[Samba] preparing a 2nd DC

Rowland Penny rpenny at samba.org
Fri Feb 1 22:12:48 UTC 2019 

On Fri, 1 Feb 2019 22:27:29 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 30.01.19 um 12:09 schrieb Stefan G. Weichinger via samba:
> > Am 30.01.19 um 11:37 schrieb Rowland Penny via samba:
> > 
> >> You will have to sync sysvol AFTER the join
> >> The join will create the kerberos ticket (unless you are actually
> >> referring to /etc/krb5.conf) and smb.conf.
> >> /etc/resolv.conf needs to point to DC1 before the join and itself
> >> after the join.
> > 
> > phew! I didn't have that on the radar, good that I asked ...
> > 
> > No problem to temporarily disable the rsync-job and rm the kerberos
> > ticket (quick reboot of DC2 during lunch ;-)).
> > 
> > thanks!
> > 
> >>> I hesitate to join the DC2 during work hours ;-) from experience.
> >>
> >> Wise decision ;-)
> > 
> > At least this was done correctly ;-)
> > 
> >>> And I think it's better to ask you *before* I crash my network ;-)
> >>
> >> Oh definitely, better to ask before, it is easier to fix ;-)
> > 
> > great, thanks so far.
> 
> 
> Are we surprised that I face difficulties at the join? no ...
> 
> ;-)
> 
> clean /etc/samba, no krb5.conf
> 
> 
> # samba-tool domain join mydomain.at -U"BUERO\Administrator"
> --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 = yes'
> Password for [BUERO\Administrator]:
> ERROR(runtime): uncaught exception - (-1073741606,
> 'provision_store_self_join failed with
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO') File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 697, in run
>     machinepass=machinepass)
> 
> 
> -
> 
> the smb.conf on DC(1) says:
> 
> [global]
> 	workgroup = BUERO
> 	realm = MYDOMAIN.AT
> 	netbios name = DC
> 
> 
> that comes from old NT4 times
> 
> I wonder if I use wrong realm/domain name or if I miss some package
> on DC2
> 
> dsdb-modules are installed already (were missing at first)
> 
> 

I would have run the command as this:

samba-tool domain join mydomain.at DC --option='idmap_ldb:use rfc2307 =
yes' -UAdministrator

Notice the very big addition (well it is not that big, only two letters)

Also you need the krb5.conf before the join (I did say 'unless you are actually
referring to /etc/krb5.conf')

Rowland

More information about the samba mailing list