[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain
L. van Belle
belle at samba.org
Mon Feb 14 10:17:45 UTC 2022
The important part of thie message.
Could not find machine account in secrets database: Failed to fetch machine
account password for KK from both
secrets.ldb (Could not find entry to match filter:
'(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No
such object: dsdb_search at ../../source4/dsdb/common/util.c:4774) and from
This is the hint : cn=Primary Domains
Was this from origin a 2003 server?
Read this carefully.
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting
* also https://bugzilla.samba.org/show_bug.cgi?id=13298
I did look for a solution here, i know there is one but i cant find it.
Sooo.. Lets hope Rowland his memory is better then mine today. ;-)
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Arndt Kritzner via samba
> Verzonden: zondag 13 februari 2022 20:39
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Exception and error
> (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an
> existing W2012R2 domain
>
> When trying to join an existing 2012R2 ADS (object Version
> 69) this results in an error and subsequential rollback of
> the join:
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> File
> "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py",
> line 186, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py",
> line 700, in run
> join_DC(logger=logger, server=server, creds=creds,
> lp=lp, domain=domain,
> File "/usr/lib/python3.10/site-packages/samba/join.py",
> line 1543, in join_DC
> ctx.do_join()
> File "/usr/lib/python3.10/site-packages/samba/join.py",
> line 1440, in do_join
> ctx.join_add_dns_records()
> File "/usr/lib/python3.10/site-packages/samba/join.py",
> line 1181, in join_add_dns_records
> = ctx.samdb.dns_lookup("%s.%s" % (name, zone),
> File "/usr/lib/python3.10/site-packages/samba/samdb.py",
> line 1357, in dns_lookup
> return dsdb_dns.lookup(self, dns_name,
>
> Samba version is 4.15.5 (Arch Linux). The ADS-domain is of
> software version 69 (W2012R2) on an W2k8 base system. I was
> installing and initializing samba after this tutorial:
>
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis
> ting_Active_Directory
> DNS and Kerberos might work. The existing DC/DNS reports in
> the Moment of the exception an event 6702 (see below). With
> in the end the same result these join commands were attempted:
> samba-tool domain join kk.lokal DC
> --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
> samba-tool domain join kk.lokal DC -U"KK\Administrator"
> --dns-backend=SAMBA_INTERNAL --verbose -d3
>
> Any ideas how to resolve or further investigate this? For
> details see below.
>
> Kind regards
> Arndt
>
>
> details:
> ==============================================================
> ========================================
> event 6702 (windows DNS side) description: german info:
> "DNS-Server hat die eigenen Host-Einträge (A) aktualisiert. Um
> sicherzustellen, dass die verzeichnisdienstintegrierten
> Peer-DNS-Server mit diesem Server replizieren können, wurde
> versucht, diese mit dem neuen Eintrag mittels dynamischer
> Aktualisierung zu aktualisieren. Dabei ist ein Fehler
> aufgetreten. Die Daten enthalten den Fehlercode."
> => means:"DNS server has updated it's own host entries (A).
> ... was tried to also update peer DNSes. This resulted in an
> error. ..."
>
> [root at dc1-samba ~]# klist
> Ticketzwischenspeicher: FILE:/tmp/krb5cc_0
> Standard-Principal: Administrator at KK.LOCAL
>
> Valid starting Expires Service principal
> 13.02.2022 16:26:07 14.02.2022 02:26:07 krbtgt/KK.LOCAL at KK.LOCAL
> erneuern bis 14.02.2022 16:26:01
> 13.02.2022 16:33:20 14.02.2022 02:26:07
> ldap/ADS-2008.kk.local at KK.LOCAL
> 13.02.2022 16:33:20 14.02.2022 02:26:07
> ldap/ADS-2008.KK.LOCAL at KK.LOCAL
> 13.02.2022 16:33:28 14.02.2022 02:26:07
> host/ADS-2008.KK.LOCAL at KK.LOCAL
>
>
> [root at dc1-samba ~]# smbd -b | egrep
> "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
> LOCKDIR: /var/cache/samba
> STATEDIR: /var/lib/samba
> CACHEDIR: /var/cache/samba
> PRIVATE_DIR: /var/lib/samba/private
> [root at dc1-samba ~]# find /var/cache/samba -name "*db" -exec rm {} \;
> [root at dc1-samba ~]# find /var/lib/samba -name "*db" -exec rm {} \;
> [root at dc1-samba ~]# rm /etc/samba/smb.conf
>
>
> [root at dc1-samba ~]# samba-tool domain join kk.local DC
> --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> INFO 2022-02-13 17:36:05,040 pid:2096
> /usr/lib/python3.10/site-packages/samba/join.py #105: Finding
> a writeable DC for
> domain 'kk.local'
> resolve_lmhosts: Attempting lmhosts lookup for name
> _ldap._tcp.kk.local<0x0>
> INFO 2022-02-13 17:36:05,045 pid:2096
> /usr/lib/python3.10/site-packages/samba/join.py #107: Found
> DC ADS-2008.kk.local
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> INFO 2022-02-13 17:36:05,080 pid:2096
> /usr/lib/python3.10/site-packages/samba/join.py #1527: workgroup is KK
> INFO 2022-02-13 17:36:05,080 pid:2096
> /usr/lib/python3.10/site-packages/samba/join.py #1530: realm
> is kk.local
> Adding CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Adding
> CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,C
> N=Sites,CN=Configuration,DC=kk,DC=local
> Adding CN=NTDS
> Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-St
andorts,CN=Sites,CN=Configuration,DC=kk,DC=local
> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> Adding SPNs to CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Setting account password for DC1-SAMBA$
> Enabling account
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> INFO 2022-02-13 17:36:05,362 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2105: Looking up
> IPv4 addresses
> INFO 2022-02-13 17:36:05,362 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2122: Looking up
> IPv6 addresses
> WARNING 2022-02-13 17:36:05,362 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2129: No IPv6
> address will be assigned
