[Samba] Unable to rejoin to domain as AD DC

Krzysztof Paszkowski kylo at kimpa.pl
Thu Mar 29 12:32:00 UTC 2018 

Hi all,

I was trying to upgrade samba to 4.8.0 on one of my AD DC (with Centos 6.6).
Sadly, there was some compatibility issues (I suppose so):
[root at backup samba-4.8.0]# samba-tool drs showrepl ERROR(<type
'exceptions.SyntaxError'>): uncaught exception - invalid syntax
(ms_schema.py, line 280)
  File "/usr/local/samba/bin/samba-tool", line 45, in <module>
    retval = cmd._run("samba-tool", subcommand, *args)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 202, in _run
    return self.subcommands[subcommand]._run(
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/main.py", line
35, in __getitem__
    fromlist=['cmd_%s' % attr]),
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py",
line 37, in <module>
    from samba.join import join_clone
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
29, in <module>
    from samba.provision import secretsdb_self_join, provision,
provision_fill, FILL_DRS, FILL_SUBDOMAIN
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/provision/__init__.py"
, line 77, in <module>
    from samba.provision.backend import (
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/provision/backend.py",
line 43, in <module>
    from samba.schema import Schema
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/schema.py",
line 28, in <module>
    from samba.ms_schema import read_ms_schema

I wasn't able to do anything.
I was trying to downgrade, but:

[root at backup samba-4.8.0]# source4/scripting/bin/sambaundoguididx
Traceback (most recent call last):
  File "source4/scripting/bin/sambaundoguididx", line 15, in <module>
    from samba.dbchecker import dbcheck
  File "bin/python/samba/dbchecker.py", line 32, in <module>
    from samba.descriptor import get_wellknown_sds, get_diff_sds
  File "bin/python/samba/descriptor.py", line 31, in <module>
    from samba.schema import get_schema_descriptor
  File "bin/python/samba/schema.py", line 28, in <module>
    from samba.ms_schema import read_ms_schema
  File "bin/python/samba/ms_schema.py", line 280
    entry = header + [x for x in entry if x[0].lower() not in {'dn',
'changetype', 'objectcategory'}]
SyntaxError: invalid syntax

Make install 4.7.6 and

[root at backup samba-4.7.6]# tail -f /usr/local/samba/var/log.samba
  STATUS=daemon failed to start: Samba detected misconfigured 'server role'
and exited. Check logs for details, error code 22
[2018/03/27 23:05:20.378608,  0]
../source4/smbd/server.c:448(binary_smbd_main)
  samba version 4.7.6 started.
  Copyright Andrew Tridgell and the Samba Team 1992-2017
[2018/03/27 23:05:20.449842,  0]
../source4/smbd/server.c:600(binary_smbd_main)
  At this time the 'samba' binary should only be used for either:
  'server role = active directory domain controller' or to access the ntvfs
file server with 'server services = +smb' or the rpc proxy with 'dcerpc
endpoint servers = remote'
  You should start smbd/nmbd/winbindd instead for domain member and
standalone file server tasks
[2018/03/27 23:05:20.449979,  0]
../lib/util/become_daemon.c:111(exit_daemon)
  STATUS=daemon failed to start: Samba detected misconfigured 'server role'
and exited. Check logs for details, error code 22


Local demoting didn't work either, so I decided to demote it from main DC
and join as new one. Everything looked fine. Server vanished from
controllers and DNS. Unfortunately the joining process has failed:

Join failed - cleaning up
ERROR(ldb): uncaught exception - LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <Failed to add CN=BACKUP1,OU=Domain
Controllers,DC=luxmed,DC=net,DC=pl: Updating the UF_TRUSTED_FOR_DELEGATION
bit in
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
1474, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
1375, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line
611, in join_add_objects
    ctx.samdb.add(rec)


Any help appreciated. 

Regards,
Kris

More information about the samba mailing list