[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'

Rowland penny rpenny at samba.org
Fri Feb 7 18:47:05 UTC 2020

On 07/02/2020 17:57, Rick Hollinbeck via samba wrote:
> I'm trying to get a Samba 4.11.6 member DC up and running with two Windows 2008 AD servers
> Using samba-tool to join, replication proceeds successfully but I'm getting an error about the machine account missing when it goes to add the A record for the new samba DC.
> Here's a part of the -d4 log from the samba-tool join:
> ....
> INFO 2020-02-07 17:38:33,160 pid:2801 /usr/lib/python3/dist-packages/samba/join.py #1179: Adding DNS A record SAMBA1.office.example.com for IPv4 IP: 192 .168.0.13
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch machine account password for OFFICE from both secrets.ldb (Could not find entry to match filter:
> '(&(flatname=OFFICE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> ERROR(runtime): uncaught exception - (9003,
> ...
Where these 2008 DCs upgraded from an earlier version ? (2000, 2003)

Also, can we see more of the join output, what you posted is usually the 
fallout from a failed join and is usually meaningless, I think there 
will be a line similar to 'join failed', we need to see what is above this.

> I'm wondering if my smb.conf file is set up correctly for joining and using BIND9_DLZ:

Did you create this smb.conf manually ?

If so, remove it and try again, you shouldn't have a smb.conf before the 


More information about the samba mailing list