[Samba] Problem joining domain [SEC=UNCLASSIFIED]

L.P.H. van Belle belle at bazuin.nl
Wed Jun 12 09:02:30 UTC 2019 

I migth be picky in thise things, but setting this things correct from start helps avoiding problems. 

I suggest you make a small adjustment to your smb.conf. 
Change : 
realm = SSUNIT050.local
To 
realm = SSUNIT050.LOCAL 

Realms always in caps, or it might bit you somewhere else and these things are often hard to find. 
(Note, unrelated to the problem in this case) 


Greetz,

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Thamm, Russell via samba
> Verzonden: woensdag 12 juni 2019 9:37
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED]
> 
> UNCLASSIFIED
> 
> Sorry to be a bloody pest, but I've hit a new problem.
> 
> I shutdown the 2003 server & seized the roles. I then 
> upgraded to samba 4.7.12. and demoted the 2003 server.
> 
> Everything seemed to be working OK for several days, so I 
> upgraded to 4.8.12.
> 
> All seems OK except  samba-tool dbcheck gives an error
> 
> [root at julius samba-4.8.12]# samba-tool dbcheck -v --cross-ncs 
> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No 
> such element'
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/_
> _init__.py", line 177, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/d
> bcheck.py", line 142, in run
>     check_expired_tombstones=selftest_check_expired_tombstones)
>   File 
> "/usr/local/samba/lib64/python2.7/site-packages/samba/dbchecke
> r.py", line 200, in __init__
>     self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0])
> 
> dbcheck ran fine before the upgrade
> 
> Any ideas on how to fix this?
> 
> My smb.conf is:
> 
> # Global parameters
> [global]
> 	workgroup = SSUNIT050
> 	realm = SSUNIT050.local
> 	netbios name = JULIUS
> 	server role = active directory domain controller
> 	server services = rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbind, ntp_signd, kcc, dnsupdate, dns, s3fs [netlogon]
> 	path = /usr/local/samba/var/locks/sysvol/ssunit050.local/scripts
> 	read only = No
> 
> [sysvol]
> 	path = /usr/local/samba/var/locks/sysvol
> 	read only = No
> 
> 
> All versions of samba were built without any build settings.
> 
> This is the only DC on the network.
> 
> Cheers
> Russell
> 
> -----Original Message-----
> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf 
> Of Rowland penny via samba
> Sent: Wednesday, 5 June, 2019 5:15 p.m.
> To: sambalist
> Subject: Re: [Samba] Problem joining domain [SEC=UNCLASSIFIED]
> 
> On 05/06/2019 08:18, Thamm, Russell wrote:
> > UNCLASSIFIED
> >
> > I built another PC using Centos7 and samba 4.1.7.
> >
> > This got further but gave a segmentation fault. On 
> successive runs, I
> > got: Your filesystem or build does not support posix ACLs, 
> which s3f3 
> > requires. (This is BS)
> What filesystem as this ?
> >
> > So I tried the next version that I had downloaded 4.3.3. 
> With this I was able to successfully join the domain.
> >
> > I am thinking to:
> >
> > 1) seize roles with samba 3.3 server
> 
> I do hope you meant '4.3.3' ;-)
> 
> I would try to transfer them first, then seize if this fails 
> (add --force to the seize command)
> 
> > 2) shutdown 2003 server
> > 3) join domain with samba 4.10 server
> 
> I wouldn't do that, there was a bug that left you with a 
> non-operating DC
> 
> This is where I would 'walk' up the minor versions 4.3.3 -> 
> 4.7.x -> 4.8.x -> 4.10.x
> 
> > 4) transfer roles to samba 4.10 server
> > 5) demote samba 3.3 server (this PC is a loaner)
> >
> > Is there any benefit in walking up the versions from 3.3 to 
> 4.8.x before seizing the roles?
> >
> > When you say "walk up the versions", do you mean 4.4, 4.5, 
> 4.6, 4.7, 4.8?
> 
> I hope my explanation above answers those questions.
> 
> Rowland
> 
> >
> > Cheers
> > Russell
> >
> >
> >
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> IMPORTANT: This email remains the property of the Department 
> of Defence and is subject to the jurisdiction of section 70 
> of the Crimes Act 1914. If you have received this email in 
> error, you are requested to contact the sender and delete the email.
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list