[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed
Rowland Penny
rpenny at samba.org
Tue Mar 26 09:29:41 UTC 2019
On Tue, 26 Mar 2019 05:18:20 +0100
Franta Hanzlík <franta at hanzlici.cz> wrote:
> Hi Tim and Rowland, thanks for Your support!
> I was thinking about e.g. Python 2.7.15 compatibility (as newer Samba
> versions require Python3), but You are right, here in DB can be
> problem
> - first Samba AD DC was created by migrating Samba3 NT4 domain to
> Samba4 AD cca week ago (using 'samba-tool domain classicupgrade ...',
> according to Samba Wiki):
>
> [root at dc1 samba]# samba-tool dbcheck
> Checking 701 objects
> NOTE: old (due to rename or delete) DN string component for
> lastKnownParent in object CN=RID
> Set\0ADEL:2df6a1a3-2a54-4385-ae71-5d95b1348310,CN=Deleted
> Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain
> Controllers,DC=zamecek,DC=home Not fixing old string component
You can ignore lines like that, the '\0ADEL' means it is a deleted
object and will eventually go away.
> > 2. Try dumping the object it's failing on, just to see if there's
> > anything odd with the objectClass attributes. E.g.
> > ldbsearch -H ldap://$SERVER -b
> > 'CN=Administrator,CN=Users,DC=zamecek,DC=home'
>
> [root at dc1 samba]# ldbsearch
> -H /var/lib/samba/private/sam.ldb.d/DC=ZAMECEK,DC=HOME.ldb
> '(CN=Administrator)'
Do not touch the files found under 'sam.ldb.d', use the 'sam'ldb' file
instead, or use the 'ldbsearch' as shown, not that it would work for
what you require, it should have been something like this:
ldbsearch -H ldap://dc4 -UAdministrator -b
'CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com' -s base
nTSecurityDescriptor
Which (after you enter Administrator's password)) should produce
something like this:
# record 1
dn: CN=Administrator,CN=Users,DC=samdom,DC=example,DC=com
nTSecurityDescriptor: O:DAG:DAD:AI(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWP
CRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;
;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-1
1d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(O
A;;RPWP;77b5b886-944a-11d1-aebd-0000f80367c1;;PS)(OA;;RPWP;e45795b2-9455-11d1
-aebd-0000f80367c1;;PS)(OA;;RPWP;e45795b3-9455-11d1-aebd-0000f80367c1;;PS)(OA
;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768
-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;A
U)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77b5b886-944a-11d1
-aebd-0000f80367c1;;AU)(OA;;RP;e45795b3-9455-11d1-aebd-0000f80367c1;;AU)(OA;;
RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-0
0aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf
967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58
d456d2;;S-1-5-32-560)(OA;;RPWP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32
-561)(OA;;RPWP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)(OA;CIIOID;
RP;4c164200-20c0-11d0-a768-00aa006e0529;4828cc14-1437-45bc-9b07-ad6f015e5f28;
RU)(OA;CIID;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-0
0aa003049e2;RU)(OA;CIIOID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828cc14-14
37-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf
;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;bc0ac240-79a9-11d0-902
0-00c04fc2d4cf;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RP;bc0ac240-7
9a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID
;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828cc14-1437-45bc-9b07-ad6f015e5f28
;RU)(OA;CIID;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-
00aa003049e2;RU)(OA;CIIOID;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828cc14-1
437-45bc-9b07-ad6f015e5f28;RU)(OA;CIID;RP;037088f8-0ae1-11d2-b422-00a0c968f93
9;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIOID;RP;b7c69e6d-2cc7-11d2-85
4e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIOID;RP;b7c69e6
d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CII
D;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e
2;ED)(OA;CIIOID;RPLCLORC;;4828cc14-1437-45bc-9b07-ad6f015e5f28;RU)(OA;CIIOID;
RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(OA;CIID;RPLCLORC;;bf967aba
-0de6-11d0-a285-00aa003049e2;RU)(OA;CIID;RPWPCR;91e647de-d96f-4b70-9557-d63ff
4f3ccd8;;PS)(A;CIID;RPWPCRCCDCLCLORCWOWDSDDTSW;;;EA)(A;CIID;LC;;;RU)(A;CIID;R
PWPCRCCLCLORCWOWDSDSW;;;BA)S:AI(OU;CIIOIDSA;WP;f30e3bbe-9ff0-11d1-b603-0000f8
0367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CIIOIDSA;WP;f30e3bbf-9ff0-
11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
> unicodePwd::
I would change Administrators password, you have given it to the
world ;-)
Rowland
More information about the samba
mailing list