[Samba] Error join samba 4.10.7 to samba 4.4.5
Trenta sis
trenta.sis at gmail.com
Mon Sep 9 08:33:48 UTC 2019
Hi,
After reading wiki documentation about join I have tested to join a
second dc, but with problems.
I need to add a second controller to our AD, and then upgrade existing
server (4.4.5) and I have tried to join a new DC 4.10.7 to 4.4.5
server but I receive join errors, attached output wit and without
debug:
I have executed samba-tool dbcheck --cross-ncs all seems OK
I have made a test upgrading actual 4.4.5 to 4.10.7 and then join
4.10.7 to update DC to 4.10.7 and then works, bu first I need to add a
second controller to ensure no downtime.
some questions:
1) Why I receive this error?
Replicating critical objects from the base DN of the domain
Partition[DC=DOMAIN-TEST,DC=com] objects[98/98] linked_values[762/0]
Missing parent while attempting to apply records: No parent with GUID
cdee5b31-365
d-4c8f-9368-4115b6307a19 found for object remotely known as CN=Domain
Users,OU=Gru
ps,DC=DOMAIN-TEST,DC=com
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
--> not sure if can be related with this issue:
https://bugzilla.samba.org/show_bug.cgi?id=13274
2) About join in wiki appears
"
If the other DCs are Samba DCs and were provisioned with
--use-rfc2307, you Should add --option='idmap_ldb:use rfc2307 = yes'
to the join command
"
But checking my command userv to migrate from samba nt doamin to our
actual ADDC domain this command was not used, but checking smb.conf
appears this:
idmap_ldb:use rfc2307 = yes
But I'm not sure if I have to use --option='idmap_ldb:use rfc2307 =
yes' on join command
smb.conf DC1
[global]
bind interfaces only = Yes
interfaces = lo eth0 eth0:0
netbios name = DC1
realm = DOMAIN-TEST.COM
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = DOMAIN-TEST
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
comment =
winbind enum users = yes
winbind enum groups = yes
tls enabled = yes
tls keyfile = tls/dc1.pem.nopass.key
tls certfile = tls/dc1.pem.crt
tls cafile = tls/cert_ca.pem.crt
tls verify peer = ca_and_name
ldap server require strong auth = no
##############################
output join 4.10.7 to 4.4.5
# samba-tool domain join domain-test.com DC
-U"domain-test.com\Administrador" --d
ns-backend=BIND9_DLZ --option="interfaces=lo eth0 eth0:0"
--option="bind interface s
only=yes"
INFO 2019-09-09 10:05:35,198 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #104: Finding a writeable DC for domain 'domain-test.com'
INFO 2019-09-09 10:05:35,222 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #106: Found DC dc1.domain-test.com
Password for [domain-test.com\Administrador]:
INFO 2019-09-09 10:05:39,773 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #1528: workgroup is DOMAIN-TEST
INFO 2019-09-09 10:05:39,773 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #1531: realm is domain-test.com
Adding CN=DC2,OU=Domain Controllers,DC=DOMAIN-TEST,DC=com
Adding CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
DOMAIN-TEST,DC=com
Adding CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=DOMAIN-TEST,DC=com
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=DOMAIN-TEST,DC=com
Setting account password for DC2$
Enabling account
Adding DNS account CN=dns-DC2,CN=Users,DC=DOMAIN-TEST,DC=com with dns/ SPN
Setting account password for dns-DC2
Calling bare provision
INFO 2019-09-09 10:05:41,671 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2088: Looking up IPv4 addresses
WARNING 2019-09-09 10:05:41,672 pid:27665
/usr/local/samba/lib/python3.4/site-pack
ages/samba/provision/__init__.py #2094: More than one IPv4 address
found. Using 19
4.0.100.60
INFO 2019-09-09 10:05:41,672 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2105: Looking up IPv6 addresses
WARNING 2019-09-09 10:05:41,673 pid:27665
/usr/local/samba/lib/python3.4/site-pack
ages/samba/provision/__init__.py #2112: No IPv6 address will be assigned
INFO 2019-09-09 10:05:42,184 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2278: Setting up share.ldb
INFO 2019-09-09 10:05:42,219 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2282: Setting up secrets.ldb
INFO 2019-09-09 10:05:42,247 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2288: Setting up the registry
INFO 2019-09-09 10:05:42,325 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2291: Setting up the privileges database
INFO 2019-09-09 10:05:42,369 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2294: Setting up idmap db
INFO 2019-09-09 10:05:42,403 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2301: Setting up SAM db
INFO 2019-09-09 10:05:42,413 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #882: Setting up sam.ldb partitions and settings
INFO 2019-09-09 10:05:42,415 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #894: Setting up sam.ldb rootDSE
INFO 2019-09-09 10:05:42,422 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #1302: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness
constraint on local
domainSIDs
INFO 2019-09-09 10:05:42,482 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2351: A Kerberos configuration suitable
for Samba A D
has been generated at /usr/local/samba/private/krb5.conf
INFO 2019-09-09 10:05:42,482 pid:27665
