[Samba] Serverinfo Error

Wed Aug 21 17:31:26 UTC 2019

On 21/08/2019 17:31, Robert A Wooldridge via samba wrote:
> On 08/21/2019 02:02 AM, L.P.H. van Belle via samba wrote:
>> Try this command:
>> samba-tool domain join edm-inc.com DC \
>>     --server=server.fqdn.here \    # << AD-DC server with FSMO roles
>>     --realm=EDM-INC.COM
>>     --dns-backend=SAMBA_INTERNAL \ # if your running with bind9, 
>> --dns-backend=BIND9_DLZ
>>     --option='idmap_ldb:use rfc2307 = yes' \
>>     -U"DOM\Administrator"
>>
>>     ( or change DOM\Administrator to Administrator at EDM-INC.COM )
> Results:
>
> athena2:~# samba-tool domain join edm-inc.com DC 
> --server=ads1.edm-inc.com --realm=EDM-INC.COM 
> --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 = yes' 
> -U"EDM\Administrator"
> Password for [EDM\Administrator]:
> workgroup is EDM
> realm is edm-inc.com
> Adding CN=ATHENA2,OU=Domain Controllers,DC=edm-inc,DC=com
> Adding 
> CN=ATHENA2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com
> Adding CN=NTDS 
> Settings,CN=ATHENA2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com
> Adding SPNs to CN=ATHENA2,OU=Domain Controllers,DC=edm-inc,DC=com
> Setting account password for ATHENA2$
> Enabling account
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness 
> constraint on local domainSIDs
>
> A Kerberos configuration suitable for Samba AD has been generated at 
> /var/lib/samba/private/krb5.conf
> Merge the contents of this file with your system krb5.conf or replace 
> it with this one. Do not create a symlink!
> Provision OK for domain DN DC=edm-inc,DC=com
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=edm-inc,DC=com] 
> objects[402/1081] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=edm-inc,DC=com] 
> objects[804/1081] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=edm-inc,DC=com] 
> objects[1206/1081] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=edm-inc,DC=com] 
> objects[1376/1081] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=edm-inc,DC=com] objects[402/4062] 
> linked_values[0/26]
> Partition[CN=Configuration,DC=edm-inc,DC=com] objects[804/4062] 
> linked_values[0/26]
> Partition[CN=Configuration,DC=edm-inc,DC=com] objects[1206/4062] 
> linked_values[0/26]
> Partition[CN=Configuration,DC=edm-inc,DC=com] objects[1608/4062] 
> linked_values[0/26]
> Partition[CN=Configuration,DC=edm-inc,DC=com] objects[1640/4062] 
> linked_values[26/26]
> dsdb_replicated_objects_convert: Ignoring object outside partition 
> 14fdc5de-6126-4568-9d84-ff7a7c3d0521 
> CN=Schema,CN=Configuration,DC=edm-inc,DC=com: 
> WERR_DS_ADD_REPLICA_INHIBITED
> Replicating critical objects from the base DN of the domain
> Partition[DC=edm-inc,DC=com] objects[94/249] linked_values[0/0]
> Partition[DC=edm-inc,DC=com] objects[351/6576] linked_values[0/0]
> dsdb_replicated_objects_convert: Ignoring object outside partition 
> bc113c1b-fd60-4277-9b26-bf16318d53e9 
> CN=Configuration,DC=edm-inc,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
> Partition[DC=edm-inc,DC=com] objects[587/6576] linked_values[0/0]
> dsdb_replicated_objects_convert: Ignoring object outside partition 
> 10ec641e-dd40-4704-b9a7-03664a15415d 
> DC=DomainDnsZones,DC=edm-inc,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside partition 
> 92d6e51a-9c5b-4bff-bb5e-cd7a89bbe2b6 
> DC=ForestDnsZones,DC=edm-inc,DC=com: WERR_DS_ADD_REPLICA_INHIBITED
> Partition[DC=edm-inc,DC=com] objects[812/6576] linked_values[0/0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=edm-inc,DC=com
> Partition[DC=DomainDnsZones,DC=edm-inc,DC=com] objects[21/21] 
> linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=edm-inc,DC=com
> Partition[DC=ForestDnsZones,DC=edm-inc,DC=com] objects[5/5] 
> linked_values[0/0]
> Exop on[CN=RID Manager$,CN=System,DC=edm-inc,DC=com] objects[3] 
> linked_values[0]
> Committing SAM database

Though it appears that errors have occurred, everything has worked to here.

> Adding 1 remote DNS records for ATHENA2.edm-inc.com
> Adding DNS A record ATHENA2.edm-inc.com for IPv4 IP: 10.10.1.15
> Join failed - cleaning up

It is failing whilst trying to add the new DCs A record and anything 
from here onwards can be ignored, it has nothing to do with the error.

This is where you got to last time, so you know what to do to get the 
join to finish.

Once you do get the join to finish, we need to identify what dns records 
you are missing and manually create them.

Rowland