[Samba] Problems joining Samba 4 in the domain
Marcio Demetrio Bacci
marciobacci at gmail.com
Mon Aug 12 17:56:42 UTC 2019
Hi,
I have downgraded samba 4.7 (van-belle repository) to 4.5.16 from the
Debian 9 repository and was able to put it in the domain.
root at samba4-new-dc:/etc/samba# samba -V
Version 4.5.16-Debian
samba-tool domain join empresa.com.br DC -k yes -d 3 --server=
samba4-dc1.empresa.com.br
root at samba4-new-dc:/etc/samba# samba-tool domain join empresa.com.br DC -k
yes -d 3 --server=samba4-dc1.empresa.com.br
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
workgroup is EMPRESA
realm is empresa.com.br
Adding CN=SAMBA4-NEW-DC,OU=Domain Controllers,empresa.com.br
Adding
CN=SAMBA4-NEW-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
empresa.com.br
Adding CN=NTDS
Settings,CN=SAMBA4-NEW-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
empresa.com.br
Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
Adding SPNs to CN=SAMBA4-NEW-DC,OU=Domain Controllers,empresa.com.br
Setting account password for SAMBA4-NEW-DC$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not
found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
A Kerberos configuration suitable for Samba 4 has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN empresa.com.br
Starting replication
Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[402/1518]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[804/1518]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1206/1518]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1518/1518]
linked_values[0/0]
Analyze and apply schema objects
Replicated 1518 objects (0 linked attributes) for
CN=Schema,CN=Configuration,empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[402/1984]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[804/1984]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[1206/1984]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[1608/1984]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[1984/1984]
linked_values[41/0]
Replicated 376 objects (41 linked attributes) for CN=Configuration,
empresa.com.br
Replicating critical objects from the base DN of the domain
Partition[empresa.com.br] objects[101/101] linked_values[35/0]
Replicated 101 objects (35 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[503/2180] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[905/2180] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[1307/2180] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[1709/2180] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[2111/2180] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[2281/2180] linked_values[1039/0]
Replicated 170 objects (1039 linked attributes) for empresa.com.br
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,empresa.com.br
Partition[DC=DomainDnsZones,empresa.com.br] objects[402/646]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for DC=DomainDnsZones,
empresa.com.br
Partition[DC=DomainDnsZones,empresa.com.br] objects[646/646]
linked_values[0/0]
Replicated 244 objects (0 linked attributes) for DC=DomainDnsZones,
empresa.com.br
Replicating DC=ForestDnsZones,empresa.com.br
Partition[DC=ForestDnsZones,empresa.com.br] objects[37/37]
linked_values[0/0]
Replicated 37 objects (0 linked attributes) for DC=ForestDnsZones,
empresa.com.br
Committing SAM database
Discarding older DRS linked attribute update to member on
CN=IIS_IUSRS,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,empresa.com.br from a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,empresa.com.br from 71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Domain
Admins,CN=Users,empresa.com.br from ad07f0d5-237c-4611-80a5-3751a318329b
Discarding older DRS linked attribute update to member on CN=Usuários da
área de trabalho remota,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on
CN=Administrators,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
acesso de autorização Windows,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
acesso de autorização Windows,CN=Builtin,empresa.com.br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Grupo de
Replicação de Senha RODC Nega,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,empresa.com.br from a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,empresa.com.br from 71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,empresa.com.br from 71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Enterprise
Admins,CN=Users,empresa.com.br from 71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on
CN=Replicator,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on
CN=Replicator,CN=Builtin,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,empresa.com.br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,empresa.com.br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,empresa.com.br from a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,empresa.com.br from 71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,empresa.com.br from 71c305c7-564f-44dc-bdc7-c03ee501bd52
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain EMPRESA (SID S-1-5-21-1712526294-259020848-313593124) as a DC
####################################################################################
However, I verified that the DNS records msdcs.empresa.com.br and
empresa.com.br (ldap, kerberos, gc, tcp, udp) were not updated with the
information of the new DC.
The following errors are verified:
samba-tool drs showrepl
Default-First-Site-Name\SAMBA4-DC1
DSA Options: 0x00000001
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
DSA invocationId: a20c8ed0-c72a-4e57-9e59-2236f127d0b8
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:30:49 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:30:49 2019 -03
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:30:49 2019 -03 failed, result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:30:49 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:30:49 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:30:49 2019 -03 failed, result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:33:04 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:33:04 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:30:49 2019 -03 failed, result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:30:49 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:30:49 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:30:49 2019 -03 failed, result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:33:26 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:33:26 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:30:49 2019 -03 failed, result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:00:39 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:00:39 2019 -03
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:34:32 2019 -03 failed, result 2 (WERR_BADFILE)
9 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:15:55 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:15:55 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:34:32 2019 -03 failed, result 2 (WERR_BADFILE)
9 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:32:47 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:32:47 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:34:32 2019 -03 failed, result 2 (WERR_BADFILE)
9 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:00:39 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:00:39 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:34:32 2019 -03 failed, result 2 (WERR_BADFILE)
9 consecutive failure(s).
