[Samba] Setup a Samba AD DC as an additional DC

Barry D. Adkins Barry at daram.com
Sat Nov 24 08:39:30 UTC 2018 

I setup DNS replication in WINDOWS AD to: "All domain controllers in this domain (for Windows 2000 compatibility).  The only other options were DNS running on a Forest/domain AD DC, which should probably be OKAY since we are making the Samba server a DC, but I was trying to see if I could get rid of the ADD_REPLICA_INHIBITED error.  I also allowed DNS zone transfers, and allowed secure and unsecure Dynamic Updates.  None of this may have anything to do with the problem.  It seemed to me the failure to join has something to do with DNS.

It throws a different error at the end.  I've also included output around all the other things with an error:

...
Partition[CN=Configuration,DC=daram,DC=com] objects[2511/8488] linked_values[3/1056]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=daram,DC=com] objects[2913/8488] linked_values[3/1056]
...
Partition[CN=Configuration,DC=daram,DC=com] objects[3882/8488] linked_values[253/1056]
dsdb_replicated_objects_convert: Ignoring object outside partition 2025e6f9-27fa-4dba-b95f-8b4b78ef326a CN=Schema,CN=Configuration,DC=daram,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=daram,DC=com] objects[4186/8488] linked_values[4/1056]
...
Partition[CN=Configuration,DC=daram,DC=com] objects[5169/8488] linked_values[32/1056]
dsdb_replicated_objects_convert: Ignoring object outside partition 2025e6f9-27fa-4dba-b95f-8b4b78ef326a CN=Schema,CN=Configuration,DC=daram,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
Partition[CN=Configuration,DC=daram,DC=com] objects[5216/8488] linked_values[12/1056]
dsdb_replicated_objects_convert: Ignoring object outside partition 2025e6f9-27fa-4dba-b95f-8b4b78ef326a CN=Schema,CN=Configuration,DC=daram,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
Replicating critical objects from the base DN of the domain
Partition[DC=daram,DC=com] objects[110/277] linked_values[60/385]
Partition[DC=daram,DC=com] objects[245/14688] linked_values[56/385]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[DC=daram,DC=com] objects[355/14688] linked_values[34/385]
...
Partition[DC=daram,DC=com] objects[6045/14688] linked_values[0/385]
dsdb_replicated_objects_convert: Ignoring object outside partition c67ea78b-bf13-4fff-9edf-7f1d71013476 DC=DomainDnsZones,DC=daram,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
dsdb_replicated_objects_convert: Ignoring object outside partition e511e246-2bca-4040-9ee1-c2192848072b CN=Configuration,DC=daram,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
dsdb_replicated_objects_convert: Ignoring object outside partition 3e776b4d-bd1d-4d16-afd8-43a3cbf03938 DC=ForestDnsZones,DC=daram,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
Partition[DC=daram,DC=com] objects[6184/14688] linked_values[0/385]
Partition[DC=daram,DC=com] objects[6199/14688] linked_values[0/385]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=daram,DC=com
Partition[DC=DomainDnsZones,DC=daram,DC=com] objects[391/480] linked_values[0/0]
Partition[DC=DomainDnsZones,DC=daram,DC=com] objects[416/480] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=daram,DC=com
Partition[DC=ForestDnsZones,DC=daram,DC=com] objects[9/9] linked_values[0/0]
Exop on[CN=RID Manager$,CN=System,DC=daram,DC=com] objects[3] linked_values[0]
Committing SAM database
Adding 1 remote DNS records for HOUDCU1801.daram.com
Join failed - cleaning up
Deleted CN=RID Set,CN=HOUDCU1801,OU=Domain Controllers,DC=daram,DC=com
Deleted CN=HOUDCU1801,OU=Domain Controllers,DC=daram,DC=com
Deleted CN=NTDS Settings,CN=HOUDCU1801,CN=Servers,CN=Houston,CN=Sites,CN=Configuration,DC=d
aram,DC=com
Deleted CN=HOUDCU1801,CN=Servers,CN=Houston,CN=Sites,CN=Configuration,DC=daram,DC=com
ERROR(runtime): uncaught exception - (9005, 'WERR_DNS_ERROR_RCODE_REFUSED')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 716, in run
    backend_store=backend_store)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1500, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1405, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1110, in join_add_dns_records
    del_rec_buf)
:~$

Barry Adkins

More information about the samba mailing list