[Samba] Trouble joining DC Bind9_DLZ
Marcio Demetrio Bacci
marciobacci at gmail.com
Tue Sep 3 09:07:37 UTC 2019
Hi,
I'm using Samba 4.10.7 with Bind9_DLZ (9.10.3-P4-Debian), but I'm not
getting to insert a new DC into the Domain. My SO is a VM Debian 9.9.
Following is the command used and the error:
root at samba4-dc3:/var/lib/samba/private# samba-tool domain join
empresa.com.br DC -k yes --server=samba4-dc1.empresa.com.br
--dns-backend=BIND9_DLZ -d 3
INFO 2019-09-02 15:50:33,684 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2291: Setting
up the privileges database
INFO 2019-09-02 15:50:34,188 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting
up idmap db
INFO 2019-09-02 15:50:34,549 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2301: Setting
up SAM db
INFO 2019-09-02 15:50:34,644 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #882: Setting up
sam.ldb partitions and settings
INFO 2019-09-02 15:50:34,645 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #894: Setting up
sam.ldb rootDSE
INFO 2019-09-02 15:50:34,724 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1302:
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2019-09-02 15:50:34,892 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2351: A
Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
INFO 2019-09-02 15:50:34,893 pid:6636
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2352: Merge the
contents of this file with your system krb5.conf or replace it with this
one. Do not create a symlink!
Provision OK for domain DN empresa.com.br
Starting replication
Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc1.empresa.com.br<0x20>
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[402/1518]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[804/1518]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1206/1518]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1518/1518]
linked_values[0/0]
Analyze and apply schema objects
Replicated 1518 objects (0 linked attributes) for
CN=Schema,CN=Configuration,empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[402/2023]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[804/2023]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[1206/2023]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[1608/2023]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[2010/2023]
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for CN=Configuration,
empresa.com.br
Partition[CN=Configuration,empresa.com.br] objects[2023/2023]
linked_values[36/36]
Replicated 13 objects (36 linked attributes) for CN=Configuration,
empresa.com.br
Replicating critical objects from the base DN of the domain
Partition[empresa.com.br] objects[103/103] linked_values[45/45]
Replicated 103 objects (45 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[402/2296] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[804/2296] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[1206/2296] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[1608/2296] linked_values[0/764]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[2010/2296] linked_values[0/1066]
Replicated 402 objects (0 linked attributes) for empresa.com.br
Partition[empresa.com.br] objects[2296/2296] linked_values[1066/1066]
../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
CN=COMP0082,CN=Computers,empresa.com.br for index on servicePrincipalName,
duplicate of objectGUID 1c0cc09b-a4c2-4e2d-9544-d49f82b436f3 in
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/COMP0082.EMPRESA.COM.BR
../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
CN=COMP0013,CN=Computers,empresa.com.br for index on servicePrincipalName,
duplicate of objectGUID be74c1a9-d80b-4922-90f5-94a8c86632ad in
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/COMP0013.EMPRESA.COM.BR
Replicated 286 objects (1066 linked attributes) for empresa.com.br
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,empresa.com.br
Partition[DC=DomainDnsZones,empresa.com.br] objects[402/692]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for DC=DomainDnsZones,
empresa.com.br
Partition[DC=DomainDnsZones,empresa.com.br] objects[692/692]
linked_values[0/0]
Replicated 290 objects (0 linked attributes) for DC=DomainDnsZones,
empresa.com.br
Replicating DC=ForestDnsZones,empresa.com.br
Partition[DC=ForestDnsZones,empresa.com.br] objects[40/40]
linked_values[0/0]
Replicated 40 objects (0 linked attributes) for DC=ForestDnsZones,
empresa.com.br
Exop on[CN=RID Manager$,CN=System,empresa.com.br] objects[3]
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,empresa.com.br from 032a8fdc-a9b8-425a-88c3-5125986fc59d
#### OMITTED #####
INFO 2019-09-02 15:50:51,647 pid:6636
/usr/lib/python3/dist-packages/samba/join.py #1169: Adding DNS A record
SAMBA4-DC3.empresa.com.br for IPv4 IP: 172.30.1.19
INFO 2019-09-02 15:50:51,699 pid:6636
/usr/lib/python3/dist-packages/samba/join.py #1197: Adding DNS CNAME record
956bafb9-4aa8-4f91-8615-6b5af36b91fa._msdcs.empresa.com.br for
SAMBA4-DC3.empresa.com.br
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for EMPRESA from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=EMPRESA)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:4712) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=SAMBA4-DC3,OU=Domain Controllers,empresa.com.br
Deleted CN=SAMBA4-DC3,OU=Domain Controllers,empresa.com.br
Deleted CN=dns-SAMBA4-DC3,CN=Users,empresa.com.br
Deleted CN=NTDS
Settings,CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
empresa.com.br
Deleted
CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
empresa.com.br
Deleted DC=SAMBA4-DC3,DC=empresa.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,
empresa.com.br
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 700,
in run
backend_store=backend_store)
File "/usr/lib/python3/dist-packages/samba/join.py", line 1544, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1445, in do_join
ctx.join_add_dns_records()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1213, in
join_add_dns_records
dns_partition=forestdns_zone_dn)
File "/usr/lib/python3/dist-packages/samba/samdb.py", line 1069, in
dns_lookup
dns_partition=dns_partition)
I have saw that there are duplicate objects in the base, but I believe this
is not the cause of the problem.