> INFO 2022-02-13 17:36:05,556 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2271: Setting up
> share.ldb
> INFO 2022-02-13 17:36:05,570 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2275: Setting up
> secrets.ldb
> INFO 2022-02-13 17:36:05,578 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2280: Setting up
> the registry
> ldb_wrap open of hklm.ldb
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYST
> EM,hive=NONE' not found
> key added:
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTE
> M,hive=NONE
> Key
> 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=N
> ONE' not found
> key added:
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added: key=Terminal
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
> not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hi
> ve=NONE' not found
> key added:
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSe
> t,key=SYSTEM,hive=NONE' not found
> key added:
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet
> ,key=SYSTEM,hive=NONE
> Key
> 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hiv
> e=NONE' not found
> key added:
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet
> ,key=SYSTEM,hive=NONE' not found
> key added:
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,
> key=SYSTEM,hive=NONE
> INFO 2022-02-13 17:36:05,605 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2283: Setting up
> the privileges database
> INFO 2022-02-13 17:36:05,618 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2286: Setting up
> idmap db
> INFO 2022-02-13 17:36:05,628 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2293: Setting up SAM db
> INFO 2022-02-13 17:36:05,631 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #880: Setting up
> sam.ldb partitions and settings
> INFO 2022-02-13 17:36:05,631 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #892: Setting up
> sam.ldb rootDSE
> INFO 2022-02-13 17:36:05,634 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #1305: Pre-loading
> the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of
> metadata.tdb gave: No such Base DN: @INDEXLIST
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> INFO 2022-02-13 17:36:05,649 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2345: A Kerberos
> configuration suitable for Samba AD has been generated at
> /var/lib/samba/private/krb5.conf
> INFO 2022-02-13 17:36:05,649 pid:2096
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py
> #2347: Merge the
> contents of this file with your system krb5.conf or replace
> it with this one. Do not create a symlink!
> Provision OK for domain DN DC=kk,DC=local
> Starting replication
> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local]
> objects[402/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local]
> objects[804/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local]
> objects[1206/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local]
> objects[1608/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local]
> objects[1743/2277] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor
> on CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor
> on CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor
> on CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectClass on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> showInAdvancedViewOnly on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor
> on CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on
> CN=Schema,CN=Configuration,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Replicated 1743 objects (0 linked attributes) for
> CN=Schema,CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[402/3491]
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[804/3491]
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1206/3491]
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1608/3491]
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1896/3491]
> linked_values[0/12]
> dsdb_replicated_objects_convert: Ignoring object outside
> partition 28cc91bc-56cb-4e6e-b855-c4d9fb1de9e1
> CN=Schema,CN=Configuration,DC=kk,DC=local:
> WERR_DS_ADD_REPLICA_INHIBITED
> Replicated 287 objects (0 linked attributes) for
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1949/3491]
> linked_values[12/12]
> Replicated 53 objects (12 linked attributes) for
> CN=Configuration,DC=kk,DC=local
> Replicating critical objects from the base DN of the domain
> Partition[DC=kk,DC=local] objects[99/148] linked_values[0/16]
> Replicated 99 objects (0 linked attributes) for DC=kk,DC=local
> Partition[DC=kk,DC=local] objects[402/5344] linked_values[0/16]
> Replicated 402 objects (0 linked attributes) for DC=kk,DC=local
> Partition[DC=kk,DC=local] objects[661/5344] linked_values[16/16]
> dsdb_replicated_objects_convert: Ignoring object outside
> partition 0072135d-84d3-4a6b-8161-558fae7f612f
> CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside
> partition 1c3e80cd-a49b-496e-91e3-9163f182345a
> DC=DomainDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside
> partition 87ce9ad5-1c53-4529-87ba-da71ba908779
> DC=ForestDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
> Replicated 256 objects (16 linked attributes) for DC=kk,DC=local
> Partition[DC=kk,DC=local] objects[741/5344] linked_values[16/16]
> Replicated 80 objects (0 linked attributes) for DC=kk,DC=local
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=kk,DC=local
> Partition[DC=DomainDnsZones,DC=kk,DC=local] objects[21/21]
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for
> DC=DomainDnsZones,DC=kk,DC=local
> Replicating DC=ForestDnsZones,DC=kk,DC=local
> Partition[DC=ForestDnsZones,DC=kk,DC=local] objects[5/5]
> linked_values[0/0]
> Replicated 5 objects (0 linked attributes) for
> DC=ForestDnsZones,DC=kk,DC=local
> Exop on[CN=RID Manager$,CN=System,DC=kk,DC=local] objects[3]
> linked_values[0]
> Discarding older DRS attribute update to objectClass on
> CN=RID Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on
