[Samba] 4.8.x domain join warning message

Andrew Bartlett abartlet at samba.org
Sun May 20 18:44:49 UTC 2018

On Sun, 2018-05-20 at 22:38 +0800, d tbsky via samba wrote:
> Hi:
>    I tried to use samba 4.8.1/4.8.2 to join windows domain as DC. and
> saw warning message like "Unable to determine the DomainSID, can not
> enforce uniqueness constraint on local domainSIDs"

Sorry about that.  We should sqelch the warning during provision and
the join. 

>   I didn't get that message when using samba 4.7.7. is the message
> safe to ignore?

Entirely safe.  We made some changes in Samba to cope with deleted
foreignSecurityPrincipal objects which meant we had to relax our
uniqueness constraint, but only for things outside our domain.  

It just has a chicken-and-egg situation during the very first setup
(where we won't create duplicates anyway, as we are under the control
of the script) which the lower level module gets a bit grumpy with. 

>   the complete join message below:
> [root at samba-dc ~]# /usr/local/samba/bin/samba-tool domain join
> samdom.example.com DC -U"SAMDOM\administrator"
> --dns-backend=SAMBA_INTERNAL

> Joined domain SAMDOM (SID S-1-5-21-3559909774-3968669603-834676815) as a DC

It is fine.  Worry when you don't get that last line, otherwise it
looks good :-)

Andrew Bartlett

Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list