the failure:
>>>
>>> --- no SRVAD-OLD address in /etc/hosts ---
>>> Join failed - cleaning up
>>> ldb_wrap open of secrets.ldb
>>> Could not find machine account in secrets database: Failed to fetch
>>> machine account password for SAMDOM from both secrets.ldb (Could not
>>> find entry to match filter:
>>> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
>>> Domains': No such object: dsdb_search at
>>> ../source4/dsdb/common/util.c:4636) and from
>>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>>> ---
>> This isn't it.  The things after the failure are not the issue, they
>> are happening in the unwind.
>>
>> You can see the real failure in the backtrace, where it fails to find
>> the records using our DNS client library for LDAP (yes, a very strange
>> thing).
>>
>> As Garming said, the issue is that Samba can't find the DNS records on
>> your AD DC over LDAP, having just added them via RPC.
>>
>> This code is a bit tricky, and I thought I had it right, but clearly
>> that isn't the case.  Garming asked you to see if you could locate
>> where the records got put the records by hand.
>>
>> Thanks,
>>
>> Andrew Bartlett
>>
>




More information about the samba mailing list