[Samba] Failing to join existing AD as DC

Alexander Harm contact at aharm.de
Thu Aug 15 11:25:04 UTC 2019


I tried joining the same AD before and succeeded, however after upgrading to Debian Buster and installing AD Certificate Services on the Windows DC my join does not work anymore:

samba-tool domain join samdom.example.com DC -U“SAMDOM\adadmin” –site=“KA-H9”

fails during the ldap part with:

Join failed - cleaning up

Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID–0C090569, comment: AcceptSecurityContext error, data 52e, v4563> <> Failed to connect to ‘ldap://dc01.samdom.example.com’ with backend ‘ldap’: LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID–0C090569, comment: AcceptSecurityContext error, data 52e, v4563> <>

ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR -  <000021A2: SvcErr: DSID-030A08C1, problem 5012 (DIR_ERROR), data 8610

> <>

  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run

    return self.run(*args, **kwargs)

  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 716, in run

    backend_store=backend_store)

  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1501, in join_DC

    ctx.do_join()

  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1397, in do_join

    ctx.join_add_objects()

  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 683, in join_add_objects

    ctx.samdb.modify(m)

I verified password etc. but I believe this boils down to certificate issues. I added the root cert of the AD to the local certificates and OpenSSL verifies everything as being OK.

Does anyone have an idea on what I could try next?

Thanks



More information about the samba mailing list