[Samba] Failing to join existing AD as DC
L.P.H. van Belle
belle at bazuin.nl
Thu Aug 15 12:24:56 UTC 2019
Can you try this:
kinit Administrator
samba-tool domain join samdom.example.com DC --site=?KA-H9? -k yes
If that isnt working..
Post output of :
cat /etc/ldap/ldap.conf
And tell me how did you setup your ssl certificates on this server.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Alexander Harm via samba
> Verzonden: donderdag 15 augustus 2019 13:25
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Failing to join existing AD as DC
>
> I tried joining the same AD before and succeeded, however
> after upgrading to Debian Buster and installing AD
> Certificate Services on the Windows DC my join does not work anymore:
>
> samba-tool domain join samdom.example.com DC
> -U?SAMDOM\adadmin? ?site=?KA-H9?
>
> fails during the ldap part with:
>
> Join failed - cleaning up
>
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -
> <8009030C: LdapErr: DSID?0C090569, comment:
> AcceptSecurityContext error, data 52e, v4563> <> Failed to
> connect to ?ldap://dc01.samdom.example.com? with backend
> ?ldap?: LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C:
> LdapErr: DSID?0C090569, comment: AcceptSecurityContext error,
> data 52e, v4563> <>
>
> ERROR(ldb): uncaught exception - LDAP error 1
> LDAP_OPERATIONS_ERROR - <000021A2: SvcErr: DSID-030A08C1,
> problem 5012 (DIR_ERROR), data 8610
>
> > <>
>
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 177, in _run
>
> return self.run(*args, **kwargs)
>
> File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
> line 716, in run
>
> backend_store=backend_store)
>
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line
> 1501, in join_DC
>
> ctx.do_join()
>
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line
> 1397, in do_join
>
> ctx.join_add_objects()
>
> File "/usr/lib/python2.7/dist-packages/samba/join.py", line
> 683, in join_add_objects
>
> ctx.samdb.modify(m)
>
> I verified password etc. but I believe this boils down to
> certificate issues. I added the root cert of the AD to the
> local certificates and OpenSSL verifies everything as being OK.
>
> Does anyone have an idea on what I could try next?
>
> Thanks
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list