[Samba] Problems joining station in domain

Marcio Demetrio Bacci marciobacci at gmail.com
Tue Aug 27 23:26:29 UTC 2019 

Hi,

 >What is the original source of this domain?  Did it come from Windows or
was it provisioned by Samba?
I had two Windows Server 2008 and I had many problems to join  in domain
the Samba 4 DC .

The Samba 4.10, 4.9 and 4.8 (compiled or packges of the Debian) didn't get
join the domain, this way I had use the Samba 4.5.16 and got it.

I previously thought of joining a new Samba 4.10.7 DC in the domain and if
all went well, upgrade my production DCs.

Now I don't know if I'd better upgrade the production DC first and then add
a new DC with Samba 4.10 later.

I'm afraid to "break" the production DC.

>We need to improve this area, and we need to allow some of this to fail
>more gracefully.  So much work to do!
The work of the Samba 4 team is very good! Congratulations!

Regards,

Márcio Bacci

Em ter, 27 de ago de 2019 às 19:28, Andrew Bartlett <abartlet at samba.org>
escreveu:

> On Tue, 2019-08-27 at 16:28 -0300, Marcio Demetrio Bacci via samba
> wrote:
> > ERROR(runtime): uncaught exception - (9003,
> > 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> >   File
> > "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py",
> > line 185, in _run
> >     return self.run(*args, **kwargs)
> >   File
> > "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py",
> line
> > 700, in run
> >     backend_store=backend_store)
> >   File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> > 1544, in join_DC
> >     ctx.do_join()
> >   File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> > 1445, in do_join
> >     ctx.join_add_dns_records()
> >   File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> > 1213, in join_add_dns_records
> >     dns_partition=forestdns_zone_dn)
> >   File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py",
> line
> > 1069, in dns_lookup
> >     dns_partition=dns_partition)
>
> G'Day Marcio,
>
> Sorry about this.  What is the original source of this domain?  Did it
> come from Windows or was it provisioned by Samba?
>
> The problem here is that Samba's python libraries are trying to find
> the DNS record they just added over RPC, but can't using LDAP.  They do
> this to fix the ownership of the records, as otherwise they will be
> owed by the administrator, not the DC.
>
> This has become a weak point in our DC join process, but replaces the
> previous weak point where we didn't create the records during the join
> and hoped that they would get created and replicated correctly on first
> startup (this often failed).
>
> Sadly we have multiple different codebases involved here (the old
> existing DC and new versions of Samba joining) and while the remote
> server has found and created the records, the local codebase can't.
>
> None of this is a massive help to you right now, sorry!
>
> We need to improve this area, and we need to allow some of this to fail
> more gracefully.  So much work to do!
>
> Sorry,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team         https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>

More information about the samba mailing list