[Samba] Problems joining station in domain

Andrew Bartlett abartlet at samba.org
Tue Aug 27 22:28:42 UTC 2019 

On Tue, 2019-08-27 at 16:28 -0300, Marcio Demetrio Bacci via samba
wrote:
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>   File
> "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py",
> line 185, in _run
>     return self.run(*args, **kwargs)
>   File
> "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line
> 700, in run
>     backend_store=backend_store)
>   File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> 1544, in join_DC
>     ctx.do_join()
>   File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> 1445, in do_join
>     ctx.join_add_dns_records()
>   File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> 1213, in join_add_dns_records
>     dns_partition=forestdns_zone_dn)
>   File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py", line
> 1069, in dns_lookup
>     dns_partition=dns_partition)

G'Day Marcio,

Sorry about this.  What is the original source of this domain?  Did it
come from Windows or was it provisioned by Samba?

The problem here is that Samba's python libraries are trying to find
the DNS record they just added over RPC, but can't using LDAP.  They do
this to fix the ownership of the records, as otherwise they will be
owed by the administrator, not the DC.

This has become a weak point in our DC join process, but replaces the
previous weak point where we didn't create the records during the join
and hoped that they would get created and replicated correctly on first
startup (this often failed).

Sadly we have multiple different codebases involved here (the old
existing DC and new versions of Samba joining) and while the remote
server has found and created the records, the local codebase can't. 

None of this is a massive help to you right now, sorry!

We need to improve this area, and we need to allow some of this to fail
more gracefully.  So much work to do!

Sorry,

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

More information about the samba mailing list