[Samba] Failing to join existing AD as DC

Andrew Bartlett abartlet at samba.org
Fri Aug 16 10:10:49 UTC 2019


On Fri, 2019-08-16 at 11:18 +0200, L.P.H. van Belle via samba wrote:
> Good point Roy, 
> 
> So we can add the question. 
> > I tried joining the same AD before and succeeded, 
> 
> Your other DC, is that in the same subnet? 
> 
> And is the windows firewall allowing the other subnet? 
> telnet the DNS port from the samba server to the windows server.
> 

I'm quite confused, why are you folks chasing down routing issues for
an operations error on a valid LDAP connection?

This seems a very odd and increasingly tortured set of diagnostics.

Alexander,

I think the invalid credentials bit is a red herring, during the
cleanup, the main backtrace shown looks like it doesn't like one of the
objects being modified over LDAP.

Examination of the source code shows that the only way a modify occurs
is if we are in 'promote_existing' mode, so perhaps ensure any accounts
of the same name are first deleted, or choose an unused name for the
DC. 

I hope this helps,

Andrew Bartlett
-- 
Andrew Bartlett                       https://samba.org/~abartlet/
Authentication Developer, Samba Team  https://samba.org
Samba Developer, Catalyst IT          
https://catalyst.net.nz/services/samba






More information about the samba mailing list