[Samba] DC join failed
Epsilon Minus
theepsilonminus at gmail.com
Wed Sep 18 02:51:47 UTC 2019
I relive this chain of mails because I had no way to go. Thank you
all for the excellent help in this mailing.
At the time I assumed that the problem was the very battered Windows
AD. I received it as an inheritance and I was trying these months to
solve problem by problem.
I am sure that I have the problem in Windows, but other windows can be
added without problem, the problem is with samba. I don't know how to
debug this problem anymore.
You are currently migrated, with domain a forest level 2008 R2. A
newly migrated server, remove old ADs with problems and I currently
have only one. At this time I proceeded to prepare a new Samba and
when doing a join I have the following error (I saw that this problem
had several but none published a solution):
samba-tool domain join conylec.local DC -U "CONYLEC\administrador" --debug 3
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'conylec.local'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.conylec.local<0x0>
Found DC AD01.conylec.local
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
Password for [CONYLEC\administrador]:
Cannot reach a KDC we require to contact (null) : kinit for
administrador at CONYLEC failed (Cannot contact any KDC for requested
realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/AD01.conylec.local failed (next[ntlmssp]):
NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is CONYLEC
realm is conylec.local
Adding CN=DC01,OU=Domain Controllers,DC=conylec,DC=local
Adding CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Adding CN=NTDS Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Using binding ncacn_ip_tcp:AD01.conylec.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for
administrador at CONYLEC failed (Cannot contact any KDC for requested
realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/AD01.CONYLEC.LOCAL failed (next[ntlmssp]):
NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Adding SPNs to CN=DC01,OU=Domain Controllers,DC=conylec,DC=local
Setting account password for DC01$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=conylec,DC=local
Starting replication
Using binding ncacn_ip_tcp:AD01.conylec.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for
administrador at CONYLEC failed (Cannot contact any KDC for requested
realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/AD01.CONYLEC.LOCAL failed (next[ntlmssp]):
NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[402/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[804/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[1206/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[1608/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[2010/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[2412/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[2814/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[3216/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[3618/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[4020/1957] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=conylec,DC=local]
objects[4198/1957] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Replicated 4198 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=conylec,DC=local
Partition[CN=Configuration,DC=conylec,DC=local] objects[402/4987]
linked_values[0/67]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=conylec,DC=local
Partition[CN=Configuration,DC=conylec,DC=local] objects[804/4987]
linked_values[0/67]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=conylec,DC=local
Partition[CN=Configuration,DC=conylec,DC=local] objects[1206/4987]
linked_values[0/67]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=conylec,DC=local
Partition[CN=Configuration,DC=conylec,DC=local] objects[1602/4987]
linked_values[0/67]
Replicated 396 objects (0 linked attributes) for
CN=Configuration,DC=conylec,DC=local
Partition[CN=Configuration,DC=conylec,DC=local] objects[1912/4987]
linked_values[18/67]
Replicated 310 objects (18 linked attributes) for
CN=Configuration,DC=conylec,DC=local
Partition[CN=Configuration,DC=conylec,DC=local] objects[2047/4987]
linked_values[49/67]
Replicated 134 objects (49 linked attributes) for
CN=Configuration,DC=conylec,DC=local
Replicating critical objects from the base DN of the domain
Partition[DC=conylec,DC=local] objects[109/190] linked_values[11/50]
Replicated 109 objects (11 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[253/5547] linked_values[11/50]
Replicated 144 objects (11 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[383/5547] linked_values[0/50]
Replicated 130 objects (0 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[483/5547] linked_values[0/50]
Replicated 100 objects (0 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[604/5547] linked_values[0/50]
Replicated 121 objects (0 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[737/5547] linked_values[35/50]
Replicated 133 objects (35 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[867/5547] linked_values[1/50]
Replicated 127 objects (1 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[991/5547] linked_values[3/50]
Replicated 124 objects (3 linked attributes) for DC=conylec,DC=local
Partition[DC=conylec,DC=local] objects[1006/5547] linked_values[0/50]
Replicated 15 objects (0 linked attributes) for DC=conylec,DC=local
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=conylec,DC=local
Partition[DC=DomainDnsZones,DC=conylec,DC=local] objects[62/62]
linked_values[0/0]
Replicated 62 objects (0 linked attributes) for
DC=DomainDnsZones,DC=conylec,DC=local
Replicating DC=ForestDnsZones,DC=conylec,DC=local
Partition[DC=ForestDnsZones,DC=conylec,DC=local] objects[22/22]
linked_values[0/0]
Replicated 22 objects (0 linked attributes) for