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2352: Merge the contents of this file
with your sys tem
krb5.conf or replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=DOMAIN-TEST,DC=com
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[402/1550] linked_va
lues[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[804/1550] linked_va
lues[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[1206/1550] linked_v
alues[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[1550/1550] linked_v
alues[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[402/1615]
linked_values[0/0]
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[804/1615]
linked_values[0/0]
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[1206/1615]
linked_values[0/0]
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[1608/1615]
linked_values[0/0]
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[1615/1615]
linked_values[30/0
]
Replicating critical objects from the base DN of the domain
Partition[DC=DOMAIN-TEST,DC=com] objects[98/98] linked_values[762/0]
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
Join failed - cleaning up
Deleted CN=DC2,OU=Domain Controllers,DC=DOMAIN-TEST,DC=com
Deleted CN=dns-DC2,CN=Users,DC=DOMAIN-TEST,DC=com
Deleted CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=DOMAIN-TEST,DC=com
Deleted CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=DOMAIN-TEST,DC=com
ERROR(runtime): uncaught exception - (8460, "Failed to process 'chunk'
of DRS repl
icated objects: WERR_DS_DRA_MISSING_PARENT")
File "/usr/local/samba/lib/python3.4/site-packages/samba/netcmd/__init__.py",
li ne
185, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python3.4/site-packages/samba/netcmd/domain.py",
line
700, in run
backend_store=backend_store)
File "/usr/local/samba/lib/python3.4/site-packages/samba/join.py",
line 1544, in
join_DC
ctx.do_join()
File "/usr/local/samba/lib/python3.4/site-packages/samba/join.py",
line 1438, in
do_join
ctx.join_replicate()
File "/usr/local/samba/lib/python3.4/site-packages/samba/join.py",
line 982, in
join_replicate
replica_flags=ctx.domain_replica_flags)
File "/usr/local/samba/lib/python3.4/site-packages/samba/drs_utils.py",
line 356 ,
in replicate
raise e
File "/usr/local/samba/lib/python3.4/site-packages/samba/drs_utils.py",
line 343 ,
in replicate
self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
File "/usr/local/samba/lib/python3.4/site-packages/samba/drs_utils.py",
line 237 ,
in process_chunk
schema=schema, req_level=req_level, req=req)
with debug -d 3
root at DC2:~# samba-tool domain join domain-test.com DC
-U"domain-test.com\Administrador" --d
ns-backend=BIND9_DLZ --option="interfaces=lo eth0 eth0:0"
--option="bind interface
s only=yes" -d 3
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
INFO 2019-09-09 10:06:11,792 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #104: Finding a writeable DC for domain 'domain-test.com'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.domain-test.com<0x0>
INFO 2019-09-09 10:06:11,813 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #106: Found DC dc1.domain-test.com
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain-test.com<0x20>
Password for [domain-test.com\Administrador]:
INFO 2019-09-09 10:06:15,655 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #1528: workgroup is DOMAIN-TEST
INFO 2019-09-09 10:06:15,656 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/join.py #1531: realm is domain-test.com
Adding CN=DC2,OU=Domain Controllers,DC=DOMAIN-TEST,DC=com
Adding CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
DOMAIN-TEST,DC=com
Adding CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=
Configuration,DC=DOMAIN-TEST,DC=com
Using binding ncacn_ip_tcp:dc1.domain-test.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain-test.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain-test.com<0x20>
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=DOMAIN-TEST,DC=com
Setting account password for DC2$
Enabling account
Adding DNS account CN=dns-DC2,CN=Users,DC=DOMAIN-TEST,DC=com with dns/ SPN
Setting account password for dns-DC2
Calling bare provision
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
INFO 2019-09-09 10:06:17,446 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2088: Looking up IPv4 addresses
WARNING 2019-09-09 10:06:17,447 pid:27673
/usr/local/samba/lib/python3.4/site-pack
ages/samba/provision/__init__.py #2094: More than one IPv4 address
found. Using 19
4.0.100.60
INFO 2019-09-09 10:06:17,447 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2105: Looking up IPv6 addresses
WARNING 2019-09-09 10:06:17,448 pid:27673
/usr/local/samba/lib/python3.4/site-pack
ages/samba/provision/__init__.py #2112: No IPv6 address will be assigned
INFO 2019-09-09 10:06:18,001 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2282: Setting up secrets.ldb
INFO 2019-09-09 10:06:18,035 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2288: Setting up the registry
ldb_wrap open of hklm.ldb
INFO 2019-09-09 10:06:18,053 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2291: Setting up the privileges database
INFO 2019-09-09 10:06:18,096 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2294: Setting up idmap db
