[Samba] Join Samba to a Windows AD 'WERR_DS_NO_CROSSREF_FOR_NC'

René Schmidt rene at schmidthome-sh.de
Fri Jul 19 16:40:40 UTC 2019 

Hello everybody,

 
I have a new AD which is installed on a Windows Server 2019. Now I want to add a Samba DC to this AD.

The Samba DC is in the same subnet.

Samba Server:

Ubuntu 18.04

Samba 4.10.6

 
The Windows AD has the following settings:

PS C: \ Users \ Administrator> Get-ADForest

ApplicationPartitions: {DC = DomainDnsZones, DC = mydom, DC = local, DC = ForestDnsZones, DC = mydom, DC = local}

CrossForestReferences: {}

DomainNamingMaster: WAD.mydom.local

Domains: {mydom.local}

ForestMode: Windows2008R2Forest

GlobalCatalogs: {WAD.mydom.local}

Name: mydom.local

PartitionContainer: CN = Partitions, CN = Configuration, DC = mydom, DC = local

RootDomain: mydom.local

SchemaMaster: WAD.mydom.local

Sites: {Default First Site Name}

SPNSuffixes: {}

 
 
When I try to join the Samba server I get the following message:

samba-tool domain join mydom.local DC -k yes

INFO 2019-07-19 18:30:06,496 pid:25035 /usr/local/samba/lib/python3.6/site-packages/samba/join.py #103: Finding a writeable DC for domain mydom.local'

INFO 2019-07-19 18:30:06,533 pid:25035 /usr/local/samba/lib/python3.6/site-packages/samba/join.py #105: Found DC WAD. mydom.local

INFO 2019-07-19 18:30:06,783 pid:25035 /usr/local/samba/lib/python3.6/site-packages/samba/join.py #1519: workgroup is mydom

INFO 2019-07-19 18:30:06,789 pid:25035 /usr/local/samba/lib/python3.6/site-packages/samba/join.py #1522: realm is mydom.local

Adding CN=SAD,OU=Domain Controllers,DC= mydom,DC=local

Adding CN=SAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC= mydom,DC=local

Adding CN=NTDS Settings,CN=DE03VM13,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC= mydom,DC=local

DsAddEntry failed with status WERR_ACCESS_DENIED info (8363, 'WERR_DS_NO_CROSSREF_FOR_NC')

Join failed - cleaning up

Deleted CN=SAD,OU=Domain Controllers,DC= mydom,DC=local

Deleted CN=SAD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC= mydom,DC=local

ERROR(runtime): uncaught exception - DsAddEntry failed

  File "/usr/local/samba/lib/python3.6/site-packages/samba/netcmd/__init__.py", line 185, in _run

    return self.run(*args, **kwargs)

  File "/usr/local/samba/lib/python3.6/site-packages/samba/netcmd/domain.py", line 700, in run

    backend_store=backend_store)

  File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 1535, in join_DC

    ctx.do_join()

  File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 1427, in do_join

    ctx.join_add_objects()

  File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 669, in join_add_objects

    ctx.join_add_ntdsdsa()

  File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 594, in join_add_ntdsdsa

    ctx.DsAddEntry([rec])

  File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 543, in DsAddEntry

    raise RuntimeError("DsAddEntry failed")

 
What can I do?

More information about the samba mailing list