[Samba] samba-tool join faild. ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT
Epsilon Minus
theepsilonminus at gmail.com
Mon Apr 6 12:48:16 UTC 2020
> > El dom., 5 abr. 2020 a las 20:05, Epsilon Minus
> > (<theepsilonminus at gmail.com>) escribió:
> >>
> >> Hello,
> >>
> >> I inherited an Active directory in Windows in Spanish, after a lot of
> >> work I was able to do the first synchronization to a DC in Samba.
> >>
> >> Now I am at the stage that I want to remove Windows, but previously I
> >> want to remove Windows.
> >>
> >> I am trying to add another DC in Samba to advance and I am presented
> >> with the following problem. I feel lost with these errors.
> >>
> >> root at DC01:~# samba-tool fsmo show
> >> SchemaMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> InfrastructureMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> RidAllocationMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> PdcEmulationMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> DomainNamingMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> DomainDnsZonesMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> ForestDnsZonesMasterRole owner: CN=NTDS
> >> Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >>
> >>
> >> First Join without server paramenter:
> >>
> >> root at DC02:~# samba-tool domain join conylec.local DC -U
> >> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> >> Finding a writeable DC for domain 'conylec.local'
> >> Found DC AD01.conylec.local
> >> Password for [CONYLEC\administrador]:
> >> workgroup is CONYLEC
> >> realm is conylec.local
> >> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> >> Adding CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> Join failed - cleaning up
> >> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> >> Deleted CN=NTDS
> >> Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> Deleted CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -
> >> <0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
> >> ref 1: '1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local'
> >>> <ldap://1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local>
> >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> >> line 176, in _run
> >> return self.run(*args, **kwargs)
> >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> >> 661, in run
> >> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
> >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
> >> ctx.do_join()
> >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in do_join
> >> ctx.join_add_objects()
> >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 668, in
> >> join_add_objects
> >> ctx.samdb.modify(m)
> >>
> >>
> >>
> >> Second join with server parameter
> >>
> >> root at DC02:~# samba-tool domain join conylec.local DC -U
> >> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> >> --server=DC01.conylec.local
> >> Password for [CONYLEC\administrado]:
> >> workgroup is CONYLEC
> >> realm is conylec.local
> >> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> >> Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> Join failed - cleaning up
> >> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> >> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> >> <00002030: objectclass: Cannot add
> >> CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
> >> parent does not exist!> <>
> >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> >> line 176, in _run
> >> return self.run(*args, **kwargs)
> >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> >> 661, in run
> >> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
> >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
> >> ctx.do_join()
> >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in do_join
> >> ctx.join_add_objects()
> >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
> >> join_add_objects
> >> ctx.samdb.add(rec)
> >>
> >>
> >> You see a important different, in the first join the DNS (Windows DC not fsmo) :
> >> Adding CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >> Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >>
> >> And the second the DNS is (Samba DC is fsmo):
> >>
> >> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> >> Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
> >>
> >> the first join the DN is correct, but in the second is wrong. you have
> >> any idea to continue?
> >>
> >> Thanks.
> >
> Le 06/04/2020 à 02:33, Epsilon Minus via samba a écrit :
> > I run command in debug mode level 3:
> >
> > root at DC02:~# samba-tool domain join conylec.local DC -U
> > "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> > --server=DC01.conylec.local -d 3
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'ntlmssp_resume_ccache' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > resolve_lmhosts: Attempting lmhosts lookup for name DC01.conylec.local<0x20>
> > Password for [CONYLEC\administrador]:
> > Cannot reach a KDC we require to contact (null) : kinit for
> > administrador at CONYLEC failed (Cannot contact any KDC for requested
> > realm)
> >
> > SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
> > ldap/DC01.conylec.local failed (next[ntlmssp]):
> > NT_STATUS_NO_LOGON_SERVERS
> > Got challenge flags:
> > Got NTLMSSP neg_flags=0x62898235
> > NTLMSSP: Set final flags:
> > Got NTLMSSP neg_flags=0x62088235
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088235
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088235
> > workgroup is CONYLEC
> > realm is conylec.local
> > Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> > Adding CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
> > Join failed - cleaning up
> > ldb_wrap open of secrets.ldb
> > Could not find machine account in secrets database: Failed to fetch
> > machine account password for CONYLEC from both secrets.ldb (Could not
> > find entry to match filter:
> > '(&(flatname=CONYLEC)(objectclass=primaryDomain))' base: 'cn=Primary
> > Domains': No such object: dsdb_search at
> > ../source4/dsdb/common/util.c:4657) and from
> > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> > Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> > <00002030: objectclass: Cannot add
> > CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
> > parent does not exist!> <>
> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> > line 176, in _run
> > return self.run(*args, **kwargs)
> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> > 661, in run
> > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
> > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
> > ctx.do_join()
> > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in do_join
> > ctx.join_add_objects()
> > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
> > join_add_objects
> > ctx.samdb.add(rec)
> >
El lun., 6 abr. 2020 a las 9:04, Denis CARDON (<dcardon at tranquil.it>) escribió:
>
> Hi Epsilon,
>
> I think the issue here is with localization support in Samba. You
> "Default-First-Site" in Spanish MS-AD is translated (as it is in French
> AD), and it seems that it looks for the following site name during the join:
>
> CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
> while it should be trying to create the entry in the following site name:
>
> CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
> I have already joined a few French localized MS-AD in the past and don't
> remember that issue though. Default-First-Site-Name should be a
> well-known-object with its own GUID I think, so I think it shouldn't
> matter what the name is...
>
> You may try to specify the site name when doing the join with the --site
> option using your spanish name, it might just work.
>
> Cheers,
>
> Denis
>
>
Denis, thanks for response.
I use the parameter "--site" but the problem is the same in last mail.
> What OS ?
> What Samba Version ?
Rowland,
Ubuntu 18.04
Version 4.7.6-Ubuntu
I Use this versión in the past, without problem. And i have a a lot of
problem with this AD in particularly.
More information about the samba
mailing list