[Samba] Problems joining station in domain

Marcio Demetrio Bacci marciobacci at gmail.com
Thu Aug 29 21:10:30 UTC 2019 

Hi,

Attempting to join the domain Bind9_DLZ error occurred again.

root at samba4-dc3:~# samba-tool domain join empresa.com.br DC -k yes --server=
samba4-dc1.empresa.com.br --dns-backend=BIND9_DLZ --verbose -d3
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
INFO 2019-08-29 17:48:28,466 pid:1723
/usr/lib/python3/dist-packages/samba/join.py #1528: workgroup is EMPRESA
INFO 2019-08-29 17:48:28,467 pid:1723
/usr/lib/python3/dist-packages/samba/join.py #1531: realm is empresa.com.br
INFO 2019-08-29 17:48:33,068 pid:1723
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1302:
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs

INFO 2019-08-29 17:48:33,258 pid:1723
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2351: A
Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
INFO 2019-08-29 17:48:33,258 pid:1723
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2352: Merge the
contents of this file with your system krb5.conf or replace it with this
one. Do not create a symlink!
Provision OK for domain DN DC=empresa,DC=com,DC=br
Starting replication
Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
########

Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
#######

Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=empresa,DC=com,DC=br
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[2013/2013]
linked_values[46/0]
Missing target while attempting to apply records: Deleted target CN=NTDS
Settings\0ADEL:7bdcf175-407d-40ec-8c67-65c32e1deffc,CN=SAMBA4-DC3\0ADEL:328ea345-9eef-4902-8eb6-fe2868803170,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
GUID 7bdcf175-407d-40ec-8c67-65c32e1deffc linked from
CN=4a80917f-fd8f-414f-8964-997114a73df3,CN=Partitions,CN=Configuration,DC=empresa,DC=com,DC=br
#####################

Replicated 40 objects (0 linked attributes) for
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Exop on[CN=RID Manager$,CN=System,DC=empresa,DC=com,DC=br] objects[3]
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,DC=empresa,DC=com,DC=br from
032a8fdc-a9b8-425a-88c3-5125986fc59d
####################

Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
#####################

Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,DC=empresa,DC=com,DC=br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Group Policy
Creator Owners,CN=Users,DC=empresa,DC=com,DC=br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=empresa,DC=com,DC=br from
a20c8ed0-c72a-4e57-9e59-2236f127d0b8
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=empresa,DC=com,DC=br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
Discarding older DRS linked attribute update to member on CN=Schema
Admins,CN=Users,DC=empresa,DC=com,DC=br from
71c305c7-564f-44dc-bdc7-c03ee501bd52
INFO 2019-08-29 17:48:54,310 pid:1723
/usr/lib/python3/dist-packages/samba/join.py #1106: Adding 1 remote DNS
records for SAMBA4-DC3.empresa.com.br
Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
INFO 2019-08-29 17:48:54,438 pid:1723
/usr/lib/python3/dist-packages/samba/join.py #1169: Adding DNS A record
SAMBA4-DC3.empresa.com.br for IPv4 IP: 192.168.1.19
INFO 2019-08-29 17:48:54,559 pid:1723
/usr/lib/python3/dist-packages/samba/join.py #1197: Adding DNS CNAME record
a005a39c-b5d8-466c-ab1f-45f7a37013f2._msdcs.empresa.com.br for
SAMBA4-DC3.empresa.com.br
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for EMPRESA from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=EMPRESA)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:4712) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=SAMBA4-DC3,OU=Domain
Controllers,DC=empresa,DC=com,DC=br
Deleted CN=SAMBA4-DC3,OU=Domain Controllers,DC=empresa,DC=com,DC=br
Deleted CN=dns-SAMBA4-DC3,CN=Users,DC=empresa,DC=com,DC=br
Deleted CN=NTDS
Settings,CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Deleted
CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Deleted DC=SAMBA4-DC3,DC=empresa.com.br
,CN=MicrosoftDNS,DC=DomainDnsZones,DC=empresa,DC=com,DC=br
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 700,
in run
    backend_store=backend_store)
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1544, in join_DC
    ctx.do_join()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1445, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1213, in
join_add_dns_records
    dns_partition=forestdns_zone_dn)
  File "/usr/lib/python3/dist-packages/samba/samdb.py", line 1069, in
dns_lookup
    dns_partition=dns_partition)

Would it be better to try to upgrade production DCs first?

Regards,

Márcio Bacci

Em qui, 29 de ago de 2019 às 06:29, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi Rowland
>
> >Excuse me, but what part of 'join the domain and then start Bind9' do
> >you not understand ?
>
> >Of course the file doesn't exist, it is created by the join.
>
> I have never worked with Bind DLZ, only with Internal, so I needed to make
> sure what I am doing, as my servers are in production and working at my
> organization's headquarters, with a network of 800 users.
>
> I will join the new DC in the domain, so get my office hour and give
> feedback to you.
>
> Regards,
>
> Márcio Bacci
>
>
> Em qui, 29 de ago de 2019 às 04:51, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 28/08/2019 21:58, Marcio Demetrio Bacci wrote:
>> > Hi,
>> >
>> > When I restarted my DNS Bind I noticed that it isn't working, as
>> follows:
>> >
>> > /etc/init.d/bind9 status
>> > ● bind9.service - BIND Domain Name Server
>> >    Loaded: loaded (/lib/systemd/system/bind9.service; enabled; vendor
>> > preset: enabled)
>> >   Drop-In: /etc/systemd/system/bind9.service.d
>> >            └─override.conf
>> >    Active: failed (Result: exit-code) since Wed 2019-08-28 17:25:59
>> > -03; 21min ago
>> >      Docs: man:named(8)
>> >   Process: 776 ExecStop=/usr/sbin/rndc stop (code=exited,
>> > status=1/FAILURE)
>> >   Process: 752 ExecStart=/usr/sbin/named -f $OPTIONS (code=exited,
>> > status=1/FAILURE)
>> >  Main PID: 752 (code=exited, status=1/FAILURE)
>> >
>> > ago 28 17:25:59 samba4-dc3 named[752]: using up to 4096 sockets
>> > ago 28 17:25:59 samba4-dc3 named[752]: loading configuration from
>> > '/etc/bind/named.conf'
>> > ago 28 17:25:59 samba4-dc3 named[752]: /etc/bind/named.conf.local:12:
>> > open: /var/lib/samba/private/named.conf: file not found
>>
>> Excuse me, but what part of 'join the domain and then start Bind9' do
>> you not understand ?
>>
>> Of course the file doesn't exist, it is created by the join.
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list