[Samba] Possibly WERR_DS_DRA_ACCESS_DENIED or NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Rowland Penny
rpenny at samba.org
Thu May 2 18:24:39 UTC 2019
On Thu, 2 May 2019 12:59:28 -0400
James Fowler <fowlerj at adst.org> wrote:
> root at DC2:~# samba-tool domain join DOMAIN1.DOMAIN DC
> --username='DOMAIN1\EnterpriseAdminUser' --realm='DOMAIN1.DOMAIN'
> --site='Default-First-Site' --server='DC1' --dns-backend=BIND9_DLZ
> --workgroup='DOMAIN1' -d 3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
> Password for [DOMAIN1\EnterpriseAdminUser]:
> workgroup is DOMAIN1
> realm is DOMAIN1.DOMAIN
> Adding CN=DC2,OU=Domain Controllers,DC=DOMAIN1,DC=DOMAIN
I take it, that it didn't work.
You have this:
--site='Default-First-Site'
Have you created a site called 'Default-First-Site' ? by default it is
'--site='Default-First-Site-Name'
If you are trying to join the site 'Default-First-Site-Name', then
there is no need to give the option.
Have you read this:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
What version of Samba are you using ?
Rowland
More information about the samba
mailing list