[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain
Arndt Kritzner
kritzner at logicway.de
Sun Feb 13 19:38:40 UTC 2022
When trying to join an existing 2012R2 ADS (object Version 69) this results in an error and subsequential rollback of
the join:
ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py", line 700, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1543, in join_DC
ctx.do_join()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1440, in do_join
ctx.join_add_dns_records()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1181, in join_add_dns_records
= ctx.samdb.dns_lookup("%s.%s" % (name, zone),
File "/usr/lib/python3.10/site-packages/samba/samdb.py", line 1357, in dns_lookup
return dsdb_dns.lookup(self, dns_name,
Samba version is 4.15.5 (Arch Linux). The ADS-domain is of software version 69 (W2012R2) on an W2k8 base system. I was
installing and initializing samba after this tutorial:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
DNS and Kerberos might work. The existing DC/DNS reports in the Moment of the exception an event 6702 (see below). With
in the end the same result these join commands were attempted:
samba-tool domain join kk.lokal DC --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
samba-tool domain join kk.lokal DC -U"KK\Administrator" --dns-backend=SAMBA_INTERNAL --verbose -d3
Any ideas how to resolve or further investigate this? For details see below.
Kind regards
Arndt
details:
======================================================================================================
event 6702 (windows DNS side) description: german info: "DNS-Server hat die eigenen Host-Einträge (A) aktualisiert. Um
sicherzustellen, dass die verzeichnisdienstintegrierten Peer-DNS-Server mit diesem Server replizieren können, wurde
versucht, diese mit dem neuen Eintrag mittels dynamischer Aktualisierung zu aktualisieren. Dabei ist ein Fehler
aufgetreten. Die Daten enthalten den Fehlercode."
=> means:"DNS server has updated it's own host entries (A). ... was tried to also update peer DNSes. This resulted in an
error. ..."
[root at dc1-samba ~]# klist
Ticketzwischenspeicher: FILE:/tmp/krb5cc_0
Standard-Principal: Administrator at KK.LOCAL
Valid starting Expires Service principal
13.02.2022 16:26:07 14.02.2022 02:26:07 krbtgt/KK.LOCAL at KK.LOCAL
erneuern bis 14.02.2022 16:26:01
13.02.2022 16:33:20 14.02.2022 02:26:07 ldap/ADS-2008.kk.local at KK.LOCAL
13.02.2022 16:33:20 14.02.2022 02:26:07 ldap/ADS-2008.KK.LOCAL at KK.LOCAL
13.02.2022 16:33:28 14.02.2022 02:26:07 host/ADS-2008.KK.LOCAL at KK.LOCAL
[root at dc1-samba ~]# smbd -b | egrep "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
LOCKDIR: /var/cache/samba
STATEDIR: /var/lib/samba
CACHEDIR: /var/cache/samba
PRIVATE_DIR: /var/lib/samba/private
[root at dc1-samba ~]# find /var/cache/samba -name "*db" -exec rm {} \;
[root at dc1-samba ~]# find /var/lib/samba -name "*db" -exec rm {} \;
[root at dc1-samba ~]# rm /etc/samba/smb.conf
[root at dc1-samba ~]# samba-tool domain join kk.local DC --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
INFO 2022-02-13 17:36:05,040 pid:2096 /usr/lib/python3.10/site-packages/samba/join.py #105: Finding a writeable DC for
domain 'kk.local'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.kk.local<0x0>
INFO 2022-02-13 17:36:05,045 pid:2096 /usr/lib/python3.10/site-packages/samba/join.py #107: Found DC ADS-2008.kk.local
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
INFO 2022-02-13 17:36:05,080 pid:2096 /usr/lib/python3.10/site-packages/samba/join.py #1527: workgroup is KK
INFO 2022-02-13 17:36:05,080 pid:2096 /usr/lib/python3.10/site-packages/samba/join.py #1530: realm is kk.local
Adding CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Adding CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
Adding CN=NTDS
Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
Adding SPNs to CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Setting account password for DC1-SAMBA$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
INFO 2022-02-13 17:36:05,362 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2105: Looking up
IPv4 addresses
INFO 2022-02-13 17:36:05,362 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2122: Looking up
IPv6 addresses
WARNING 2022-02-13 17:36:05,362 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2129: No IPv6
address will be assigned
INFO 2022-02-13 17:36:05,556 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2271: Setting up
share.ldb
INFO 2022-02-13 17:36:05,570 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2275: Setting up
secrets.ldb
INFO 2022-02-13 17:36:05,578 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2280: Setting up
the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
INFO 2022-02-13 17:36:05,605 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2283: Setting up
the privileges database
INFO 2022-02-13 17:36:05,618 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2286: Setting up
idmap db
INFO 2022-02-13 17:36:05,628 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2293: Setting up SAM db
INFO 2022-02-13 17:36:05,631 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #880: Setting up
sam.ldb partitions and settings
INFO 2022-02-13 17:36:05,631 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #892: Setting up
sam.ldb rootDSE
INFO 2022-02-13 17:36:05,634 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #1305: Pre-loading
the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-02-13 17:36:05,649 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2345: A Kerberos
configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-02-13 17:36:05,649 pid:2096 /usr/lib/python3.10/site-packages/samba/provision/__init__.py #2347: Merge the
contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=kk,DC=local
Starting replication
Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[402/2277] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[804/2277] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[1206/2277] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[1608/2277] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[1743/2277] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Replicated 1743 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[402/3491] linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[804/3491] linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1206/3491] linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1608/3491] linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1896/3491] linked_values[0/12]
