[Samba] Need help setting up Samba DC in Windows environment

Rowland Penny rpenny at samba.org
Tue May 9 07:24:59 UTC 2023 


On 09/05/2023 00:34, Owen DeLong via samba wrote:
> I'm having difficulty constructing my first samba DC in a currently windows-only environment.
> When I run:
> samba-tool domain join <domain> DC -U “<workgroup>\owen.delong"
> I get the authentication prompt, enter my password, then:
> INFO 2023-05-08 15:28:07,002 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1488: workgroup is <workgroup>
> INFO 2023-05-08 15:28:07,004 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1491: realm is <domain>
> Adding CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2>
> Adding CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2>
> Got krbtgt_name=krbtgt_14279
> Renaming CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> to CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2>
> Adding CN=SJC-BR-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2>
> Join failed - cleaning up
> Deleted CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2>
> Deleted CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2>
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> <0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of:
>   'CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2>'
>> <>
> I'm completely out of my depth when it comes to Active Directory. I'm a long-time linux/unix/juniper/cisco guy.
> The intent is for this to be a local DC at a stub site (branch office).
> This is on a dietpi system (arm64, nanopi r6s).
> Linux sjc-br-01 5.10.110 #1 SMP Tue Mar 14 21:59:07 CST 2023 aarch64 GNU/Linux
> Samba 4.13.13-Debian
> (.deb package install)
> 
> 
> 
> Any assistance, pointers, references greatly appreciated.
> 
> Thanks,
> 
> Owen
> 


Several things here, first is, I know it works on arm64, because I run 
my DC's on arm64.

Next, you are going to have to use Administrator to join the DC, a 
normal user doesn't work.

Why is 'krbtgt' called 'krbtgt_14279' and then why is it being renamed 
to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever happen before.

I have never used dietpi, but believe it is based on Debian, if this is 
the case, you will be better off using Samba from backports.

I think you need to tell us just what you did (in broad terms for now) 
before you ran the samba-tool join command.

Rowland

More information about the samba mailing list