[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'

Rick Hollinbeck rickh-samba at westernwares.com
Fri Feb 7 17:57:13 UTC 2020


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
          "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html  xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>
<title></title>
<meta http-equiv="content-type" content="text/html;charset=utf-8"/>
<meta http-equiv="Content-Style-Type" content="text/css"/>
</head>
<body>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">I'm trying to get a Samba 4.11.6 member DC up and running with two Windows 2008 AD 
servers</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Using samba-tool to join, replication proceeds successfully but I'm getting an error about the 
machine account missing when it goes to add the A record for the new samba DC.</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Here's a part of the -d4 log from the samba-tool join:</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">....</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">INFO 2020-02-07 17:38:33,160 pid:2801 /usr/lib/python3/dist-packages/samba/join.py #1179: 
Adding DNS A record SAMBA1.office.example.com for IPv4 IP: 192                                                   
.168.0.13</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">ldb_wrap open of secrets.ldb</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Could not find machine account in secrets database: Failed to fetch machine account 
password for OFFICE from both secrets.ldb (Could not find entry to match filter: 
'(&(flatname=OFFICE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such 
object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from 
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">ERROR(runtime): uncaught exception - (9003, 
'WERR_DNS_ERROR_RCODE_NAME_ERROR')</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">...</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">I'm wondering if my smb.conf file is set up correctly for joining and using BIND9_DLZ:</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Here's my smb.conf file:</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">--------</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"># Global parameters</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">[global]</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        log level = 4</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        netbios name = SAMBA1</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        realm = OFFICE.EXAMPLE.COM</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        server role = active directory domain controller</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, 
dnsupdate</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        workgroup = OFFICE</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">[sysvol]</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        path = /var/lib/samba/sysvol</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        read only = No</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">[netlogon]</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        path = /var/lib/samba/sysvol/office.example.com/scripts</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        read only = No</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">-------</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">What could be causing this error?</span></font></div>
<div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left">  </div>
</body>
</html>



More information about the samba mailing list