[Samba] Failing to join existing AD as DC
Alexander Harm
contact at aharm.de
Thu Aug 15 11:25:04 UTC 2019
I tried joining the same AD before and succeeded, however after upgrading to Debian Buster and installing AD Certificate Services on the Windows DC my join does not work anymore:
samba-tool domain join samdom.example.com DC -U“SAMDOM\adadmin” –site=“KA-H9”
fails during the ldap part with:
Join failed - cleaning up
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID–0C090569, comment: AcceptSecurityContext error, data 52e, v4563> <> Failed to connect to ‘ldap://dc01.samdom.example.com’ with backend ‘ldap’: LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID–0C090569, comment: AcceptSecurityContext error, data 52e, v4563> <>
ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - <000021A2: SvcErr: DSID-030A08C1, problem 5012 (DIR_ERROR), data 8610
> <>
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 716, in run
backend_store=backend_store)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1501, in join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1397, in do_join
ctx.join_add_objects()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 683, in join_add_objects
ctx.samdb.modify(m)
I verified password etc. but I believe this boils down to certificate issues. I added the root cert of the AD to the local certificates and OpenSSL verifies everything as being OK.
Does anyone have an idea on what I could try next?
Thanks
More information about the samba
mailing list