[Samba] Failing to join existing AD as DC

L.P.H. van Belle belle at bazuin.nl
Thu Aug 15 12:24:56 UTC 2019


Can you try this: 

kinit Administrator
samba-tool domain join samdom.example.com DC --site=?KA-H9? -k yes

If that isnt working.. 
Post output of :
cat /etc/ldap/ldap.conf

And tell me how did you setup your ssl certificates on this server. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Alexander Harm via samba
> Verzonden: donderdag 15 augustus 2019 13:25
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Failing to join existing AD as DC
> 
> I tried joining the same AD before and succeeded, however 
> after upgrading to Debian Buster and installing AD 
> Certificate Services on the Windows DC my join does not work anymore:
> 
> samba-tool domain join samdom.example.com DC 
> -U?SAMDOM\adadmin? ?site=?KA-H9?
> 
> fails during the ldap part with:
> 
> Join failed - cleaning up
> 
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - 
> <8009030C: LdapErr: DSID?0C090569, comment: 
> AcceptSecurityContext error, data 52e, v4563> <> Failed to 
> connect to ?ldap://dc01.samdom.example.com? with backend 
> ?ldap?: LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: 
> LdapErr: DSID?0C090569, comment: AcceptSecurityContext error, 
> data 52e, v4563> <>
> 
> ERROR(ldb): uncaught exception - LDAP error 1 
> LDAP_OPERATIONS_ERROR -  <000021A2: SvcErr: DSID-030A08C1, 
> problem 5012 (DIR_ERROR), data 8610
> 
> > <>
> 
>   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
> line 177, in _run
> 
>     return self.run(*args, **kwargs)
> 
>   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", 
> line 716, in run
> 
>     backend_store=backend_store)
> 
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 
> 1501, in join_DC
> 
>     ctx.do_join()
> 
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 
> 1397, in do_join
> 
>     ctx.join_add_objects()
> 
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 
> 683, in join_add_objects
> 
>     ctx.samdb.modify(m)
> 
> I verified password etc. but I believe this boils down to 
> certificate issues. I added the root cert of the AD to the 
> local certificates and OpenSSL verifies everything as being OK.
> 
> Does anyone have an idea on what I could try next?
> 
> Thanks
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list