[Samba] Join Samba to a Windows AD 'WERR_DS_NO_CROSSREF_FOR_NC'
Tim Beale
timbeale at catalyst.net.nz
Mon Jul 22 05:18:21 UTC 2019
On 21/07/19 2:59 AM, René Schmidt via samba wrote:
> Adding CN = SAD, CN = Servers, CN = Default First Site Name, CN = Sites, CN = Configuration, DC = mydom, DC = local
> Adding CN = NTDS Settings, CN = SAD, CN = Servers, CN = Default First Site Name, CN = Sites, CN = Configuration, DC = mydom, DC = local
> DsAddEntry failed with status WERR_ACCESS_DENIED info (8363, 'WERR_DS_NO_CROSSREF_FOR_NC')
> Join failed - cleaning up
> Deleted CN = SAD, OU = domain controllers, DC = mydom, DC = local
> Deleted CN = SAD, CN = Servers, CN = Default First Site Name, CN = Sites, CN = Configuration, DC = mydom, DC = local
> ERROR (runtime): uncaught exception - DsAddEntry failed
> File "/usr/local/samba/lib/python3.6/site-packages/samba/netcmd/__init__.py", line 185, in _run
> return self.run (* args, ** kwargs)
> File "/usr/local/samba/lib/python3.6/site-packages/samba/netcmd/domain.py", line 700, in run
> backend_store = backend_store)
> File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 1535, in join_DC
> ctx.do_join ()
> File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 1427, in do_join
> ctx.join_add_objects ()
> File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 669, in join_add_objects
> ctx.join_add_ntdsdsa ()
> File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 594, in join_add_ntdsdsa
> ctx.DsAddEntry ([REC])
> File "/usr/local/samba/lib/python3.6/site-packages/samba/join.py", line 543, in DsAddEntry
> raise RuntimeError ("DsAddEntry failed")
I see this problem trying to join Windows too. I think this is broken on
Samba v4.10 and v4.11/master. Using v4.7 and v4.9 seems to work OK.
It looks like the problem might be a python2 vs python3 issue. So if
anyone else hits this on v4.10 and has the samba python2 packages
installed, then they could try running the samba-tool command under
python2, e.g. '$(which python2) samba-tool domain join...'.
Our current suspicion is that it's a list/dictionary ordering problem,
so alternatively if you run the command enough times with python3 it
might also eventually work...
More information about the samba
mailing list