[Samba] Adding new DC causes samba.join.DCJoinException

[Rowland penny]

On 09/07/2019 09:56, William Edwards via samba wrote:
> Hi,
>
>
> I have a primary DC that I provisioned with this command:
No you haven't, you have an AD DC, a PDC is something else entirely ;-)
>
>
> samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm={{ samba_default_realm }} --domain={{ samba_default_realm_domain }} --adminpass={{ samba_ldap_adminpw }}
>
>
> I am now trying to provision a second DC in the same domain with the command:
No, you are trying to join another DC to your AD domain ;-)
>
>
> samba-tool domain join {{ samba_default_realm | lower }} DC -U"{{ samba_default_realm_domain }}\Administrator" --password={{ samba_ldap_adminpw }}
>
>
> Naturally, the variables ({{ }}) are replaced with actual values.
>
>
> However, when I run the second command on the new DC, I get:
>
>
> --
>
> resolve_lmhosts: Attempting lmhosts lookup for name DC1.domain.tld<0x20>
> ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't join, error: Not removing account DC2$ which looks like a Samba DC account matching the password we already have.  To override, remove secrets.ldb and secrets.tdb

Did you have a DC called 'DC2' before ?

Or have you tried multiple times to join the DC ?

Try doing what it is telling you to do, remove secrets.ldb & secrets.tdb 
(they are in /var/lib/samba/private by default on Debian)

Rowland