[Samba] FW: samba_kcc issue after joining the domain as a DC

L.P.H. van Belle belle at bazuin.nl
Mon Feb 10 16:01:55 UTC 2020 

Hai, 

Ok. I did more digging, this is a link Dennis showed which might help.. 
https://www.itprotoday.com/windows-78/q-how-can-i-create-domaindnszones-directory-partition 


Now, if i go throught the mailing list and lookup everything abotu this part.

> Could not find machine account in secrets database: Failed to fetch 
> machine account password for DOM from both secrets.ldb (Could not find 
> entry to match filter: '(&(flatname=DOM)(objectclass=primaryDomain))' 
> base: 'cn=Primary Domains': No such object: dsdb_search at 
> ../source4/dsdb/common/util.c:4705) and from 
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO

I cant see/find a clear solution. 
All problem domains where 2000/2003 related.. 

@Rowland or @Dennis, you guys any other options here? 
Im out of options for Alex. 

So far, 

Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex 
> via samba
> Verzonden: maandag 10 februari 2020 16:44
> Aan: Rowland penny
> CC: Alex
> Onderwerp: Re: [Samba] FW: samba_kcc issue after joining the 
> domain as a DC
> 
> Rowland,
> 
> >>> samba-tool domain join domain.com DC -k yes --dns-backend NONE
> >>> --server=vm-dc1.domain.com
> >>> Why did he do that ? why no dns server ?????
> >> This is b/c we used to host AD zone on a separate DNS 
> server(s), not in the AD.
> >> I  thought  to keep that setup b/c it's much easier to 
> administrator the AD zone
> >> in bind9, rather than in MS DNS.
> >>
> > No, it isn't and using 'NONE' as the dns backend is not 
> supported by Samba.
> 
> > Run: samba_upgradedns
> 
> > That should fill in your missing dns data.
> 
> > An AD DC is authoritative for the AD dns domain.
> 
> Here is what I got after switching to SAMBA_INTERNAL backend:
> 
> # samba-tool domain join domain.com DC -k yes 
> --server=vm-dc1.domain.com
> 
> INFO 2020-02-10 18:34:09,671 pid:26424 
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py 
> #1116: Adding 1 remote DNS records for VM-DC3.domain.com
> Using binding ncacn_ip_tcp:vm-dc1.domain.com[,sign]
> Mapped to DCERPC endpoint 135
> added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 
> netmask=255.255.0.0
> added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 
> netmask=255.255.0.0
> resolve_lmhosts: Attempting lmhosts lookup for name 
> vm-dc1.domain.com<0x20>
> Mapped to DCERPC endpoint 49228
> added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 
> netmask=255.255.0.0
> added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 
> netmask=255.255.0.0
> resolve_lmhosts: Attempting lmhosts lookup for name 
> vm-dc1.domain.com<0x20>
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> GSSAPI credentials for administrator at domain.com will expire 
> in 32550 secs
> gensec_gssapi: NO credentials were delegated
> GSSAPI Connection will be cryptographically signed
> INFO 2020-02-10 18:34:10,109 pid:26424 
> /usr/local/samba/lib64/python3.6/site-packages/samba/join.py 
> #1179: Adding DNS A record VM-DC3.domain.com for IPv4 IP: 172.26.1.83
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to 
> fetch machine account password for DOMAIN from both 
> secrets.ldb (Could not find entry to match filter: 
> '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 
> 'cn=Primary Domains': No such object: dsdb_search at 
> ../../source4/dsdb/common/util.c:4733) and from 
> /usr/local/samba/private/secrets.tdb: 
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> ERROR(runtime): uncaught exception - (9003, 
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>   File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/_
_init__.py", line 186, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/d
omain.py", line 708, in run
>     backend_store_size=backend_store_size)
>   File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py"
> , line 1561, in join_DC
>     ctx.do_join()
>   File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py"
> , line 1456, in do_join
>     ctx.join_add_dns_records()
>   File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py"
> , line 1197, in join_add_dns_records
>     dns_partition=domaindns_zone_dn)
>   File 
> "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py
> ", line 1177, in dns_lookup
>     dns_partition=dns_partition)
> Adding CN=VM-DC3,OU=Domain Controllers,DC=domain,DC=com
> Adding 
> CN=VM-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=domain,DC=com
> Adding CN=NTDS 
> Settings,CN=VM-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=domain,DC=com
> Adding SPNs to CN=VM-DC3,OU=Domain Controllers,DC=domain,DC=com
> Setting account password for VM-DC3$
> Enabling account
> Calling bare provision
> Provision OK for domain DN DC=domain,DC=com
> Starting replication
> Missing target object - retrying with DRS_GET_TGT
> Replicating critical objects from the base DN of the domain
> Missing target object - retrying with DRS_GET_TGT
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=domain,DC=com
> Replicating DC=ForestDnsZones,DC=domain,DC=com
> Committing SAM database
> --- join_add_dns_records
> Join failed - cleaning up
> 
> DNS is now updated as Louis suggested to do.
> 
> -- 
> Best regards,
> Alex Alex
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list