INFO 2019-09-09 10:06:18,129 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2301: Setting up SAM db
INFO 2019-09-09 10:06:18,139 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #882: Setting up sam.ldb partitions and settings
INFO 2019-09-09 10:06:18,141 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #894: Setting up sam.ldb rootDSE
INFO 2019-09-09 10:06:18,148 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #1302: Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null )
Unable to determine the DomainSID, can not enforce uniqueness
constraint on local
domainSIDs
INFO 2019-09-09 10:06:18,205 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2351: A Kerberos configuration suitable
for Samba A D
has been generated at /usr/local/samba/private/krb5.conf
INFO 2019-09-09 10:06:18,206 pid:27673
/usr/local/samba/lib/python3.4/site-package
s/samba/provision/__init__.py #2352: Merge the contents of this file
with your sys tem
krb5.conf or replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=DOMAIN-TEST,DC=com
Starting replication
Using binding ncacn_ip_tcp:dc1.domain-test.com[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain-test.com<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain-test.com<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[402/1550] linked_va
lues[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[804/1550] linked_va
lues[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[1206/1550] linked_v
alues[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN-TEST,DC=com]
objects[1550/1550] linked_v
alues[0/0]
Analyze and apply schema objects
Replicated 1550 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=ho
sppal,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[402/1617]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[804/1617]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[1206/1617]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[1608/1617]
linked_values[0/0]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[1617/1617]
linked_values[32/0
]
Missing target while attempting to apply records: Deleted target
CN=NTDS Settings\
0ADEL:193acd86-264a-462a-87aa-a4948f35c908,CN=DC2\0ADEL:c6bef0f5-e4cb-42d4-baf2-a
e344091d09b,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hos
ppal,DC=com GUID 193acd86-264a-462a-87aa-a4948f35c908 linked from
CN=7ac4d0d7-beb3-
4f47-b192-9b4e2547f787,CN=Partitions,CN=Configuration,DC=DOMAIN-TEST,DC=com
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[2019/1617]
linked_values[32/0
]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[2421/1617]
linked_values[32/0
]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[2823/1617]
linked_values[32/0
]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[3225/1617]
linked_values[32/0
]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Partition[CN=Configuration,DC=DOMAIN-TEST,DC=com] objects[3234/1617]
linked_values[64/0
]
Replicated 9 objects (32 linked attributes) for
CN=Configuration,DC=DOMAIN-TEST,DC=com
Replicating critical objects from the base DN of the domain
Partition[DC=DOMAIN-TEST,DC=com] objects[98/98] linked_values[762/0]
Missing parent while attempting to apply records: No parent with GUID
cdee5b31-365
d-4c8f-9368-4115b6307a19 found for object remotely known as CN=Domain
Users,OU=Gru
ps,DC=DOMAIN-TEST,DC=com
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch
machine accoun t
password for DOMAIN-TEST from both secrets.ldb (Could not find entry
to match filter:
'(&(flatname=DOMAIN-TEST)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No
such object: dsdb_search at ../../source4/dsdb/common/util.c:4712) and
from /usr/l
ocal/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC2,OU=Domain Controllers,DC=DOMAIN-TEST,DC=com
Deleted CN=dns-DC2,CN=Users,DC=DOMAIN-TEST,DC=com
Deleted CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=DOMAIN-TEST,DC=com
Deleted CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC
=DOMAIN-TEST,DC=com
ERROR(runtime): uncaught exception - (8460, "Failed to process 'chunk'
of DRS repl
icated objects: WERR_DS_DRA_MISSING_PARENT")
File "/usr/local/samba/lib/python3.4/site-packages/samba/netcmd/__init__.py",
li ne
185, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib/python3.4/site-packages/samba/netcmd/domain.py",
line
700, in run
backend_store=backend_store)
File "/usr/local/samba/lib/python3.4/site-packages/samba/join.py",
line 1544, in
join_DC
ctx.do_join()
File "/usr/local/samba/lib/python3.4/site-packages/samba/join.py",
line 1438, in
do_join
ctx.join_replicate()
File "/usr/local/samba/lib/python3.4/site-packages/samba/join.py",
line 982, in
join_replicate
replica_flags=ctx.domain_replica_flags)
File "/usr/local/samba/lib/python3.4/site-packages/samba/drs_utils.py",
line 356 ,
in replicate
raise e
File "/usr/local/samba/lib/python3.4/site-packages/samba/drs_utils.py",
line 343 ,
in replicate
self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
File "/usr/local/samba/lib/python3.4/site-packages/samba/drs_utils.py",
line 237 ,
in process_chunk
schema=schema, req_level=req_level, req=req)
##############################
thanks
More information about the samba
mailing list