DC=ForestDnsZones,DC=conylec,DC=local
Exop on[CN=RID Manager$,CN=System,DC=conylec,DC=local] objects[3]
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to whenCreated on CN=RID
Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=RID Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=RID Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to name on CN=RID
Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to fSMORoleOwner on CN=RID
Manager$,CN=System,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS attribute update to systemFlags on CN=RID
Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to objectCategory on CN=RID
Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to isCriticalSystemObject on
CN=RID Manager$,CN=System,DC=conylec,DC=local from
e60769da-269c-4808-9d3c-dbf5e55612ac
Discarding older DRS attribute update to objectClass on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to whenCreated on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to displayName on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to name on CN=DC01,OU=Domain
Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to userAccountControl on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to codePage on CN=DC01,OU=Domain
Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to countryCode on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to dBCSPwd on CN=DC01,OU=Domain
Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to localPolicyFlags on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to logonHours on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to unicodePwd on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to ntPwdHistory on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to pwdLastSet on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to primaryGroupID on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to supplementalCredentials on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to objectSid on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to accountExpires on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to lmPwdHistory on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to sAMAccountName on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to sAMAccountType on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to dNSHostName on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to servicePrincipalName on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to objectCategory on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to isCriticalSystemObject on
CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes
on CN=DC01,OU=Domain Controllers,DC=conylec,DC=local from
852d9f59-1720-4028-8878-4bdeef387dbc
Replicated 3 objects (0 linked attributes) for DC=conylec,DC=local
Committing SAM database
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Discarding older DRS linked attribute update to member on CN=Admins.
del dominio,CN=Users,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS linked attribute update to member on CN=Admins.
del dominio,CN=Users,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS linked attribute update to member on CN=Admins.
del dominio,CN=Users,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS linked attribute update to member on
CN=Enterprise Domain Controllers de sólo
lectura,CN=Users,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS linked attribute update to member on
CN=Administradores de esquema,CN=Users,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS linked attribute update to member on
CN=Administradores de esquema,CN=Users,DC=conylec,DC=local from
0be1b149-cef1-4b33-8245-9a361a2f0959
Discarding older DRS linked attribute update to member on
CN=Administradores de organización,CN=Users,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Discarding older DRS linked attribute update to member on
CN=Propietarios del creador de directivas de
grupo,CN=Users,DC=conylec,DC=local from
5f750447-008a-4f6c-bb78-7100c161612d
Adding 1 remote DNS records for DC01.conylec.local
Using binding ncacn_ip_tcp:AD01.conylec.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name AD01.conylec.local<0x20>
Cannot reach a KDC we require to contact (null) : kinit for
administrador at CONYLEC failed (Cannot contact any KDC for requested
realm)
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
host/AD01.CONYLEC.LOCAL failed (next[ntlmssp]):
NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
Adding DNS A record DC01.conylec.local for IPv4 IP: 192.168.1.233
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch
machine account password for CONYLEC from both secrets.ldb (Could not
find entry to match filter:
'(&(flatname=CONYLEC)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4636) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=DC01,OU=Domain Controllers,DC=conylec,DC=local
Deleted CN=DC01,OU=Domain Controllers,DC=conylec,DC=local
Deleted CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Deleted CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
ERROR(runtime): uncaught exception - (9714,
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join
ctx.join_add_dns_records()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
join_add_dns_records
dns_partition=domaindns_zone_dn)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in
dns_lookup
dns_partition=dns_partition)
El vie., 31 may. 2019 a las 17:30, Andrew Bartlett
(<abartlet at samba.org>) escribió:
>
> On Fri, 2019-05-31 at 15:50 -0300, Epsilon Minus via samba wrote:
> > Dears,
> >
> > I have a problem to join a Version 4.7.6-Ubuntu to a Domain 2008 R2
> > how Domain Controller.
> >
> > if i add a Windows server how domain controller i wasn't a problem.
> > but is not de samba case.
