[Samba] Failing to join existing AD as DC

Rowland penny rpenny at samba.org
Fri Aug 16 10:53:45 UTC 2019

On 16/08/2019 11:10, Andrew Bartlett via samba wrote:
> On Fri, 2019-08-16 at 11:18 +0200, L.P.H. van Belle via samba wrote:
>> Good point Roy,
>> So we can add the question.
>>> I tried joining the same AD before and succeeded,
>> Your other DC, is that in the same subnet?
>> And is the windows firewall allowing the other subnet?
>> telnet the DNS port from the samba server to the windows server.
> I'm quite confused, why are you folks chasing down routing issues for
> an operations error on a valid LDAP connection?
I am not and I am not sure everything is valid, for instance, the OP 
cannot kinit as Administrator
> This seems a very odd and increasingly tortured set of diagnostics.
They have helped in the past ;-)
> Alexander,
> I think the invalid credentials bit is a red herring, during the
> cleanup, the main backtrace shown looks like it doesn't like one of the
> objects being modified over LDAP.
> Examination of the source code shows that the only way a modify occurs
> is if we are in 'promote_existing' mode, so perhaps ensure any accounts
> of the same name are first deleted, or choose an unused name for the
> DC.
> I hope this helps,
> Andrew Bartlett

I can confirm that 4.9.5 on Debian Buster will join as a DC to an 
existing Samba AD domain, we now need to find out what is the difference 
between my test DC and his.


More information about the samba mailing list