[Samba] Can't join new samba dc to existing dc
fransnicho
fransnicho at gmail.com
Fri Aug 16 17:19:45 UTC 2024
Pada Jum, 16 Agu 2024 pukul 23.50 fransnicho <fransnicho at gmail.com> menulis:
> Pada Jum, 16 Agu 2024 pukul 14.56 Rowland Penny via samba <
> samba at lists.samba.org> menulis:
>
>> On Fri, 16 Aug 2024 14:02:42 +0700
>> fransnicho via samba <samba at lists.samba.org> wrote:
>>
>> >
>> > DC6 is my new samba DC that can't join to exsiting AD DC (DC4).
>> > DC3 is the old DC that no longer exist.
>> > I can't find any reference or anything contains to DC6 in my AD but
>> > I able to find a reference about DC3 (my old AD) that no longer exist
>> > in my AD. Should I remove the old DC3 references ?
>> >
>> > /var/log/samba/log.samba
>> > [2024/08/16 09:40:31.399346, 0]
>> >
>> ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
>> > ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
>> > CN=NTDS
>> >
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> > - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
>> >
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
>> > does not exist in the specified objectclasses! [2024/08/16
>> > 09:40:31.399744, 0]
>> >
>> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
>> > ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
>> > WERR_DS_INTERNAL_FAILURE [2024/08/16 10:05:14.013306, 0]
>> >
>> ../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
>> > ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
>> > CN=NTDS
>> >
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> > - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
>> >
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
>> > does not exist in the specified objectclasses! [2024/08/16
>> > 10:05:14.013861, 0]
>> >
>> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
>> > ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
>> > WERR_DS_INTERNAL_FAILURE [2024/08/16 10:23:24.851791, 1]
>> > ../../source4/kdc/db-glue.c:3476(samba_kdc_check_s4u2proxy_rbcd)
>> >
>> > regarding attribute 'hasMasterNCs', how to add it ?
>> >
>> > Best Regards,
>> > Nicho.
>> >
>> >
>>
>> You never actually said what your new DC was called (though I should have
>> been able to work it out) and your join error message is this:
>>
>> Failed add of CN=NTDS
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
>> - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
>> does not exist in the specified objectclasses!
>>
>> What that appears to be saying is:
>>
>> When it tried to add 'CN=NTDS
>> Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
>> with the 'hasMasterNCs' attribute, that attribute wasn't valid because it
>> didn't have the required objectclass, which is a bit of a mystery.
>>
>> If I check one of my DCs using:
>> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b
>> 'CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>>
>> I get this (cropped) output:
>>
>> dn: CN=NTDS
>> Settings,CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
>> objectClass: top
>> objectClass: applicationSettings
>> objectClass: nTDSDSA
>> cn: NTDS Settings
>> ...............
>> hasMasterNCs: CN=Configuration,DC=samdom,DC=example,DC=com
>> hasMasterNCs: DC=samdom,DC=example,DC=com
>> hasMasterNCs: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
>> ............................
>>
>> if you check the schema, you will find that the objectclass nTDSDSA may
>> contain 'hasMasterNCs'.
>> On the face of it, it appears, for some reason, that DN is being created
>> without the nTDSDSA objectclass, but with the hasMasterNCs attribute, this
>> isn't being allowed, so the join fails.
>>
>> What OS are you using ?
>>
>> Where have you got the Samba packages from ?
>>
>> Have you installed all the Samba packages ?
>>
>> When the domain was first provisioned, was it as a Samba AD domain, or
>> was it originally a Microsoft one and if it was a Microsoft one,which
>> version.
>>
>> Rowland
>>
> Hi Rowland,
Thanks for your response 🙏
it at dc4:~$ sudo ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P
-b
'CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
# record 1
dn: CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
objectClass: top
objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
instanceType: 4
whenCreated: 20220305075453.0Z
uSNCreated: 1691
dMDLocation: CN=Schema,CN=Configuration,DC=nicho,DC=com
invocationId: dcc0e472-7296-4ec1-9a75-5d35fc4b2de6
showInAdvancedViewOnly: TRUE
name: NTDS Settings
objectGUID: 831af773-d0ef-49eb-9415-1840b61c889e
options: 1
systemFlags: 33554432
objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=nicho,DC=com
msDS-Behavior-Version: 4
hasMasterNCs: CN=Configuration,DC=nicho,DC=com
hasMasterNCs: DC=nicho,DC=com
hasMasterNCs: CN=Schema,CN=Configuration,DC=nicho,DC=com
whenChanged: 20220305075458.0Z
msDS-HasDomainNCs: DC=nicho,DC=com
msDS-hasMasterNCs: CN=Configuration,DC=nicho,DC=com
msDS-hasMasterNCs: DC=DomainDnsZones,DC=nicho,DC=com
msDS-hasMasterNCs: DC=nicho,DC=com
msDS-hasMasterNCs: CN=Schema,CN=Configuration,DC=nicho,DC=com
msDS-hasMasterNCs: DC=ForestDnsZones,DC=nicho,DC=com
uSNChanged: 2764
distinguishedName: CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Na
me,CN=Sites,CN=Configuration,DC=nicho,DC=com
# record 2
dn:
CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
objectClass: top
objectClass: server
cn: DC4
instanceType: 4
whenCreated: 20220305075453.0Z
uSNCreated: 1690
showInAdvancedViewOnly: TRUE
name: DC4
objectGUID: 56719993-5d53-4c55-94d2-df82b3937fbe
systemFlags: 1375731712
dNSHostName: dc4.nicho.com
objectCategory: CN=Server,CN=Schema,CN=Configuration,DC=nicho,DC=com
serverReference: CN=DC4,OU=Domain Controllers,DC=nicho,DC=com
whenChanged: 20220305075458.0Z
uSNChanged: 2774
distinguishedName:
CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
nfiguration,DC=nicho,DC=com
# returned 2 records
# 2 entries
# 0 referrals
Please find my answers below :
What OS are you using ?
Ubuntu 20.04.5 LTS
Where have you got the Samba packages from ?
Originally was samba package for ubuntu 20.04 then i upgrade to samba
4.19.5
Have you installed all the Samba packages ?
Yes
When the domain was first provisioned, was it as a Samba AD domain, or
was it originally a Microsoft one and if it was a Microsoft one,which
version.
The domain was first provisioned originally Windows 2003 R2.
Is something wrong with my schema ?
Best Regards,
Nicho.
More information about the samba
mailing list