[Samba] Joining Samba AD DC from Docker container fails - timeout

greg at theschaubs.com greg at theschaubs.com
Tue Jun 15 20:19:48 UTC 2021 

I have created a Docker container to support Samba Domain Controller
services.  I am joining to an existing Samba DC that is running on a Debian
based image.  I have successfully joined other DC's to this server in the
past and have a set created documentation to help ensure it works properly
in the future.

The new server container is based on Ubuntu 20.04 and I built it through the
distro packages.  I have configured Bind DLZ, sshd, and ntp which all appear
to be working properly.  I can share the specific packages if necessary, but
I would be surprised if I'm missing anything.  I have tried this both with
and without smbd running.  

I saw in a prior post blocked ports can lead to this type of behavior.
Therefore, I ran a port scan from the container to the source server and
verified that all needed ports are open.  I also ran a port scan against the
container which shows that ports 22 and 53 are open.  I also did this as the
join process was running and interestingly (at least to me) no other ports
were listening on the container at that time.  I cannot find any helpful
logs except for the output here.  I do see bind activity between the servers
in syslog while the join was running.

I'm out of ideas at this point.  Not sure if this is a docker/container
issue or a Ubuntu one.  For Ubuntu, this is the first time I have tried to
join a DC from that distribution.  I have added the output of the latest
join attempt below.

Hope someone can point me in the right direction.

Regards.Greg

root at schaub-dc1:/var/lib/samba# samba-tool domain join home.theschaubs.com
DC -U"HOME\administrator" --dns-backend=BIND9_DLZ --option='idmap_ldb:use
rfc2307 = yes' --verbose
INFO 2021-06-14 19:20:11,689 pid:273
/usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable DC
for domain 'home.theschaubs.com'
INFO 2021-06-14 19:20:11,744 pid:273
/usr/lib/python3/dist-packages/samba/join.py #109: Found DC
schaub-dc2.home.theschaubs.com
Password for [HOME\administrator]:
INFO 2021-06-14 19:20:27,668 pid:273
/usr/lib/python3/dist-packages/samba/join.py #1542: workgroup is HOME
INFO 2021-06-14 19:20:27,668 pid:273
/usr/lib/python3/dist-packages/samba/join.py #1545: realm is
home.theschaubs.com
Deleted CN=SCHAUB-DC1,OU=Domain Controllers,DC=home,DC=theschaubs,DC=com
Deleted CN=dns-SCHAUB-DC1,CN=Users,DC=home,DC=theschaubs,DC=com
Deleted CN=NTDS
Settings,CN=SCHAUB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
figuration,DC=home,DC=theschaubs,DC=com
Deleted
CN=SCHAUB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=home,DC=theschaubs,DC=com
Adding CN=SCHAUB-DC1,OU=Domain Controllers,DC=home,DC=theschaubs,DC=com
Adding
CN=SCHAUB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=home,DC=theschaubs,DC=com
Adding CN=NTDS
Settings,CN=SCHAUB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
figuration,DC=home,DC=theschaubs,DC=com
Adding SPNs to CN=SCHAUB-DC1,OU=Domain
Controllers,DC=home,DC=theschaubs,DC=com
Setting account password for SCHAUB-DC1$
Enabling account
Adding DNS account CN=dns-SCHAUB-DC1,CN=Users,DC=home,DC=theschaubs,DC=com
with dns/ SPN
Setting account password for dns-SCHAUB-DC1
Calling bare provision
INFO 2021-06-14 19:20:29,438 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2128: Looking up
IPv4 addresses
INFO 2021-06-14 19:20:29,439 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2145: Looking up
IPv6 addresses
WARNING 2021-06-14 19:20:29,440 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2152: No IPv6
address will be assigned
INFO 2021-06-14 19:20:29,645 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2319: Setting up
share.ldb
INFO 2021-06-14 19:20:29,656 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2323: Setting up
secrets.ldb
INFO 2021-06-14 19:20:29,664 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2329: Setting up
the registry
INFO 2021-06-14 19:20:29,696 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2332: Setting up
the privileges database
INFO 2021-06-14 19:20:29,712 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2335: Setting up
idmap db
INFO 2021-06-14 19:20:29,723 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2342: Setting up
SAM db
INFO 2021-06-14 19:20:29,726 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #898: Setting up
sam.ldb partitions and settings
INFO 2021-06-14 19:20:29,726 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #910: Setting up
sam.ldb rootDSE
INFO 2021-06-14 19:20:29,729 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #1339:
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs

INFO 2021-06-14 19:20:29,745 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2394: A Kerberos
configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
INFO 2021-06-14 19:20:29,745 pid:273
/usr/lib/python3/dist-packages/samba/provision/__init__.py #2396: Merge the
contents of this file with your system krb5.conf or replace it with this
one. Do not create a symlink!
Provision OK for domain DN DC=home,DC=theschaubs,DC=com
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=theschaubs,DC=com]
objects[402/1739] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=theschaubs,DC=com]
objects[804/1739] linked_values[0/0]
Join failed - cleaning up
Deleted CN=SCHAUB-DC1,OU=Domain Controllers,DC=home,DC=theschaubs,DC=com
Deleted CN=dns-SCHAUB-DC1,CN=Users,DC=home,DC=theschaubs,DC=com
Deleted CN=NTDS
Settings,CN=SCHAUB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
figuration,DC=home,DC=theschaubs,DC=com
Deleted
CN=SCHAUB-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=home,DC=theschaubs,DC=com
ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout} The
specified I/O operation on %hs was not completed before the time-out period
expired.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 701, in
run
    join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1558, in join_DC
    ctx.do_join()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1448, in do_join
    ctx.join_replicate()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 979, in
join_replicate
    repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
  File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in
replicate
    (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

More information about the samba mailing list