[Samba] Problem to join Samba 4 DC an existing Windows AD
Rowland penny
rpenny at samba.org
Mon Jun 24 14:24:30 UTC 2019
On 24/06/2019 15:11, Marcio Demetrio Bacci via samba wrote:
> Hi,
>
> My DCs are Windows Server 2008 (not R2) and I intend to replace then by
> Samba 4.
>
> I'm using Samba 4.10.5 on Debian 9.9
>
> when I execute the commands below it seems that errors occur of not receive
> replication of the objects from the base of AD or no commit the operation:
>
> root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC
> -Uadministrator --realm=empresa.com.br
>
> INFO 2019-06-23 20:53:06,973 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/join.py #103: Finding a
> writeable DC for domain 'empresa.com.br'
> INFO 2019-06-23 20:53:06,981 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/join.py #105: Found DC
> navegantes.empresa.com.br
> Password for [WORKGROUP\administrator]:
> INFO 2019-06-23 20:53:18,322 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1519: workgroup
> is EMPRESA
> INFO 2019-06-23 20:53:18,323 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1522: realm is
> empresa.com.br
> Adding CN=SAMBA4DC,OU=Domain Controllers,DC=empres,DC=com,DC=br
> Adding
> CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> Adding CN=NTDS
> Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> Adding SPNs to CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
> Setting account password for SAMBA4DC$
> Enabling account
> Calling bare provision
> INFO 2019-06-23 20:53:22,325 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2079: Looking up IPv4 addresses
> INFO 2019-06-23 20:53:22,325 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2096: Looking up IPv6 addresses
> WARNING 2019-06-23 20:53:22,326 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2103: No IPv6 address will be assigned
> INFO 2019-06-23 20:53:22,621 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2269: Setting up share.ldb
> INFO 2019-06-23 20:53:22,775 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2273: Setting up secrets.ldb
> INFO 2019-06-23 20:53:22,884 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2279: Setting up the registry
> INFO 2019-06-23 20:53:23,021 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2282: Setting up the privileges database
> INFO 2019-06-23 20:53:23,070 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2285: Setting up idmap db
> INFO 2019-06-23 20:53:23,143 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2292: Setting up SAM db
> INFO 2019-06-23 20:53:23,158 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #882: Setting up sam.ldb partitions and settings
> INFO 2019-06-23 20:53:23,161 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #894: Setting up sam.ldb rootDSE
> INFO 2019-06-23 20:53:23,166 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #1297: Pre-loading the Samba 4 and AD schema
>
> *Unable to determine the DomainSID, can not enforce uniqueness constraint
> on local domainSIDs*
> INFO 2019-06-23 20:53:23,200 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2342: A Kerberos configuration suitable for Samba AD has been generated at
> /usr/local/samba/private/krb5.conf
> INFO 2019-06-23 20:53:23,200 pid:674
> /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
> #2343: Merge the contents of this file with your system krb5.conf or
> replace it with this one. Do not create a symlink!
> Provision OK for domain DN DC=empres,DC=com,DC=br
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
> objects[402/1626] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
> objects[804/1626] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
> objects[1206/1626] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
> objects[1521/1626] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[402/1262]
> linked_values[0/46]
> Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[804/1262]
> linked_values[0/46]
> Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1206/1262]
> linked_values[0/46]
> Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1608/1262]
> linked_values[0/46]
> Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1696/1262]
> linked_values[46/46]
> dsdb_replicated_objects_convert: Ignoring object outside partition
> 43911352-587f-417a-a791-3faab1c8944f
> CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br:
> WERR_DS_ADD_REPLICA_INHIBITED
> Replicating critical objects from the base DN of the domain
> Partition[DC=empresa,DC=com,DC=br] objects[101/546] linked_values[18/257]
> Partition[DC=empresa,DC=com,DC=br] objects[402/2392] linked_values[0/257]
> Partition[DC=empresa,DC=com,DC=br] objects[806/2392] linked_values[50/257]
>
> *Failed to commit objects: DOS code 0x000021bfJoin failed - cleaning up*
> Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
> Deleted CN=NTDS
> Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> Deleted
> CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> ERROR(runtime): uncaught exception - (8639, "Failed to process 'chunk' of
> DRS replicated objects: DOS code 0x000021bf")
> File
> "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py",
> line 185, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line
> 699, in run
> backend_store=backend_store)
> File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> 1535, in join_DC
> ctx.do_join()
> File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> 1429, in do_join
> ctx.join_replicate()
> File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line
> 977, in join_replicate
> replica_flags=ctx.domain_replica_flags)
> File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
> line 356, in replicate
> raise e
> File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
> line 343, in replicate
> self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
> File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
> line 237, in process_chunk
> schema=schema, req_level=req_level, req=req)
>
>
> Does anybody have an idea how to solve this problem?
>
> Regards,
>
> Márcio Bacci
Are you still compiling Samba yourself ?
What function level is the Windows domain running at ?
Finally, just because you didn't like the advice you got before, it
isn't a reason to open a new thread on the same subject, you should have
replied to your original thread.
Rowland
More information about the samba
mailing list