[Samba] Joining Windows 2008 Domain as DC fails 4.10 (and 4.11rc3)
Rowland penny
rpenny at samba.org
Wed Sep 11 21:14:47 UTC 2019
On 11/09/2019 21:59, Vincent Sherwood wrote:
> Here is the full output
>
> [user at DCSAMBA4A ~]# samba-tool domain join MYDOMAIN DC
> -U"administrator at mydomain.ext" --server=DC2016A.mydomain.ext
> Password for [administrator at mydomain.ext]:
> INFO 2019-09-11 21:55:09,790 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1563:
> workgroup is MYDOMAIN
> INFO 2019-09-11 21:55:09,791 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1566:
> realm is mydomain.ext
> Adding CN=DCSAMBA4A,OU=Domain Controllers,DC=mydomain,DC=ext
> Adding
> CN=DCSAMBA4A,CN=Servers,CN=IT-Solutions,CN=Sites,CN=Configuration,DC=mydomain,DC=ext
> Adding CN=NTDS
> Settings,CN=DCSAMBA4A,CN=Servers,CN=IT-Solutions,CN=Sites,CN=Configuration,DC=mydomain,DC=ext
> Adding SPNs to CN=DCSAMBA4A,OU=Domain Controllers,DC=mydomain,DC=ext
> Setting account password for DCSAMBA4A$
> Enabling account
> Calling bare provision
> INFO 2019-09-11 21:55:10,594 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2128: Looking up IPv4 addresses
> INFO 2019-09-11 21:55:10,595 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2145: Looking up IPv6 addresses
> WARNING 2019-09-11 21:55:10,596 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2152: No IPv6 address will be assigned
> INFO 2019-09-11 21:55:11,097 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2323: Setting up secrets.ldb
> INFO 2019-09-11 21:55:11,829 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2329: Setting up the registry
> INFO 2019-09-11 21:55:12,144 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2332: Setting up the privileges database
> INFO 2019-09-11 21:55:13,010 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2335: Setting up idmap db
> INFO 2019-09-11 21:55:13,626 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2342: Setting up SAM db
> INFO 2019-09-11 21:55:13,852 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #898: Setting up sam.ldb partitions and settings
> INFO 2019-09-11 21:55:13,853 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #910: Setting up sam.ldb rootDSE
> INFO 2019-09-11 21:55:14,036 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #1339: Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> INFO 2019-09-11 21:55:14,502 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2395: A Kerberos configuration suitable for Samba AD has been
> generated at /usr/local/samba/private/krb5.conf
> INFO 2019-09-11 21:55:14,503 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
> #2396: Merge the contents of this file with your system krb5.conf or
> replace it with this one. Do not create a symlink!
> Provision OK for domain DN DC=mydomain,DC=ext
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=ext]
> objects[402/1473] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=ext]
> objects[804/1473] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=ext]
> objects[1206/1473] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=ext]
> objects[1608/1473] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=ext]
> objects[1816/1473] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=mydomain,DC=ext] objects[402/2926]
> linked_values[0/84]
> Partition[CN=Configuration,DC=mydomain,DC=ext] objects[804/2926]
> linked_values[0/84]
> Partition[CN=Configuration,DC=mydomain,DC=ext] objects[1206/2926]
> linked_values[0/84]
> Partition[CN=Configuration,DC=mydomain,DC=ext] objects[1608/2926]
> linked_values[0/84]
> Partition[CN=Configuration,DC=mydomain,DC=ext] objects[1905/2926]
> linked_values[72/84]
> dsdb_replicated_objects_convert: Ignoring object outside partition
