[Samba] Problems joining DC (tried 4.11.4 and 4.10.13)

Rowland penny rpenny at samba.org
Tue Jan 28 10:57:06 UTC 2020 

On 27/01/2020 22:41, Jonathan Hunter via samba wrote:
> Thank you Rowland - appreciated.
>
> On Mon, 27 Jan 2020 at 20:06, Rowland penny via samba
> <samba at lists.samba.org> wrote:
>> You should have removed all of /usr/local/samba and ensured that the new
>> dead DC was removed from AD by running 'samba-tool  domain demote
>> --remove-other-dead-server=<Your DC that didn't join>' on one of your
>> other DCs. This would have made sure that there is nothing from the new
>> DC in AD (if there was anything).
> I did use --remove-other-dead-server at the time, sorry for not making
> that clear in my original post. (I tried demoting from the new DC at
> first. When that didn't work I then used --remove-other-dead-server
> from another DC)
>
> I've now removed all of /usr/local/samba as you suggest - thanks.
> (Apart from sysvol which I'm replicating via rsync - I took care to
> avoid deleting that so as not to cascade any deletes there to other
> DCs :) )
>
> The only remaining items in /usr/local/samba were then two directories
> that I replicate between DCs, and that I'm sure won't be impacting on
> this issue:
>      /usr/local/samba/dfsroot (an empty folder anyway)
>      /usr/local/samba/var/locks (contains sysvol which is replicated)
>
> Unfortunately even with all of /usr/local/samba gone, this hasn't made
> a difference for me :(
>
> newdc:~/samba-4.10.13 $ sudo make install
> [...]
> newdc:~/samba-4.10.13 $ sudo /usr/local/samba/bin/samba-tool domain
> join mydomain.org.uk DC -U adminuser --site=mysite
> INFO 2020-01-27 22:18:54,654 pid:10351
> /usr/local/samba/lib/python3.7/site-packages/samba/join.py #104:
> Finding a writeable DC for domain 'mydomain.org.uk'
> INFO 2020-01-27 22:18:54,765 pid:10351
> /usr/local/samba/lib/python3.7/site-packages/samba/join.py #106: Found
> DC existingdc.mydomain.org.uk
> Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C:
> LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data
> 52e, v1db1> <>
> Failed to connect to 'ldap://existingdc.mydomain.org.uk' with backend
> 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr:
> DSID-0C0904DC, comment: AcceptSecurityContext error, data 52e, v1db1>
> <>
> ERROR(ldb): uncaught exception - LDAP error 49
> LDAP_INVALID_CREDENTIALS -  <8009030C: LdapErr: DSID-0C0904DC,
> comment: AcceptSecurityContext error, data 52e, v1db1> <>
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py",
> line 185, in _run
>      return self.run(*args, **kwargs)
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain.py",
> line 700, in run
>      backend_store=backend_store)
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py",
> line 1525, in join_DC
>      backend_store=backend_store)
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py",
> line 109, in __init__
>      credentials=ctx.creds, lp=ctx.lp)
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/samdb.py",
> line 67, in __init__
>      options=options)
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/__init__.py",
> line 115, in __init__
>      self.connect(url, flags, options)
>    File "/usr/local/samba/lib/python3.7/site-packages/samba/samdb.py",
> line 82, in connect
>      options=options)
>
> I'm not sure why samba-tool isn't prompting for the password when I
> join the domain, I've never had that before.

Hmm, you aren't supplying a password and you do not seem to be prompted 
for one, so either a random password or no password is being used, this 
leads to the LDAP error.

Can you try adding '--password=<the password for adminuser>' to the join 
command

>
> I also checked that it was picking up the correct version (since I had
> of course installed 4.11.4 at first, and then switched to 4.10.13)
> $ /usr/local/samba/bin/samba-tool --version
> 4.10.13
>
>> Can I also suggest you use Louis's repo: http://apt.van-belle.nl/
>>
>> This will save you building Samba.
> I would try it, but I am running on ARM architecture and Louis's repo
> is x86/x64 only, from what I can see. Plus, I don't mind building
> samba in any case, I've been doing it this way for a rather large
> number of years as I've always kept my DCs, and PDCs, before that, up
> to date via this method since distribution packages have never been
> updated promptly enough for me. I want to keep up to date with samba
> versions independently of the underlying distribution's release
> cycle.. Building from source is my preferred method :)

Which ARM is this ?

I use Louis's packages on my Rpi4 and they work well.

Rowland

More information about the samba mailing list