[Samba] Can't join new samba dc to existing dc

Rowland Penny rpenny at samba.org
Fri Aug 16 07:55:11 UTC 2024


On Fri, 16 Aug 2024 14:02:42 +0700
fransnicho via samba <samba at lists.samba.org> wrote:

> 
> DC6 is my new samba DC that can't join to exsiting AD DC (DC4).
> DC3 is the old DC that no longer exist.
> I can't find any reference or anything contains to DC6 in my AD but
> I able to find a reference about DC3 (my old AD) that no longer exist
> in my AD. Should I remove the old DC3 references ?
> 
> /var/log/samba/log.samba
> [2024/08/16 09:40:31.399346,  0]
> ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> CN=NTDS
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> does not exist in the specified objectclasses! [2024/08/16
> 09:40:31.399744,  0]
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
> WERR_DS_INTERNAL_FAILURE [2024/08/16 10:05:14.013306,  0]
> ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> CN=NTDS
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> does not exist in the specified objectclasses! [2024/08/16
> 10:05:14.013861,  0]
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
> WERR_DS_INTERNAL_FAILURE [2024/08/16 10:23:24.851791,  1]
> ../../source4/kdc/db-glue.c:3476(samba_kdc_check_s4u2proxy_rbcd)
> 
> regarding attribute 'hasMasterNCs', how to add it ?
> 
> Best Regards,
> Nicho.
> 
> 

You never actually said what your new DC was called (though I should have been able to work it out) and your join error message is this:

Failed add of CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
- objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com' does not exist in the specified objectclasses!

What that appears to be saying is:

When it tried to add 'CN=NTDS Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com', with the 'hasMasterNCs' attribute, that attribute wasn't valid because it didn't have the required objectclass, which is a bit of a mystery.

If I check one of my DCs using:
ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b 'CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'

I get this (cropped) output:

dn: CN=NTDS Settings,CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
...............
hasMasterNCs: CN=Configuration,DC=samdom,DC=example,DC=com
hasMasterNCs: DC=samdom,DC=example,DC=com
hasMasterNCs: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
............................

if you check the schema, you will find that the objectclass nTDSDSA may contain 'hasMasterNCs'.
On the face of it, it appears, for some reason, that DN is being created without the nTDSDSA objectclass, but with the hasMasterNCs attribute, this isn't being allowed, so the join fails.

What OS are you using ?

Where have you got the Samba packages from ?

Have you installed all the Samba packages ?

When the domain was first provisioned, was it as a Samba AD domain, or
was it originally a Microsoft one and if it was a Microsoft one,which
version.

Rowland




More information about the samba mailing list