[Samba] [EXTERNAL]Re: Need help setting up Samba DC in Windows environment

[Owen DeLong]

This is an attempt to add a new samba DC to an existing windows AD domain. The new DC has not been previously provisioned, but I have had multiple failed attempts at this same command with identical (or nearly so) errors. 

Owen


> On May 9, 2023, at 02:47, Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
>  CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
> 
>> On 09/05/2023 10:03, Rowland Penny via samba wrote:
>> 
>> 
>>> On 09/05/2023 09:21, Andrew Bartlett wrote:
>>> On Tue, 2023-05-09 at 08:24 +0100, Rowland Penny via samba wrote:
>>>> 
>>>> Several things here, first is, I know it works on arm64, because I
>>>> run
>>>> 
>>>> my DC's on arm64.
>>>> 
>>>> 
>>>> 
>>>> Next, you are going to have to use Administrator to join the DC, a
>>>> 
>>>> normal user doesn't work.
>>>> 
>>>> 
>>>> 
>>>> Why is 'krbtgt' called 'krbtgt_14279' and then why is it being
>>>> renamed
>>>> 
>>>> to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever happen
>>>> before.
>>> 
>>> This looks like joining as an RODC, which wasn't what the command
>>> showed. Odd.
>>> 
>>> Andrew Bartlett
>>> 
>> 
>> Which would explain why I do not remember seeing anything like that, I
>> have never set up an RODC.
>> 
>> Still think we need more info.
>> 
>> Rowland
>> 
> 
> After a quick read of the code, it looks like the code that is renaming
> 'krbtgt' should only be run if 'krbtgt_dn' exists in 'ctx', which looks
> like it should only happen when joining an RODC.
> My only thoughts are, has the OP provisioned a new DC and is now trying
> to 'join' this to an existing AD domain ?
> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba