[Samba] DNS problems when adding samba DC to win2008R2
Rowland penny
rpenny at samba.org
Mon Sep 14 21:34:11 UTC 2020
On 14/09/2020 21:11, Carlos Jesus wrote:
> Hi rowland thanks for the tip.
> Even though I'm trying to add a DC not a domain member, your
> instructions are easily adapted.
oops, sorry I sent you the wrong one :-[
> I followed your procedure using Louis' repo up to the point of joining
> the domain.
> Then I issued samba-tool domain join samdom.example.com
> <http://samdom.example.com> DC -U"SAMDOM\administrator"
> I got basically the same as before:
> Password for [EKRIOR\administrator]:
> INFO 2020-09-14 20:50:28,706 pid:791
> /usr/lib/python3/dist-packages/samba/join.py #1542: workgroup is EKRIOR
> INFO 2020-09-14 20:50:28,707 pid:791
> /usr/lib/python3/dist-packages/samba/join.py #1545: realm is
> ekrior.lx.pt <http://ekrior.lx.pt>
> Adding CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt
> Adding
> CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt
> Adding CN=NTDS
> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt
> Adding SPNs to CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt
> Setting account password for SERVER2$
> Enabling account
> Calling bare provision
> INFO 2020-09-14 20:50:29,605 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2133:
> Looking up IPv4 addre sses
> INFO 2020-09-14 20:50:29,606 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2150:
> Looking up IPv6 addre sses
> INFO 2020-09-14 20:50:30,099 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305:
> Setting up secrets.ld b
> INFO 2020-09-14 20:50:31,063 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2311:
> Setting up the regist ry
> INFO 2020-09-14 20:50:31,467 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2314:
> Setting up the privil eges database
> INFO 2020-09-14 20:50:32,628 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2317:
> Setting up idmap db
> INFO 2020-09-14 20:50:33,378 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2324:
> Setting up SAM db
> INFO 2020-09-14 20:50:33,512 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #897:
> Setting up sam.ldb par titions and settings
> INFO 2020-09-14 20:50:33,515 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #909:
> Setting up sam.ldb roo tDSE
> INFO 2020-09-14 20:50:33,615 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #1338:
> Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> INFO 2020-09-14 20:50:33,924 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2377: A
> Kerberos configurat ion suitable for Samba AD
> has been generated at /var/lib/samba/private/krb5.conf
> INFO 2020-09-14 20:50:33,925 pid:791
> /usr/lib/python3/dist-packages/samba/provision/__init__.py #2378:
> Merge the contents of this file with your
> system krb5.conf or replace it with this one. Do not create a symlink!
> Provision OK for domain DN DC=ekrior,DC=lx,DC=pt
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt]
> objects[402/2139] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt]
> objects[804/2139] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt]
> objects[1206/2139] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ekrior,DC=lx,DC=pt]
> objects[1553/2139] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[402/3175]
> linked_values[0/27]
> Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[804/3175]
> linked_values[0/27]
> Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[1206/3175]
> linked_values[0/27]
> Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[1608/3175]
> linked_values[12/27]
> Partition[CN=Configuration,DC=ekrior,DC=lx,DC=pt] objects[1767/3175]
> linked_values[27/27]
> dsdb_replicated_objects_convert: Ignoring object outside partition
> aa197b50-8188-44d9-87bc-42765ee82c2d CN=Schema,CN=Configu
> ration,DC=ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED
> Replicating critical objects from the base DN of the domain
> Partition[DC=ekrior,DC=lx,DC=pt] objects[102/102] linked_values[33/37]
> Partition[DC=ekrior,DC=lx,DC=pt] objects[337/2958] linked_values[37/37]
> dsdb_replicated_objects_convert: Ignoring object outside partition
> 7fa2c15a-9cfe-49e8-b0aa-3ae54bdaeb13 CN=Configuration,DC=
> ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside partition
> e78debc5-95f3-4061-b22f-06a0f2af1494 DC=DomainDnsZones,DC
> =ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED
> Partition[DC=ekrior,DC=lx,DC=pt] objects[353/2958] linked_values[37/37]
> dsdb_replicated_objects_convert: Ignoring object outside partition
> ff5a9921-9a3e-41d1-9553-5a565da5fb6a DC=ForestDnsZones,DC
> =ekrior,DC=lx,DC=pt: WERR_DS_ADD_REPLICA_INHIBITED
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=ekrior,DC=lx,DC=pt
> Partition[DC=DomainDnsZones,DC=ekrior,DC=lx,DC=pt] objects[254/249]
> linked_values[0/0]
> Replicating DC=ForestDnsZones,DC=ekrior,DC=lx,DC=pt
> Partition[DC=ForestDnsZones,DC=ekrior,DC=lx,DC=pt] objects[146/130]
> linked_values[0/0]
> Exop on[CN=RID Manager$,CN=System,DC=ekrior,DC=lx,DC=pt] objects[3]
> linked_values[0]
> Committing SAM database
> Repacking database from v1 to v2 format (first record
> CN=Allowed-Attributes-Effective,CN=Schema,CN=Configuration,DC=ekrior,D
> C=lx,DC=pt)
> Repack: re-packed 10000 records so far
> Repacking database from v1 to v2 format (first record
> CN=subnetContainer-Display,CN=41D,CN=DisplaySpecifiers,CN=Configuratio
> n,DC=ekrior,DC=lx,DC=pt)
> Repacking database from v1 to v2 format (first record
> DC=_ldap._tcp.dc\0ADEL:4e387902-3b67-43cf-a656-01c66df52385,CN=Deleted
> Objects,DC=DomainDnsZones,DC=ekrior,DC=lx,DC=pt)
> Repacking database from v1 to v2 format (first record
> DC=server\0ADEL:4853b891-8611-4159-9947-7ef72ab3660f,CN=Deleted Object
> s,DC=ForestDnsZones,DC=ekrior,DC=lx,DC=pt)
> Repacking database from v1 to v2 format (first record CN=Distributed
> COM Users,CN=Builtin,DC=ekrior,DC=lx,DC=pt)
> INFO 2020-09-14 20:50:59,594 pid:791
> /usr/lib/python3/dist-packages/samba/join.py #1116: Adding 2 remote
> DNS records for SER VER2.ekrior.lx.pt <http://VER2.ekrior.lx.pt>
> Join failed - cleaning up
You can ignore anything from here on, it is just backwash from the failure.
> Deleted CN=RID Set,CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt
> Deleted CN=SERVER2,OU=Domain Controllers,DC=ekrior,DC=lx,DC=pt
> Deleted CN=NTDS
> Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt
> Deleted
> CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ekrior,DC=lx,DC=pt
> ERROR(runtime): uncaught exception - (3221225485, 'An invalid
> parameter was passed to a service or function.')
> File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line
> 671, in run
> backend_store_size=backend_store_size)
> File "/usr/lib/python3/dist-packages/samba/join.py", line 1558, in
> join_DC
> ctx.do_join()
> File "/usr/lib/python3/dist-packages/samba/join.py", line 1455, in
> do_join
> ctx.join_add_dns_records()
> File "/usr/lib/python3/dist-packages/samba/join.py", line 1144, in
> join_add_dns_records
> None)
> tomorrow I'll try to move on
>
> Best regards
>
Are you sure this wasn't an upgrade from an earlier version of Windows,
I have seen this before when the domain started as a W2000K domain. Or
is the exchange schema involved ?
More information about the samba
mailing list