[Samba] Error when joining new DC
Peter Mittermayer
samba.lists at outlook.com
Wed Dec 11 16:46:37 UTC 2024
Hi,
To rule out any issues with cryptographic libraries I have tried to join only after setting 'update-crypto-policies --set DEFAULT:AD-SUPPORT-LEGACY' and as this did not make a difference 'update-crypto-policies --set LEGACY' each followed by a reboot. So I don't think it is related to that.
As the error is
...
Could not find machine account in secrets database: Failed to fetch machine account password for SUB from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SUB)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:5731) and from /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
...
I ran ldbsearch manually of secrets.ldb. On the new DC the file exists with same size as on the existing DCs but it is missing this record whereas on the other DCs it is found with 'samAccountName: MDC02$' and 'samAccountName: MDC01$' respectively. It looks like this is only added during the join procedure. Why wasn't it added and the new MDC03?
secrets.tdb is completely empty:
Number of records: 0
Whereas on the other DCs I have 8 records each.
Is the secrets LDB & TDB also replicated during the join or is it generated locally from other data? Why wasn't it replicated correctly?
Thanks
________________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Peter Mittermayer via samba <samba at lists.samba.org>
Sent: Monday, December 9, 2024 9:40 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Error when joining new DC
Yes. FIPS mode is disabled: The OS installation was done without enabling it.
[root at mdc02 samba]# fips-mode-setup --check
Installation of FIPS modules is not completed.
FIPS mode is disabled.
Anything else to check? Basically, I followed the instructions in the Wiki to build and install Samba.
Peter
More information about the samba
mailing list