[Samba] Failing to join existing AD as DC

L.P.H. van Belle belle at bazuin.nl
Fri Aug 16 11:05:24 UTC 2019 

It's windows that is not allowing samba to join. 

This should make thing more clear in my opinion.

samba-tool fsmo show -H ldap://$(hostname -d)
And
samba-tool fsmo show -H ldap://10.88.80.88 -U Administrator

These both work agains my Samba AD-DC's (ldap://$(hostname -d)) 
And my windows DC -H ldap://10.88.80.88 -U "NTDOM\Administrator"


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: vrijdag 16 augustus 2019 12:54
> Aan: samba at lists.samba.org
> CC: Andrew Bartlett
> Onderwerp: Re: [Samba] Failing to join existing AD as DC
> 
> On 16/08/2019 11:10, Andrew Bartlett via samba wrote:
> > On Fri, 2019-08-16 at 11:18 +0200, L.P.H. van Belle via samba wrote:
> >> Good point Roy,
> >>
> >> So we can add the question.
> >>> I tried joining the same AD before and succeeded,
> >> Your other DC, is that in the same subnet?
> >>
> >> And is the windows firewall allowing the other subnet?
> >> telnet the DNS port from the samba server to the windows server.
> >>
> > I'm quite confused, why are you folks chasing down routing 
> issues for
> > an operations error on a valid LDAP connection?
> I am not and I am not sure everything is valid, for instance, the OP 
> cannot kinit as Administrator
> >
> > This seems a very odd and increasingly tortured set of diagnostics.
> They have helped in the past ;-)
> >
> > Alexander,
> >
> > I think the invalid credentials bit is a red herring, during the
> > cleanup, the main backtrace shown looks like it doesn't 
> like one of the
> > objects being modified over LDAP.
> >
> > Examination of the source code shows that the only way a 
> modify occurs
> > is if we are in 'promote_existing' mode, so perhaps ensure 
> any accounts
> > of the same name are first deleted, or choose an unused name for the
> > DC.
> >
> > I hope this helps,
> >
> > Andrew Bartlett
> 
> I can confirm that 4.9.5 on Debian Buster will join as a DC to an 
> existing Samba AD domain, we now need to find out what is the 
> difference 
> between my test DC and his.
> 
> Rowland
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list