dsdb_replicated_objects_convert: Ignoring object outside partition 28cc91bc-56cb-4e6e-b855-c4d9fb1de9e1
CN=Schema,CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
Replicated 287 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1949/3491] linked_values[12/12]
Replicated 53 objects (12 linked attributes) for CN=Configuration,DC=kk,DC=local
Replicating critical objects from the base DN of the domain
Partition[DC=kk,DC=local] objects[99/148] linked_values[0/16]
Replicated 99 objects (0 linked attributes) for DC=kk,DC=local
Partition[DC=kk,DC=local] objects[402/5344] linked_values[0/16]
Replicated 402 objects (0 linked attributes) for DC=kk,DC=local
Partition[DC=kk,DC=local] objects[661/5344] linked_values[16/16]
dsdb_replicated_objects_convert: Ignoring object outside partition 0072135d-84d3-4a6b-8161-558fae7f612f
CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
dsdb_replicated_objects_convert: Ignoring object outside partition 1c3e80cd-a49b-496e-91e3-9163f182345a
DC=DomainDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
dsdb_replicated_objects_convert: Ignoring object outside partition 87ce9ad5-1c53-4529-87ba-da71ba908779
DC=ForestDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
Replicated 256 objects (16 linked attributes) for DC=kk,DC=local
Partition[DC=kk,DC=local] objects[741/5344] linked_values[16/16]
Replicated 80 objects (0 linked attributes) for DC=kk,DC=local
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=kk,DC=local
Partition[DC=DomainDnsZones,DC=kk,DC=local] objects[21/21] linked_values[0/0]
Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=kk,DC=local
Replicating DC=ForestDnsZones,DC=kk,DC=local
Partition[DC=ForestDnsZones,DC=kk,DC=local] objects[5/5] linked_values[0/0]
Replicated 5 objects (0 linked attributes) for DC=ForestDnsZones,DC=kk,DC=local
Exop on[CN=RID Manager$,CN=System,DC=kk,DC=local] objects[3] linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectClass on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to whenCreated on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to displayName on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to nTSecurityDescriptor on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to name on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to userAccountControl on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to codePage on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to countryCode on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to dBCSPwd on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to localPolicyFlags on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to logonHours on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to unicodePwd on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to ntPwdHistory on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to pwdLastSet on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to primaryGroupID on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to supplementalCredentials on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
from 5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectSid on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to accountExpires on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to lmPwdHistory on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to sAMAccountName on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to sAMAccountType on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to dNSHostName on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to servicePrincipalName on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectCategory on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to isCriticalSystemObject on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
from 5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from 5382ee1d-7748-45f1-80ff-318179cceab7
Replicated 3 objects (0 linked attributes) for DC=kk,DC=local
Committing SAM database
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL ' (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
replmd_prepare_commit: Processing linked attributes
Repacking database from v1 to v2 format (first record CN=Scope-Flags,CN=Schema,CN=Configuration,DC=kk,DC=local)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,CN=Configuration,DC=kk,DC=local)
Repacking database from v1 to v2 format (first record
DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=kk,DC=local)
Repacking database from v1 to v2 format (first record CN=NTDS Quotas,DC=ForestDnsZones,DC=kk,DC=local)
Repacking database from v1 to v2 format (first record
CN=E74E40BE7F8F42468F72B5888FDE5E96300AE2B119D511DEAF31525400123457,CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=kk,DC=local)
INFO 2022-02-13 17:36:12,173 pid:2096 /usr/lib/python3.10/site-packages/samba/join.py #1100: Adding 1 remote DNS records
for DC1-SAMBA.kk.local
Using binding ncacn_ip_tcp:ADS-2008.kk.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name ADS-2008.kk.local<0x20>
INFO 2022-02-13 17:36:12,205 pid:2096 /usr/lib/python3.10/site-packages/samba/join.py #1163: Adding DNS A record
DC1-SAMBA.kk.local for IPv4 IP: 192.168.1.3
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for KK from both
secrets.ldb (Could not find entry to match filter: '(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4774) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Deleted CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Deleted CN=NTDS
Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
Deleted CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py", line 700, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1543, in join_DC
ctx.do_join()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1440, in do_join
ctx.join_add_dns_records()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1181, in join_add_dns_records
= ctx.samdb.dns_lookup("%s.%s" % (name, zone),
File "/usr/lib/python3.10/site-packages/samba/samdb.py", line 1357, in dns_lookup
return dsdb_dns.lookup(self, dns_name,
[root at dc1-samba ~]# cat /var/lib/samba/private/krb5.conf
[libdefaults]
default_realm = KK.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
KK.LOCAL = {
default_domain = kk.local
}
[domain_realm]
DC1-SAMBA = KK.LOCAL
More information about the samba
mailing list