[Samba] samba_kcc issue after joining the domain as a DC

L.P.H. van Belle belle at bazuin.nl
Mon Feb 10 13:36:03 UTC 2020 

Hai, 


Im betting this is a Windows 2000/2003 upgraded domain..

And since he is still running the windows domain.
https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application 
Should help if thats done before the samba DC join. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland penny via samba
> Verzonden: maandag 10 februari 2020 14:26
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] samba_kcc issue after joining the 
> domain as a DC
> 
> On 10/02/2020 12:36, Alex via samba wrote:
> > Hello,
> >
> > I'm  trying  to  promote samba4 as a 3rd DC in Windows 2008 
> R2 AD domain (to get
> > rid  of  Windows  Servers in future). It's joined well, but 
> failing on samba_kcc
> > run (it's happened when I launched samba after joining the 
> domain, so for
> > debugging purposes I then started samba_kcc manually):
> > # /usr/local/samba/sbin/samba_kcc
> > Traceback (most recent call last):
> >    File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/kcc/kcc_
> utils.py", line 87, in load_nc
> 
> Hmm, 'lib64', is this on Fedora ?
> 
> If so, are you using the Fedora Samba packages ?
> 
> If so, then are you aware that using MIT kerberos with a 
> Samba AD DC is 
> experimental and shouldn't be used in production.
> 
> If non of the above applies, can you provide more info, what OS, What 
> Samba packages ? etc
> 
> Rowland
> 
> 
> >      scope=ldb.SCOPE_BASE, attrs=attrs)
> > _ldb.LdbError: (32, 'No such Base DN: 
> DC=DomainDnsZones,DC=domain,DC=com')
> > ...
> >    File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/kcc/kcc_
> utils.py", line 92, in load_nc
> >      (self.nc_dnstr, estr))
> > samba.kcc.kcc_utils.KCCError: Unable to find naming context 
> (DC=DomainDnsZones,DC=domain,DC=com) - (No such Base DN: 
> DC=DomainDnsZones,DC=domain,DC=com)
> >
> > I joined the domain with the following command:
> > samba-tool domain join domain.com DC -k yes --dns-backend 
> NONE --server=vm-dc1.domain.com
> >
> > vm-dc1 does have the mentioned context b/c it's a domain 
> naming master.
> > Wondering why samba tries to find it - it's not a domain 
> naming master..
> >
> > Any ideas are highly appreciated!
> >
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list