[Samba] Can't join new samba dc to existing dc

fransnicho fransnicho at gmail.com
Fri Aug 16 07:02:42 UTC 2024


On 16/08/2024 13:02, Rowland Penny via samba wrote:
> On Fri, 16 Aug 2024 10:30:29 +0700
> fransnicho via samba <samba at lists.samba.org> wrote:
>
>> Pada Kam, 15 Agu 2024 pukul 23.49 Rowland Penny via samba <
>> samba at lists.samba.org> menulis:
>>
>>> On Thu, 15 Aug 2024 23:19:29 +0700
>>> fransnicho via samba <samba at lists.samba.org> wrote:
>>>
>>>> On Thu, Aug 15, 2024, 10:35 fransnicho <fransnicho at gmail.com>
>>>> wrote:
>>>>
>>>>> Pada Rab, 14 Agu 2024 pukul 23.21 Rowland Penny via samba <
>>>>> samba at lists.samba.org> menulis:
>>>>>
>>>>>> On Wed, 14 Aug 2024 16:58:12 +0700
>>>>>> fransnicho via samba <samba at lists.samba.org> wrote:
>>>>>>
>>>>>>> I can not join an additional new samba dc ver. 4.19.5 to an
>>>>>>> existing samba Ad version 4.19.5 functional level 2008 R2.
>>>>>>>
>>>>>>> Last week I successfully demote an offline dc3 and move the
>>>>>>> fsmo role
>>>>>>> /var/log/samba/log.samba
>>>>>>>
>>>>>>>
>>>>>>> 16:34:51.368927,  0]
>>>>>>>
>>> ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
>>>>>>> ../../source4/dsdb/repl/replicated_objects.c:1244: Failed
>>>>>>> add of CN=NTDS
>>>>>>>
>>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>>>>>>> - objectclass_attrs: attribute 'hasMasterNCs' on entry
>>>>>>> 'CN=NTDS
>>>>>>>
>>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
>>>>>>> does not exist in the specified objectclasses!
>>>>>>> [2024/08/14 16:34:51.369239,  0]
>>>>>>>
>>> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
>>>>>>>    ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry
>>>>>>> failed - WERR_DS_INTERNAL_FAILURE
>>>>>> Have you checked your database with 'samba-tool dbcheck' ?
>>>>>> Does 'DC6' exist ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>
>>>>> Hi Rowland,
>>>>> Thanks for your response 🙏
>>>>> DC6 exist in many deleted objects, when i run below command :
>>>>>
>>>>> it at dc4:~$ sudo samba-tool dbcheck -v
>>>>> Checking 973 objects
>>>>> Checking object
>>>>> CN=DC6\0ADEL:7eec18e3-7f3f-49cc-86bc-8bc08b651bcb,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>> Checking object
>>>>> CN=DC6\0ADEL:51476d30-2626-4169-97a8-4c240e934c2b,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>> Checking object
>>>>> CN=DC6\0ADEL:54a0a479-a462-4ed1-b4f0-221c596aa455,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>> Checking object
>>>>> CN=DC6\0ADEL:26516d46-8b40-4837-a112-e2638268a8b5,CN=Deleted
>>>>> Objects,DC=nicho,DC=com
>>>>>
>>>>> Best Regards,
>>>>> Nicho.
>>>>>
>>>>>
>>>> Hi Rowland,
>>>> Is there anything wrong with my database ?
>>>> I'm really2 stuck with the error. Please help..
>>>>
>>>> Best Regards,
>>>>
>>> The records that contain '0ADEL' are tombstone records, so you could
>>> use samba-tool to remove them, see:
>>> samba-tool domain tombstones expunge --help
>>> for more info
>>>
>>> ONLY ATTEMPT THE FOLLOWING IF YOU HAVE A GOOD BACKUP!
>>> However, your join seems to be failing because the attribute
>>> 'hasMasterNCs' doesn't have its objectclass in CN=NTDS
>>>
>>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
>>> but you say that DC6 no longer exists, so to me, it looks like that
>>> DN needs removing, followed by any referrences to 'DC6' there may
>>> be in your AD.
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>> Hi Rowland,
>> Thanks for your response 🙏
>>
>> Can I rebuild: CN=NTDS
>> Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> ?
>> Is it safe to remove: CN=NTDS
>> Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> ?
> Your problem isn't with:
>
> CN=NTDS Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>
> it is with:
>
> CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>
> and you say that 'DC6' no longer exists.
>
> You need to remove:
>
> CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>
> and anything it contains, but only attempt this if you have a good
> backup.
>
> You also need to find and remove any reference to 'DC6' there may be in
> your AD.
>
> Rowland

Hi Rowland,
Thanks for your response 🙏

DC6 is my new samba DC that can't join to exsiting AD DC (DC4).
DC3 is the old DC that no longer exist.
I can't find any reference or anything contains to DC6 in my AD but
I able to find a reference about DC3 (my old AD) that no longer exist in my AD.
Should I remove the old DC3 references ?

/var/log/samba/log.samba
[2024/08/16 09:40:31.399346,  0] ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
   ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com' does not exist in the specified objectclasses!
[2024/08/16 09:40:31.399744,  0] ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
   ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed - WERR_DS_INTERNAL_FAILURE
[2024/08/16 10:05:14.013306,  0] ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
   ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com' does not exist in the specified objectclasses!
[2024/08/16 10:05:14.013861,  0] ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
   ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed - WERR_DS_INTERNAL_FAILURE
[2024/08/16 10:23:24.851791,  1] ../../source4/kdc/db-glue.c:3476(samba_kdc_check_s4u2proxy_rbcd)

regarding attribute 'hasMasterNCs', how to add it ?

Best Regards,
Nicho.




More information about the samba mailing list