[Samba] Failed when join to an existing Active Directory Domain
Rowland penny
rpenny at samba.org
Sat Oct 12 08:25:23 UTC 2019
On 11/10/2019 21:56, Igor Sousa via samba wrote:
> Hi,
>
> I've tried to update my samba AD/DC environment. Then, I've removed a
> existing offline DC with "samba-tool domain demote
> --remove-other-dead-server=genos". I've re-created "genos" (yes, I try to
> keep the same name and IP address) and install a 4.10.2 samba version (I
> know the new version is 4.11.0). When I've tried to join it on my domain,
> I've received message "Join failed - cleaning up" and the error
> ERROR(runtime): uncaught exception - (9714,
> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST'). I've never seen this error before
> and I don't know how to fix it.
>
> OBS: I've verified on DNS Manager, Active Directory Sites and Services and
> Active Directory Users and Computers if genos demonted was successful.
>
>
> See below the output of join command.
>
> [root at genos ~]# samba-tool domain join smb DC -U"SMB\administrator"
> --dns-backend=BIND9_DLZ --option='idmap_ldb:use rfc2307 = yes'
> INFO 2019-10-11 17:48:28,951 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #103: Finding
> a writeable DC for domain 'smb'
> INFO 2019-10-11 17:48:28,972 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #105: Found DC
> samba4.smb
> Password for [SMB\administrator]:
> INFO 2019-10-11 17:48:35,306 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1519:
> workgroup is SMB
> INFO 2019-10-11 17:48:35,307 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1522: realm
> is smb
> Adding CN=GENOS,OU=Domain Controllers,DC=SMB
> Adding
> CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
> Adding CN=NTDS
> Settings,CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
> Adding SPNs to CN=GENOS,OU=Domain Controllers,DC=SMB
> Setting account password for GENOS$
> Enabling account
> Adding DNS account CN=dns-GENOS,CN=Users,DC=SMB with dns/ SPN
> Setting account password for dns-GENOS
> Calling bare provision
> INFO 2019-10-11 17:48:37,247 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2079: Looking up IPv4 addresses
> INFO 2019-10-11 17:48:37,248 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2096: Looking up IPv6 addresses
> WARNING 2019-10-11 17:48:37,249 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2103: No IPv6 address will be assigned
> INFO 2019-10-11 17:48:38,134 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2269: Setting up share.ldb
> INFO 2019-10-11 17:48:38,164 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2273: Setting up secrets.ldb
> INFO 2019-10-11 17:48:38,194 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2279: Setting up the registry
> INFO 2019-10-11 17:48:38,287 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2282: Setting up the privileges database
> INFO 2019-10-11 17:48:38,333 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2285: Setting up idmap db
> INFO 2019-10-11 17:48:38,362 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2292: Setting up SAM db
> INFO 2019-10-11 17:48:38,369 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #882: Setting up sam.ldb partitions and settings
> INFO 2019-10-11 17:48:38,370 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #894: Setting up sam.ldb rootDSE
> INFO 2019-10-11 17:48:38,375 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #1297: Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness constraint on
> local domainSIDs
>
> INFO 2019-10-11 17:48:38,415 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2342: A Kerberos configuration suitable for Samba AD has been generated at
> /usr/local/samba/private/krb5.conf
> INFO 2019-10-11 17:48:38,416 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2343: Merge the contents of this file with your system krb5.conf or
> replace it with this one. Do not create a symlink!
> Provision OK for domain DN DC=SMB
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[402/1550]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[804/1550]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[1206/1550]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[1550/1550]
> linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=SMB] objects[402/1643] linked_values[0/0]
> Partition[CN=Configuration,DC=SMB] objects[804/1643] linked_values[0/0]
> Partition[CN=Configuration,DC=SMB] objects[1206/1643] linked_values[0/0]
> Partition[CN=Configuration,DC=SMB] objects[1608/1643] linked_values[0/0]
> Partition[CN=Configuration,DC=SMB] objects[1643/1643] linked_values[56/0]
> Failed to commit objects: DOS code 0x000021bf
> Missing target object - retrying with DRS_GET_TGT
> Partition[CN=Configuration,DC=SMB] objects[2045/1643] linked_values[56/0]
> Partition[CN=Configuration,DC=SMB] objects[2447/1643] linked_values[56/0]
> Partition[CN=Configuration,DC=SMB] objects[2849/1643] linked_values[56/0]
> Partition[CN=Configuration,DC=SMB] objects[3251/1643] linked_values[56/0]
> Partition[CN=Configuration,DC=SMB] objects[3286/1643] linked_values[112/0]
> Replicating critical objects from the base DN of the domain
> Partition[DC=SMB] objects[99/99] linked_values[42/0]
> Partition[DC=SMB] objects[402/564] linked_values[0/0]
> ../../lib/ldb/ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value
> in CN=SAULO-THINK,CN=Computers,DC=SMB for index on servicePrincipalName,
> duplicate of objectGUID 449c0f09-c392-498b-9ad1-fce0c288d610 in
> @INDEX:SERVICEPRINCIPALNAME:TERMSRV/SAULO-THINK.SMB
> Partition[DC=SMB] objects[564/564] linked_values[155/0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=SMB
> Partition[DC=DomainDnsZones,DC=SMB] objects[402/858] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=SMB] objects[804/858] linked_values[0/0]
> Partition[DC=DomainDnsZones,DC=SMB] objects[858/858] linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=SMB
> Partition[DC=ForestDnsZones,DC=SMB] objects[76/76] linked_values[0/0]
> Exop on[CN=RID Manager$,CN=System,DC=SMB] objects[3] linked_values[0]
> Committing SAM database
> INFO 2019-10-11 17:49:04,633 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1097: Adding
> 1 remote DNS records for GENOS.smb
> INFO 2019-10-11 17:49:04,753 pid:29652
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1160: Adding
> DNS A record GENOS.smb for IPv4 IP: 10.41.17.130
> Join failed - cleaning up
> Deleted CN=RID Set,CN=GENOS,OU=Domain Controllers,DC=SMB
> Deleted CN=GENOS,OU=Domain Controllers,DC=SMB
> Deleted CN=dns-GENOS,CN=Users,DC=SMB
> Deleted CN=NTDS
> Settings,CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
> Deleted
> CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
> ERROR(runtime): uncaught exception - (9714,
> 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
> File
> "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
> line 185, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py",
> line 699, in run
> backend_store=backend_store)
> File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line
> 1535, in join_DC
> ctx.do_join()
> File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line
> 1436, in do_join
> ctx.join_add_dns_records()
> File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line
> 1178, in join_add_dns_records
> dns_partition=domaindns_zone_dn)
> File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py",
> line 1069, in dns_lookup
> dns_partition=dns_partition)
>
> --
> Igor Sousa
You can ignore anything after 'Join failed - cleaning up', anything
after this is an artefact of the failure.
Was this domain originally a Windows domain ?
Rowland
More information about the samba
mailing list