[Samba] FW: samba_kcc issue after joining the domain as a DC
Rowland penny
rpenny at samba.org
Mon Feb 10 18:27:26 UTC 2020
On 10/02/2020 16:46, Alex wrote:
>>>> Could not find machine account in secrets database: Failed to fetch
>>>> machine account password for DOM from both secrets.ldb (Could not find
>>>> entry to match filter: '(&(flatname=DOM)(objectclass=primaryDomain))'
>>>> base: 'cn=Primary Domains': No such object: dsdb_search at
>>>> ../source4/dsdb/common/util.c:4705) and from
>>>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
>> The other option is to remove 'DC=DomainDnsZones,DC=domain,DC=com' and
>> 'DC=ForestDnsZones,DC=domain,DC=com' after the join and then run
>> 'samba_upgradedns', would this work ?
> While it seems to be safe to delete DomainDnsZones context, the ForestDnsZones
> context seems to contain the real DNS zone info:
First and for most, this is just an idea I threw out for discussion.
If you are running the old style of DNS, then things are in a different
place to what is now expected.
Samba has a script 'samba_upgradedns', its main task is to change
between the internal and Bind9 dns servers, but it can recreate the DNS
records given a certain set of circumstances.
So, a couple of questions:
Can you clone your Samba DC and sandbox the clone ?
Can you run this search on your Samba DC:
ldbsearch -H /var/lib/samba/private/sam.ldb -b
'CN=Configuration,DC=samdom,DC=example,DC=com' -s sub
'(|(dnsRoot=DomainDnsZones.samdom.example.com)(dnsRoot=ForestDnsZones.samdom.example.com))'
nCName
You will have to alter it for your set up and dns domain.
Rowland
More information about the samba
mailing list