[Samba] Joining Windows 2008 Domain as DC fails 4.10 (and 4.11rc3)
Vincent Sherwood
vsmaillist at gmail.com
Wed Sep 11 20:29:25 UTC 2019
Hi,
I am trying to add a samba DC to an existing Domain that has 2 Win2016
Domain Controllers but is still running at Domain Functional and Forest
levels 2008R2.
When I run the join command it goes most of the way through before
eventually erring out, and backing out everything it had done.
The command I used is
samba-tool domain join MYDOMAIN DC -U"administrator at mydomain.ext" -d 5
--server=ExistingDC.mydomain.ext
The error I get is below. Note that the line numbers are slightly out of
line with the real code as I have added some debug messages to try to
identify the issue .
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for MYDOMAIN from both secrets.ldb (Could not find entry
to match filter: '(&(flatname=MYDOMAIN)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:4715) and from
/usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted .... (removed actual backout lines)
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 186, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py",
line 708, in run
backend_store_size=backend_store_size)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line
1579, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line
1473, in do_join
ctx.join_add_dns_records()
File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line
1209, in join_add_dns_records
dns_partition=domaindns_zone_dn)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py",
line 1186, in dns_lookup
dns_partition=dns_partition)
To debug, in the function dns_lookup in samdb.py I added some debug
messages as follows
def dns_lookup(self, dns_name, dns_partition=None):
print("DNS Lookup 3-1 self %s",self );
print("DNS Lookup 3-1 dns_name %s",dns_name );
print("DNS Lookup 3-1 dns_partition %s",dns_partition );
'''Do a DNS lookup in the database, returns the NDR database
structures'''
print("DNS Lookup 3-2 - no partition would return -
%s",dsdb_dns.lookup(self, dns_name));
if dns_partition is None:
print("DNS Lookup 3-2 dns_partition None" );
return dsdb_dns.lookup(self, dns_name)
else:
print("DNS Lookup 3-2 dns_partition Other" );
return dsdb_dns.lookup(self, dns_name,
dns_partition=dns_partition)
Below is the output
DNS Lookup 3-1 self %s <ldb connection>
DNS Lookup 3-1 dns_name %s DCSAMBA4A.mydomain.ext
DNS Lookup 3-1 dns_partition %s DC=DomainDnsZones,DC=mydomain,DC=ext
DNS Lookup 3-2 - no partition would return - %s
(Dn('DC=DCSAMBA4A,DC=mydomain.ext,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=ext'),
[<dnsp.DnssrvRpcRecord talloc based object at 0x3bd38e0>])
DNS Lookup 3-2 dns_partition Other
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database:.......
This domain was originally created under Windows 2000 and has been upgraded
over the years.
The most obvious thing I see is that the search is looking for a record in
DomainDnsZones which is not found. But the output of running the search
which would have been used if dns_partition=None finds that there is a
record in MicrosoftDNS. Not sure if that might be a clue to where things
started to go wrong at some earlier point in the process.
Anybody got any suggestions?
Thanks,
Vincent
More information about the samba
mailing list