Also I have verified that I can only find my FQDN domain. The short name
does not respond. I don't know if that would be a problem.
root at samba4-dc3:~# host -t A EMPRESA.COM.BR
EMPRESA.COM.BR has address 192.168.1.20
EMPRESA.COM.BR has address 192.168.1.22
root at samba4-dc3:~# host -t A EMPRESA
Host EMPRESA not found: 3(NXDOMAIN)
Can anybody help me ?
Regards,
Márcio Bacci
Em seg, 2 de set de 2019 às 16:14, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> I'm using Samba 4.10.7 with Bind9_DLZ (9.10.3-P4-Debian), but I'm not
> getting to insert a new DC into the Domain.
>
> Following is the command used and the error:
>
> root at samba4-dc3:/var/lib/samba/private# samba-tool domain join
> empresa.com.br DC -k yes --server=samba4-dc1.empresa.com.br
> --dns-backend=BIND9_DLZ -d 3
> INFO 2019-09-02 15:50:33,684 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2291: Setting
> up the privileges database
> INFO 2019-09-02 15:50:34,188 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting
> up idmap db
> INFO 2019-09-02 15:50:34,549 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2301: Setting
> up SAM db
> INFO 2019-09-02 15:50:34,644 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #882: Setting up
> sam.ldb partitions and settings
> INFO 2019-09-02 15:50:34,645 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #894: Setting up
> sam.ldb rootDSE
> INFO 2019-09-02 15:50:34,724 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #1302:
> Pre-loading the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of metadata.tdb
> gave: (null)
> Unable to determine the DomainSID, can not enforce uniqueness constraint
> on local domainSIDs
>
> INFO 2019-09-02 15:50:34,892 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2351: A
> Kerberos configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> INFO 2019-09-02 15:50:34,893 pid:6636
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2352: Merge the
> contents of this file with your system krb5.conf or replace it with this
> one. Do not create a symlink!
> Provision OK for domain DN empresa.com.br
> Starting replication
> Using binding ncacn_ip_tcp:samba4-dc1.empresa.com.br[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> samba4-dc1.empresa.com.br<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> samba4-dc1.empresa.com.br<0x20>
> Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[402/1518]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[804/1518]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1206/1518]
> linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,empresa.com.br] objects[1518/1518]
> linked_values[0/0]
> Analyze and apply schema objects
> Replicated 1518 objects (0 linked attributes) for
> CN=Schema,CN=Configuration,empresa.com.br
> Partition[CN=Configuration,empresa.com.br] objects[402/2023]
> linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for CN=Configuration,
> empresa.com.br
> Partition[CN=Configuration,empresa.com.br] objects[804/2023]
> linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for CN=Configuration,
> empresa.com.br
> Partition[CN=Configuration,empresa.com.br] objects[1206/2023]
> linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for CN=Configuration,
> empresa.com.br
> Partition[CN=Configuration,empresa.com.br] objects[1608/2023]
> linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for CN=Configuration,
> empresa.com.br
> Partition[CN=Configuration,empresa.com.br] objects[2010/2023]
> linked_values[0/20]
> Replicated 402 objects (0 linked attributes) for CN=Configuration,
> empresa.com.br
> Partition[CN=Configuration,empresa.com.br] objects[2023/2023]
> linked_values[36/36]
> Replicated 13 objects (36 linked attributes) for CN=Configuration,
> empresa.com.br
> Replicating critical objects from the base DN of the domain
> Partition[empresa.com.br] objects[103/103] linked_values[45/45]
> Replicated 103 objects (45 linked attributes) for empresa.com.br