Last success @ NTTIME(0)
DC=empresa,DC=com,DC=br
Default-First-Site-Name\WIN-DC2 via RPC
DSA object GUID: d580939f-a8b9-43ea-84e9-be0f9bd29468
Last attempt @ Mon Aug 12 14:14:45 2019 -03 was successful
0 consecutive failure(s).
Last success @ Mon Aug 12 14:14:45 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-NEW-DC via RPC
DSA object GUID: 10292cde-6888-43a7-a067-26b95873f5a7
Last attempt @ Mon Aug 12 14:34:32 2019 -03 failed, result 2 (WERR_BADFILE)
9 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: c6393fbd-461c-4fd7-ac62-4801a3de43d2
Enabled : TRUE
Server DNS name : win-dc2.empresa.com.br
Server DN name : CN=NTDS
Settings,CN=WIN-DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Connection --
Connection name: 3d74773c-19d4-4220-84b1-edc605f74633
Enabled : TRUE
Server DNS name : samba4-new-dc.empresa.com.br
Server DN name : CN=NTDS
Settings,CN=SAMBA4-NEW-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
samba-tool ldapcmp ldap://SAMBA4-DC1 ldap://SAMBA4-NEW-DC -UAdministrator
...
Comparing:
'CN=SAMBA4-NEW-DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br'
[ldap://SAMBA4-DC1]
'CN=SAMBA4-NEW-DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br'
[ldap://SAMBA4-NEW-DC]
Difference in attribute values:
servicePrincipalName =>
['E3514235-4B06-11D1-AB04-00C04FC2DCD2/10292cde-6888-43a7-a067-26b95873f5a7/
empresa.com.br', 'GC/samba4-new-dc.empresa.com.br/empresa.com.br',
'HOST/SAMBA4-NEW-DC', 'HOST/samba4-new-dc.empresa.com.br']
['E3514235-4B06-11D1-AB04-00C04FC2DCD2/10292cde-6888-43a7-a067-26b95873f5a7/
empresa.com.br', 'GC/samba4-new-dc.empresa.com.br/empresa.com.br',
'HOST/SAMBA4-NEW-DC', 'HOST/samba4-new-dc.empresa.com.br', 'HOST/
samba4-new-dc.empresa.com.br/EMPRESA', 'HOST/
samba4-new-dc.empresa.com.br/empresa.com.br',
'RestrictedKrbHost/SAMBA4-NEW-DC', 'RestrictedKrbHost/
samba4-new-dc.empresa.com.br', 'ldap/10292cde-6888-43a7-a067-26b95873f5a7._
msdcs.empresa.com.br', 'ldap/SAMBA4-NEW-DC', 'ldap/
samba4-new-dc.empresa.com.br', 'ldap/
samba4-new-dc.empresa.com.br/DomainDnsZones.empresa.com.br', 'ldap/
samba4-new-dc.empresa.com.br/ForestDnsZones.empresa.com.br', 'ldap/
samba4-new-dc.empresa.com.br/EMPRESA', 'ldap/
samba4-new-dc.empresa.com.br/empresa.com.br']
FAILED
...
* DN lists have different size: 1644 != 1646
CN=52063d3d-86a8-4066-9fbb-7e62b245716a,CN=NTDS
Settings,CN=SAMBA4-NEW-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
CN=a1d84f32-fe3a-4b54-8ff7-db309a4cf735,CN=NTDS
Settings,CN=SAMBA4-NEW-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
...
To solve these problems, can I add the records manually in DNS?
Example:
_ldap Local de serviço (SRV) [0][100][389] samba4-dc1.empresa.com.br.
static
_ldap Local de serviço (SRV) [0][100][389] win-dc2.empresa.com.br. static
_ldap Local de serviço (SRV) [0][100][389] samba4-new-dc.empresa.com.br.
Regards,
Márcio Bacci
Em seg, 12 de ago de 2019 às 12:41, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 12/08/2019 16:01, L.P.H. van Belle via samba wrote:
> > Ah, so the error changed..
> >
> > Can you try
> >
> > samba-tool domain join empresa.com.br DC -k yes -d 3 --server=
> samba4-dc01.empresa.com.br
> > so we try to join through samba4-dc1 and not the windows DC.
> You beat me to it Louis
> >
> > Looking at below again.
> > (objectclass=primaryDomain))' base: 'cn=Primary Domains': No such
> object: dsdb_search at ../source4/dsdb/common/util.c:4691) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> > This looks familuar.. i have to look this up.. ( tomorrow, office is
> closing here.. sorry )
>
> Yes, it is familiar, but misleading ;-)
>
> You can ignore anything after: 'Join failed - cleaning up'
>
> The error occurred before this point.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list