[Samba] Domain join issues - 4.9.0

Jonathan Hunter jmhunter1 at gmail.com
Tue Nov 13 20:55:08 UTC 2018 

Hi,

After a recent hardware failure where I did not have a working backup,
I am trying to re-create one of my DCs (DC1). This is a Samba 4.9.0
environment throughout. I have DC1 (the one that is hopefully being
re-joined), but also DC2, DC3 and DC4 which are still present, and
these have not experienced issues.

After running the following:
$ sudo samba-tool domain join mydomain.org DC -U myadmin --site=mysite
--server=dc3
all seems well, until:
[...]
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness
constraint on local domainSIDs
[... and also ...]
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=org] objects[99/99] linked_values[28/28]
Partition[DC=mydomain,DC=org] objects[501/886] linked_values[0/61]
Partition[DC=mydomain,DC=org] objects[903/886] linked_values[0/718]
../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in
CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for
index on servicePrincipalName, duplicate of objectGUID
00000000-1111-2222-3333-444444444444 in
@INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC
[lots of these]

Should I be worried by either of these two messages? (unable to
determine DomainSID, and the multiple duplicate attribute values)?

The domain has been in existence for a while, and has been upgraded
from 4.0.0 right up to 4.9.0 where it is today, so there might be
something in the database that isn't quite right.. I have tried
targetting a couple of different DCs for the domain join, with the
same result so far.

Samba does seem to run on DC1 after it is joined to the domain, but
I'm not sure it's working properly.. my test script for freeradius
(which I run on each DC) fails on DC1.

Any pointers/advice would be appreciated, as always!

Thanks :)

Jonathan

--
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

More information about the samba mailing list