> 5a8bd8f9-8944-4361-980b-75f6d05a6d27
> CN=Schema,CN=Configuration,DC=mydomain,DC=ext:
> WERR_DS_ADD_REPLICA_INHIBITED
> Partition[CN=Configuration,DC=mydomain,DC=ext] objects[2215/2926]
> linked_values[84/84]
> Replicating critical objects from the base DN of the domain
> Partition[DC=mydomain,DC=ext] objects[113/174] linked_values[9/65]
> Partition[DC=mydomain,DC=ext] objects[368/6057] linked_values[0/65]
> Partition[DC=mydomain,DC=ext] objects[770/6057] linked_values[0/65]
> Partition[DC=mydomain,DC=ext] objects[1014/6057] linked_values[51/65]
> dsdb_replicated_objects_convert: Ignoring object outside partition
> 142e2e12-1e0b-4d96-acdd-a90523eaaea2
> CN=Configuration,DC=mydomain,DC=ext: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside partition
> 2831226b-bd83-4e23-931f-9907170dff39
> DC=DomainDnsZones,DC=mydomain,DC=ext: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside partition
> 820b5cf3-4b83-408f-aa65-7ffded9c0379
> DC=ForestDnsZones,DC=mydomain,DC=ext: WERR_DS_ADD_REPLICA_INHIBITED
> Partition[DC=mydomain,DC=ext] objects[1259/6057] linked_values[65/65]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=mydomain,DC=ext
> Partition[DC=DomainDnsZones,DC=mydomain,DC=ext] objects[9/9]
> linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=mydomain,DC=ext
> Partition[DC=ForestDnsZones,DC=mydomain,DC=ext] objects[21/21]
> linked_values[0/0]
> Exop on[CN=RID Manager$,CN=System,DC=mydomain,DC=ext] objects[3]
> linked_values[0]
> Committing SAM database
> Repacking database from v1 to v2 format (first record
> CN=msSFU-30-Member-Of-Nis-Netgroup,CN=Schema,CN=Configuration,DC=mydomain,DC=ext)
> Repack: re-packed 10000 records so far
> Repacking database from v1 to v2 format (first record
> CN=site-Display,CN=401,CN=DisplaySpecifiers,CN=Configuration,DC=mydomain,DC=ext)
> Repack: re-packed 10000 records so far
> Repacking database from v1 to v2 format (first record
> DC=@,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=ext)
> Repacking database from v1 to v2 format (first record
> DC=@,DC=..TrustAnchors,CN=MicrosoftDNS,DC=ForestDnsZones,DC=mydomain,DC=ext)
> Repacking database from v1 to v2 format (first record CN=RID
> Set\0ADEL:943f4350-d597-46f3-a3fb-7be0d67d15fa,CN=Deleted
> Objects,DC=mydomain,DC=ext)
> Join test 2
> INFO 2019-09-11 21:55:31,259 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1116:
> Adding 1 remote DNS records for DCSAMBA4A.mydomain.ext
> Join test 2-1
> Join test 2-1
> Join test 2-2
> Join test 2-3
> Join test 2-4
> INFO 2019-09-11 21:55:31,435 pid:20279
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1184:
> Adding DNS A record DCSAMBA4A.mydomain.ext for IPv4 IP: 192.168.200.252
> Join test 2-5
> Join test 2-6
> Join test 2-7
> Join test 2-8
> Join test 2-8 DomainDNSzone %s DC=DomainDnsZones,DC=mydomain,DC=ext
> Join test 2-8 name %s DCSAMBA4A
> Join test 2-8 zone %s mydomain.ext
> DNS Lookup 3-1 self %s <ldb connection>
> DNS Lookup 3-1 dns_name %s DCSAMBA4A.mydomain.ext
> DNS Lookup 3-1 dns_partition %s DC=DomainDnsZones,DC=mydomain,DC=ext
> DNS Lookup 3-2 - no partition - %s
> (Dn('DC=DCSAMBA4A,DC=mydomain.ext,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=ext'),
> [<dnsp.DnssrvRpcRecord talloc based object at 0x490bc20>])
> DNS Lookup 3-2 dns_partition Other
> DNS Lookup 3-2 dns_partition Other - %s
> (Dn('DC=DCSAMBA4A,DC=mydomain.ext,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=ext'),
> [<dnsp.DnssrvRpcRecord talloc based object at 0x490bc20>])
> Join failed - cleaning up
I think you need to upgrade your DNS in AD,
'DC=mydomain.ext,CN=MicrosoftDNS,CN=System' should be
'DC=mydomain.ext,CN=MicrosoftDNS,DC=DomainDnsZones'
Rowland
More information about the samba
mailing list