> >
> > the samba join output :
> >
> > samba-tool domain join example.local DC -U example\\administrator
> > Finding a writeable DC for domain 'example.local'
> > Found DC AD01.example.local
> > Password for [CONYLEC\administrator]:
> > workgroup is CONYLEC
> > realm is example.local
> > Adding CN=DC02,OU=Domain Controllers,DC=example,DC=local
> > Adding CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
> > Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
> > Adding SPNs to CN=DC02,OU=Domain Controllers,DC=example,DC=local
> > Setting account password for DC02$
> > Enabling account
> > Calling bare provision
> > Looking up IPv4 addresses
> > Looking up IPv6 addresses
> > No IPv6 address will be assigned
> > Setting up secrets.ldb
> > Setting up the registry
> > Setting up the privileges database
> > Setting up idmap db
> > Setting up SAM db
> > Setting up sam.ldb partitions and settings
> > Setting up sam.ldb rootDSE
> > Pre-loading the Samba 4 and AD schema
> > A Kerberos configuration suitable for Samba AD has been generated at
> > /var/lib/samba/private/krb5.conf
> > Provision OK for domain DN DC=example,DC=local
> > Starting replication
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[402/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[804/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[1206/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[1608/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[2010/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[2412/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[2814/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[3216/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[3618/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[4020/2921] linked_values[0/0]
> > Schema-DN[CN=Schema,CN=Configuration,DC=example,DC=local]
> > objects[4198/2921] linked_values[0/0]
> > Analyze and apply schema objects
> > Partition[CN=Configuration,DC=example,DC=local] objects[402/4617]
> > linked_values[0/67]
> > Partition[CN=Configuration,DC=example,DC=local] objects[804/4617]
> > linked_values[0/67]
> > Partition[CN=Configuration,DC=example,DC=local] objects[1206/4617]
> > linked_values[0/67]
> > Partition[CN=Configuration,DC=example,DC=local] objects[1597/4617]
> > linked_values[0/67]
> > Partition[CN=Configuration,DC=example,DC=local] objects[1910/4617]
> > linked_values[16/67]
> > Partition[CN=Configuration,DC=example,DC=local] objects[1992/4617]
> > linked_values[51/67]
> > Replicating critical objects from the base DN of the domain
> > Partition[DC=example,DC=local] objects[110/190] linked_values[11/50]
> > Partition[DC=example,DC=local] objects[254/6103] linked_values[11/50]
> > Partition[DC=example,DC=local] objects[384/6103] linked_values[0/50]
> > Partition[DC=example,DC=local] objects[493/6103] linked_values[0/50]
> > Partition[DC=example,DC=local] objects[605/6103] linked_values[0/50]
> > Partition[DC=example,DC=local] objects[735/6103] linked_values[34/50]
> > Partition[DC=example,DC=local] objects[862/6103] linked_values[5/50]
> > Partition[DC=example,DC=local] objects[944/6103] linked_values[0/50]
> > Done with always replicated NC (base, config, schema)
> > Replicating DC=DomainDnsZones,DC=example,DC=local
> > Partition[DC=DomainDnsZones,DC=example,DC=local] objects[61/61]
> > linked_values[0/0]
> > Replicating DC=ForestDnsZones,DC=example,DC=local
> > Partition[DC=ForestDnsZones,DC=example,DC=local] objects[22/22]
> > linked_values[0/0]
> > Join failed - cleaning up
> > Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=local
> > Deleted CN=NTDS
> > Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
> > Deleted CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=example,DC=local
> > ERROR(runtime): uncaught exception - (8453, 'WERR_DS_DRA_ACCESS_DENIED')
> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> > line 176, in _run
> > return self.run(*args, **kwargs)
> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> > 661, in run
> > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
> > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
> > ctx.do_join()
> > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in do_join
> > ctx.join_replicate()
> > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 961, in
> > join_replicate
> > exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
> > File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
> > 291, in replicate
> > (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
> >
> >
> > I look for the error, but don't find a solution.
>
> In Samba 4.7 we added:
>
> commit c503ca302d4f9dd0fc9c01344a25a917f6c3fafe
> Author: Andrew Bartlett <abartlet at samba.org>
> Date: Mon Oct 31 16:48:33 2016 +1300
>
> join.py: Attempt to allocate a RID Set during the join
>
> If we are joining the RID Manager, then we should get a RID Set,
> but
> otherwise we should accept failure with the right error code
>
> Signed-off-by: Andrew Bartlett <abartlet at samba.org>
> Reviewed-by: Garming Sam <garming at catalyst.net.nz>
>
> This was intended to make Samba joins more reliable, ensuring users
> could be created right away on the new DC. However it is likely we
> didn't test against windows in both RID Master and not RID master
> configurations.
>
> Can you try joining a DC that is not the RID master, or alternately
> that is one?
>
> Make sure to let us know the result and file a bug so we can adjust the
> exceptions. This operation is actually entirely optional from a
> protocol perspective, so you can also edit it out of the python, but I
> would like to fix Samba to cope automatically if possible.
>
> Ideally do this all on Samba 4.10 so we can have confidence this is
> still an issue on the current code before we start making changes.
>
> Thanks!
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
>
>
More information about the samba
mailing list