[Samba] samba-tool join faild. ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT

Epsilon Minus theepsilonminus at gmail.com
Mon Apr 6 00:33:35 UTC 2020


I run command in debug mode level 3:

root at DC02:~# samba-tool domain join conylec.local DC -U
"conylec\administrador" --dns-backend=SAMBA_INTERNAL
--server=DC01.conylec.local -d 3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name DC01.conylec.local<0x20>
Password for [CONYLEC\administrador]:
Cannot reach a KDC we require to contact (null) : kinit for
administrador at CONYLEC failed (Cannot contact any KDC for requested
realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/DC01.conylec.local failed (next[ntlmssp]):
NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is CONYLEC
realm is conylec.local
Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch
machine account password for CONYLEC from both secrets.ldb (Could not
find entry to match filter:
'(&(flatname=CONYLEC)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4657) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
<00002030: objectclass: Cannot add
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
parent does not exist!> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
join_add_objects
    ctx.samdb.add(rec)

El dom., 5 abr. 2020 a las 20:05, Epsilon Minus
(<theepsilonminus at gmail.com>) escribió:
>
> Hello,
>
> I inherited an Active directory in Windows in Spanish, after a lot of
> work I was able to do the first synchronization to a DC in Samba.
>
> Now I am at the stage that I want to remove Windows, but previously I
> want to remove Windows.
>
> I am trying to add another DC in Samba to advance and I am presented
> with the following problem. I feel lost with these errors.
>
> root at DC01:~# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
>
> First Join without server paramenter:
>
> root at DC02:~# samba-tool domain join conylec.local DC -U
> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'conylec.local'
> Found DC AD01.conylec.local
> Password for [CONYLEC\administrador]:
> workgroup is CONYLEC
> realm is conylec.local
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Join failed - cleaning up
> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Deleted CN=NTDS
> Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Deleted CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -
> <0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
> ref 1: '1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local'
> > <ldap://1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local>
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 668, in
> join_add_objects
>     ctx.samdb.modify(m)
>
>
>
> Second join with server parameter
>
> root at DC02:~# samba-tool domain join conylec.local DC -U
> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> --server=DC01.conylec.local
> Password for [CONYLEC\administrado]:
> workgroup is CONYLEC
> realm is conylec.local
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Join failed - cleaning up
> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> <00002030: objectclass: Cannot add
> CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
> parent does not exist!> <>
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
> join_add_objects
>     ctx.samdb.add(rec)
>
>
> You see a important different, in the first join the DNS (Windows DC not fsmo) :
> Adding CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
> And the second the DNS is  (Samba DC  is fsmo):
>
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
> the first join the DN is correct, but in the second is wrong. you have
> any idea to continue?
>
> Thanks.



More information about the samba mailing list