[Samba] Problem to join Samba 4 DC an existing Windows AD

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Jun 24 14:11:26 UTC 2019


Hi,

My DCs are Windows Server 2008 (not R2) and I intend to replace then by
Samba 4.

I'm using Samba 4.10.5 on Debian 9.9

when I execute the commands below it seems that errors occur of not receive
replication of the objects from the base of AD or no commit the operation:

root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC
-Uadministrator --realm=empresa.com.br

INFO 2019-06-23 20:53:06,973 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #103: Finding a
writeable DC for domain 'empresa.com.br'
INFO 2019-06-23 20:53:06,981 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #105: Found DC
navegantes.empresa.com.br
Password for [WORKGROUP\administrator]:
INFO 2019-06-23 20:53:18,322 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1519: workgroup
is EMPRESA
INFO 2019-06-23 20:53:18,323 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1522: realm is
empresa.com.br
Adding CN=SAMBA4DC,OU=Domain Controllers,DC=empres,DC=com,DC=br
Adding
CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Adding CN=NTDS
Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Adding SPNs to CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
Setting account password for SAMBA4DC$
Enabling account
Calling bare provision
INFO 2019-06-23 20:53:22,325 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2079: Looking up IPv4 addresses
INFO 2019-06-23 20:53:22,325 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2096: Looking up IPv6 addresses
WARNING 2019-06-23 20:53:22,326 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2103: No IPv6 address will be assigned
INFO 2019-06-23 20:53:22,621 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2269: Setting up share.ldb
INFO 2019-06-23 20:53:22,775 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2273: Setting up secrets.ldb
INFO 2019-06-23 20:53:22,884 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2279: Setting up the registry
INFO 2019-06-23 20:53:23,021 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2282: Setting up the privileges database
INFO 2019-06-23 20:53:23,070 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2285: Setting up idmap db
INFO 2019-06-23 20:53:23,143 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2292: Setting up SAM db
INFO 2019-06-23 20:53:23,158 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#882: Setting up sam.ldb partitions and settings
INFO 2019-06-23 20:53:23,161 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#894: Setting up sam.ldb rootDSE
INFO 2019-06-23 20:53:23,166 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#1297: Pre-loading the Samba 4 and AD schema

*Unable to determine the DomainSID, can not enforce uniqueness constraint
on local domainSIDs*
INFO 2019-06-23 20:53:23,200 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2342: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2019-06-23 20:53:23,200 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2343: Merge the contents of this file with your system krb5.conf or
replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=empres,DC=com,DC=br
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[402/1626] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[804/1626] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[1206/1626] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[1521/1626] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[402/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[804/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1206/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1608/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1696/1262]
linked_values[46/46]
dsdb_replicated_objects_convert: Ignoring object outside partition
43911352-587f-417a-a791-3faab1c8944f
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br:
WERR_DS_ADD_REPLICA_INHIBITED
Replicating critical objects from the base DN of the domain
Partition[DC=empresa,DC=com,DC=br] objects[101/546] linked_values[18/257]
Partition[DC=empresa,DC=com,DC=br] objects[402/2392] linked_values[0/257]
Partition[DC=empresa,DC=com,DC=br] objects[806/2392] linked_values[50/257]

*Failed to commit objects: DOS code 0x000021bfJoin failed - cleaning up*
Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
Deleted CN=NTDS
Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Deleted
CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
ERROR(runtime): uncaught exception - (8639, "Failed to process 'chunk' of
DRS replicated objects: DOS code 0x000021bf")
  File
"/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py",
line 185, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line
699, in run
    backend_store=backend_store)
  File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
1535, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
1429, in do_join
    ctx.join_replicate()
  File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
977, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
line 356, in replicate
    raise e
  File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
line 343, in replicate
    self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
  File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
line 237, in process_chunk
    schema=schema, req_level=req_level, req=req)


Does anybody have an idea how to solve this problem?

Regards,

Márcio Bacci


More information about the samba mailing list