> CN=RID Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to
> showInAdvancedViewOnly on CN=RID
> Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor
> on CN=RID Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on CN=RID
> Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on
> CN=RID Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to systemFlags on
> CN=RID Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on
> CN=RID Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to
> isCriticalSystemObject on CN=RID
> Manager$,CN=System,DC=kk,DC=local from
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectClass on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to whenCreated on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to displayName on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to nTSecurityDescriptor
> on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to name on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to userAccountControl
> on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to codePage on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to countryCode on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to dBCSPwd on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to localPolicyFlags on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to logonHours on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to unicodePwd on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to ntPwdHistory on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to pwdLastSet on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to primaryGroupID on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> supplementalCredentials on CN=DC1-SAMBA,OU=Domain
> Controllers,DC=kk,DC=local
> from 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectSid on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to accountExpires on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to lmPwdHistory on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to sAMAccountName on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to sAMAccountType on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to dNSHostName on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to servicePrincipalName
> on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectCategory on
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> isCriticalSystemObject on CN=DC1-SAMBA,OU=Domain
> Controllers,DC=kk,DC=local
> from 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to
> msDS-SupportedEncryptionTypes on CN=DC1-SAMBA,OU=Domain
> Controllers,DC=kk,DC=local from 5382ee1d-7748-45f1-80ff-318179cceab7
> Replicated 3 objects (0 linked attributes) for DC=kk,DC=local
> Committing SAM database
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL '
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> replmd_prepare_commit: Processing linked attributes
> Repacking database from v1 to v2 format (first record
> CN=Scope-Flags,CN=Schema,CN=Configuration,DC=kk,DC=local)
> Repack: re-packed 10000 records so far
> Repacking database from v1 to v2 format (first record
> CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,CN=Configu
> ration,DC=kk,DC=local)
> Repacking database from v1 to v2 format (first record
> DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=Dom
> ainDnsZones,DC=kk,DC=local)
> Repacking database from v1 to v2 format (first record CN=NTDS
> Quotas,DC=ForestDnsZones,DC=kk,DC=local)
> Repacking database from v1 to v2 format (first record
> CN=E74E40BE7F8F42468F72B5888FDE5E96300AE2B119D511DEAF315254001
> 23457,CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=kk,DC=local)
> INFO 2022-02-13 17:36:12,173 pid:2096
> /usr/lib/python3.10/site-packages/samba/join.py #1100: Adding
> 1 remote DNS records
> for DC1-SAMBA.kk.local
> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,sign]
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> ADS-2008.kk.local<0x20>
> INFO 2022-02-13 17:36:12,205 pid:2096
> /usr/lib/python3.10/site-packages/samba/join.py #1163: Adding
> DNS A record
> DC1-SAMBA.kk.local for IPv4 IP: 192.168.1.3
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to
> fetch machine account password for KK from both
> secrets.ldb (Could not find entry to match filter:
> '(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary
> Domains': No such object: dsdb_search at
> ../../source4/dsdb/common/util.c:4774) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=RID Set,CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Deleted CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Deleted CN=NTDS
> Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-St
andorts,CN=Sites,CN=Configuration,DC=kk,DC=local
> Deleted
> CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,C
> N=Sites,CN=Configuration,DC=kk,DC=local
> ERROR(runtime): uncaught exception - (9003,
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
> File
> "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py",
> line 186, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py",
> line 700, in run
> join_DC(logger=logger, server=server, creds=creds,
> lp=lp, domain=domain,
> File "/usr/lib/python3.10/site-packages/samba/join.py",
> line 1543, in join_DC
> ctx.do_join()
> File "/usr/lib/python3.10/site-packages/samba/join.py",
> line 1440, in do_join
> ctx.join_add_dns_records()
> File "/usr/lib/python3.10/site-packages/samba/join.py",
> line 1181, in join_add_dns_records
> = ctx.samdb.dns_lookup("%s.%s" % (name, zone),
> File "/usr/lib/python3.10/site-packages/samba/samdb.py",
> line 1357, in dns_lookup
> return dsdb_dns.lookup(self, dns_name,
>
>
> [root at dc1-samba ~]# cat /var/lib/samba/private/krb5.conf
> [libdefaults]
> default_realm = KK.LOCAL
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> [realms]
> KK.LOCAL = {
> default_domain = kk.local
> }
>
> [domain_realm]
> DC1-SAMBA = KK.LOCAL
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list