[Samba] Problem to join Samba 4 DC an existing Windows AD
L.P.H. van Belle
belle at bazuin.nl
Tue Jun 25 14:20:06 UTC 2019
Hai Marcio,
Please keep mailing to the list, that helps everybody. ;-)
Question, does the Windows AD domain contain MS Exchange also?
Ow and my bad.. This : samba-tool domain tombstones expunge
You need to purge the tombstones on the windows server,
but forget that all.
I had a new look and noticed:
root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC -Uadministrator --realm=empresa.com.br
( a bit of a strange folder also to be in.. )
And what does the wiki tell me.
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
There are three authentication methods you can us:
samba-tool domain join samdom.example.com DC -U"SAMDOM\administrator"
samba-tool domain join samdom.example.com DC -k yes
samba-tool domain join samdom.example.com DC --krb5-ccache=/tmp/krb5cc_0
And yours, what is the difference.. ?
samba-tool domain join empresa.com.br DC -Uadministrator --realm=empresa.com.br
I suggest this.
Kinit Administrator
Then you know kerberos auth also works.
Then try : samba-tool domain join empresa.com.br DC -k yes
And kdestroy to remove the kerberos ticket.
Now, if you keep having problems with it, and your using own compiled setup,
Then show the compile parameters, or ..
Remove the compiled version and use my repo (http://apt.van-belle.nl)
And you can install 4.10.5 also on stretch with apt-get.
Greetz,
Louis
________________________________
Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
Verzonden: maandag 24 juni 2019 19:11
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Problem to join Samba 4 DC an existing Windows AD
Hi,
Follows the results of commands below executed in Samba 4:
>Maybe first run : samba-tool domain tombstones expunge
samba-tool domain tombstones expunge
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
dsdb_schema_from_db() failed: 32:No such object: dsdb_schema: failed to search attributeSchema and classSchema objects: No such Base DN: CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
dsdb_get_schema: refresh_fn() failed
schema_load_init: dsdb_get_schema failed
module schema_load initialization failed : Operations error
module dsdb_notification initialization failed : Operations error
module rootdse initialization failed : Operations error
module samba_dsdb initialization failed : Operations error
Unable to load modules for tdb:///usr/local/samba/private/sam.ldb: schema_load_init: dsdb_get_schema failed
ERROR(ldb): uncaught exception - schema_load_init: dsdb_get_schema failed
File "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py", line 185, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line 3913, in run
credentials=creds, lp=lp)
File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py", line 67, in __init__
options=options)
File "/usr/local/samba/lib/python3.5/site-packages/samba/__init__.py", line 115, in __init__
self.connect(url, flags, options)
File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py", line 82, in connect
options=options)
>Check the DNS if any leftovers and check with RSAT also for leftovers.
There isn't leftovers.
>Then run : samba-tool dbcheck --cross-nc
samba-tool dbcheck --cross-nc
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
dsdb_schema_from_db() failed: 32:No such object: dsdb_schema: failed to search attributeSchema and classSchema objects: No such Base DN: CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
dsdb_get_schema: refresh_fn() failed
schema_load_init: dsdb_get_schema failed
module schema_load initialization failed : Operations error
module dsdb_notification initialization failed : Operations error
module rootdse initialization failed : Operations error
module samba_dsdb initialization failed : Operations error
Unable to load modules for tdb:///usr/local/samba/private/sam.ldb: schema_load_init: dsdb_get_schema failed
ERROR: Failed to connect to DB at None. If this is a really old sam.ldb (before alpha9), then try again with --force-modules
>DNS domain = empresa.com.br <http://empresa.com.br/> and Kerberos domain = EMPRESA.COM.BR <http://empresa.com.br/>
>These are NOT the same.
OK.
root at samba4dc:~# cat /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = EMPRESA.COM.BR
cat /etc/resolv.conf
domain empresa.com.br
search empresa.com.br
nameserver 172.30.1.1 # is not the Windows DC
nameserver 172.30.1.2 # is not the Windows DC
We use bind as authorative DNS. The Windows DC only receves updates of the bind servers.
Regards,
Márcio Bacci
Em seg, 24 de jun de 2019 às 12:09, L.P.H. van Belle via samba <samba at lists.samba.org> escreveu:
> > ERROR(runtime): uncaught exception - (8639, "Failed to
> > process 'chunk' of
> > DRS replicated objects: DOS code 0x000021bf")
0x000021bf :
The replication operation failed because the target object referred by a link value is recycled.
Maybe first run : samba-tool domain tombstones expunge
Check the DNS if any leftovers and check with RSAT also for leftovers.
Then run : samba-tool dbcheck --cross-nc
Fix things where needed.
THEN join.
And use :
samba-tool domain join empresa.com.br DC -Uadministrator --realm=EMPRESA.COM.BR
DNS domain = empresa.com.br and Kerberos domain = EMPRESA.COM.BR
These are NOT the same.
Greetz,
Louis
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list