[Samba] Joining a Samba DC to a Windows AD
Andrew Bartlett
abartlet at samba.org
Thu Jun 27 09:38:16 UTC 2019
On Sun, 2019-06-23 at 18:01 +0100, Rowland penny via samba wrote:
> On 23/06/2019 17:36, Marcio Demetrio Bacci wrote:
> > There was an error when I tried to join Samba 4 in the domain, as
> > below:
> >
> > root at samba4dc:~# samba-tool domain join empresa.com.br
> > <http://empresa.com.br> DC -U"EMPRESA\administrator"
> > INFO 2019-06-23 12:48:22,189 pid:728
> > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #103:
> > Finding a writeable DC for domain 'empresa.com.br <
> > http://empresa.com.br>'
> > INFO 2019-06-23 12:48:22,198 pid:728
> > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #105:
> > Found
> > DC windc2.empresa.com.br <http://windc2.empresa.com.br>
> > Password for [EMPRESA\administrator]:
> > INFO 2019-06-23 12:48:33,708 pid:728
> > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1519:
> > workgroup is EMPRESA
> > INFO 2019-06-23 12:48:33,708 pid:728
> > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1522:
> > realm is empresa.com.br <http://empresa.com.br>
> > Adding CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
> > Adding
> > CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-
> > Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> > Adding CN=NTDS
> > Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-
> > Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> > Join failed - cleaning up
> > Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
> > Deleted CN=NTDS
> > Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-
> > Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> > Deleted
> > CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-
> > Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
> > ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -
> > <0000202B: RefErr: DSID-030A0AEB, data 0, 1 access points
> > ref 1:
> > 'd580939f-a8b9-43ea-84e9-be0f9bd29468._msdcs.empresa.com.br
> > <http://msdcs.empresa.com.br>'
> > > <ldap://d580939f-a8b9-43ea-84e9-
> > > be0f9bd29468._msdcs.empresa.com.br
> >
> > <http://msdcs.empresa.com.br>>
> > File
> > "/usr/local/samba/lib/python3.5/site-
> > packages/samba/netcmd/__init__.py",
> > line 185, in _run
> > return self.run(*args, **kwargs)
> > File
> > "/usr/local/samba/lib/python3.5/site-
> > packages/samba/netcmd/domain.py",
> > line 699, in run
> > backend_store=backend_store)
> > File "/usr/local/samba/lib/python3.5/site-
> > packages/samba/join.py",
> > line 1535, in join_DC
> > ctx.do_join()
> > File "/usr/local/samba/lib/python3.5/site-
> > packages/samba/join.py",
> > line 1427, in do_join
> > ctx.join_add_objects()
> > File "/usr/local/samba/lib/python3.5/site-
> > packages/samba/join.py",
> > line 698, in join_add_objects
> > ctx.samdb.modify(m)
> >
>
> You seem to have installed krb5-kdc, you do not need this unless you
> are
> compiling Samba yourself with MIT, but this is not recommended
> because
> it is marked as experimental.
G'Day Rowland,
I don't think this is related. What it will be related to is the
existing DNS zones and the layout of the DNS partitions on the windows
AD DC. There seems to be a fair bit of variation in how that can be
done, and this isn't the first big of trouble we have hit.
The easiest fix is to try and make that as 'standard' as possible on
the windows side of things.
> You also have a line '127.0.1.1' in /etc/hosts pointing to your
> hosts
> info, you should remove this and whatever is also running on port 53
>
> Can I ask, are you trying to join an existing Samba AD DC to the
> Windows
> domain ?
A join just overwites the local domain in any case, just like a local
provision.
I hope this clarifies things.
Andrew Bartlett
--
Andrew Bartlett https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Developer, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba
mailing list