> Partition[empresa.com.br] objects[402/2296] linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for empresa.com.br
> Partition[empresa.com.br] objects[804/2296] linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for empresa.com.br
> Partition[empresa.com.br] objects[1206/2296] linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for empresa.com.br
> Partition[empresa.com.br] objects[1608/2296] linked_values[0/764]
> Replicated 402 objects (0 linked attributes) for empresa.com.br
> Partition[empresa.com.br] objects[2010/2296] linked_values[0/1066]
> Replicated 402 objects (0 linked attributes) for empresa.com.br
> Partition[empresa.com.br] objects[2296/2296] linked_values[1066/1066]
> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
> CN=COMP0082,CN=Computers,empresa.com.br for index on
> servicePrincipalName, duplicate of objectGUID
> 1c0cc09b-a4c2-4e2d-9544-d49f82b436f3 in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/
> COMP0082.EMPRESA.COM.BR
> ../../ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value in
> CN=COMP0013,CN=Computers,empresa.com.br for index on
> servicePrincipalName, duplicate of objectGUID
> be74c1a9-d80b-4922-90f5-94a8c86632ad in @INDEX:SERVICEPRINCIPALNAME:TERMSRV/
> COMP0013.EMPRESA.COM.BR
> Replicated 286 objects (1066 linked attributes) for empresa.com.br
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,empresa.com.br
> Partition[DC=DomainDnsZones,empresa.com.br] objects[402/692]
> linked_values[0/0]
> Replicated 402 objects (0 linked attributes) for DC=DomainDnsZones,
> empresa.com.br
> Partition[DC=DomainDnsZones,empresa.com.br] objects[692/692]
> linked_values[0/0]
> Replicated 290 objects (0 linked attributes) for DC=DomainDnsZones,
> empresa.com.br
> Replicating DC=ForestDnsZones,empresa.com.br
> Partition[DC=ForestDnsZones,empresa.com.br] objects[40/40]
> linked_values[0/0]
> Replicated 40 objects (0 linked attributes) for DC=ForestDnsZones,
> empresa.com.br
> Exop on[CN=RID Manager$,CN=System,empresa.com.br] objects[3]
> linked_values[0]
> Discarding older DRS attribute update to objectClass on CN=RID
> Manager$,CN=System,empresa.com.br from
> 032a8fdc-a9b8-425a-88c3-5125986fc59d
>
> #### OMITTED #####
>
> INFO 2019-09-02 15:50:51,647 pid:6636
> /usr/lib/python3/dist-packages/samba/join.py #1169: Adding DNS A record
> SAMBA4-DC3.empresa.com.br for IPv4 IP: 172.30.1.19
> INFO 2019-09-02 15:50:51,699 pid:6636
> /usr/lib/python3/dist-packages/samba/join.py #1197: Adding DNS CNAME record
> 956bafb9-4aa8-4f91-8615-6b5af36b91fa._msdcs.empresa.com.br for
> SAMBA4-DC3.empresa.com.br
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for EMPRESA from both secrets.ldb (Could not find
> entry to match filter: '(&(flatname=EMPRESA)(objectclass=primaryDomain))'
> base: 'cn=Primary Domains': No such object: dsdb_search at
> ../../source4/dsdb/common/util.c:4712) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=RID Set,CN=SAMBA4-DC3,OU=Domain Controllers,empresa.com.br
> Deleted CN=SAMBA4-DC3,OU=Domain Controllers,empresa.com.br
> Deleted CN=dns-SAMBA4-DC3,CN=Users,empresa.com.br
> Deleted CN=NTDS
> Settings,CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
> empresa.com.br
> Deleted
> CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
> empresa.com.br
> Deleted DC=SAMBA4-DC3,DC=empresa.com.br,CN=MicrosoftDNS,DC=DomainDnsZones,
> empresa.com.br
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 185, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 700,
> in run
> backend_store=backend_store)
> File "/usr/lib/python3/dist-packages/samba/join.py", line 1544, in
> join_DC
> ctx.do_join()
> File "/usr/lib/python3/dist-packages/samba/join.py", line 1445, in
> do_join
> ctx.join_add_dns_records()
> File "/usr/lib/python3/dist-packages/samba/join.py", line 1213, in
> join_add_dns_records
> dns_partition=forestdns_zone_dn)
> File "/usr/lib/python3/dist-packages/samba/samdb.py", line 1069, in
> dns_lookup
> dns_partition=dns_partition)
>
>
> Can anybody help me ?
>
> Regards,
>
> Márcio Bacci
>
>
>
>
More information about the samba
mailing list