[Samba] Users appears as SID instead of their own name.
Rowland Penny
rpenny at samba.org
Sat Jun 15 11:12:33 UTC 2024
On Sat, 15 Jun 2024 12:52:10 +0200
Josep Maria Gorro via samba <samba at lists.samba.org> wrote:
> Helo Rowland.
>
> I think I won't be able to thank you enough for everything you are
> doing for me.
>
> I've tried and seems to run fine. But finally it throws an error and
> performs a rollback for all changes on AD.
> This is the transcript for the messages.
>
> root at montsec:/usr/local/samba/etc# samba-tool domain join
> DOMAINNAME DC -U"administrator"
> INFO 2024-06-15 10:28:20,881 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #104:
> Finding a writeable DC for domain 'DOMAINNAME'
> INFO 2024-06-15 10:28:20,966 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #106:
> Found DC tibidabo.domainname.lan
> Password for [DOMAINNAME\administrator]:
> INFO 2024-06-15 10:28:33,460 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1605:
> workgroup is DOMAINNAME
> INFO 2024-06-15 10:28:33,460 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1608:
> realm is domainname.lan
> Adding CN=MONTSEC,OU=Domain Controllers,DC=domainname,DC=lan
> Adding
> CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
> Adding CN=NTDS
> Settings,CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
> Adding SPNs to CN=MONTSEC,OU=Domain
> Controllers,DC=domainname,DC=lan Setting account password for MONTSEC$
> Enabling account
> Calling bare provision
> INFO 2024-06-15 10:28:34,333 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2110: Looking up IPv4 addresses
> INFO 2024-06-15 10:28:34,333 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2127: Looking up IPv6 addresses
> WARNING 2024-06-15 10:28:34,334 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2134: No IPv6 address will be assigned
> INFO 2024-06-15 10:28:34,641 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2300: Setting up share.ldb
> INFO 2024-06-15 10:28:34,668 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2304: Setting up secrets.ldb
> INFO 2024-06-15 10:28:34,680 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2309: Setting up the registry
> INFO 2024-06-15 10:28:34,702 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2312: Setting up the privileges database
> INFO 2024-06-15 10:28:34,715 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2315: Setting up idmap db
> INFO 2024-06-15 10:28:34,725 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2322: Setting up SAM db
> INFO 2024-06-15 10:28:34,729 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #882: Setting up sam.ldb partitions and settings
> INFO 2024-06-15 10:28:34,730 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #894: Setting up sam.ldb rootDSE
> INFO 2024-06-15 10:28:34,732 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #1310: Pre-loading the Samba 4 and AD schema
> Unable to determine the DomainSID, can not enforce uniqueness
> constraint on local domainSIDs
>
> INFO 2024-06-15 10:28:34,767 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2412: A Kerberos configuration suitable for Samba AD has been
> generated at /usr/local/samba/private/krb5.conf
> INFO 2024-06-15 10:28:34,767 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
> #2414: Merge the contents of this file with your system krb5.conf
> or replace it with this one. Do not create a symlink!
> Provision OK for domain DN DC=domainname,DC=lan
> INFO 2024-06-15 10:28:34,769 pid:27560
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #964:
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
> objects[402/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
> objects[804/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
> objects[1206/1550] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
> objects[1550/1550] linked_values[0/0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=domainname,DC=lan] objects[402/1648]
> linked_values[0/1]
> Partition[CN=Configuration,DC=domainname,DC=lan] objects[804/1648]
> linked_values[0/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[1206/1648] linked_values[0/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[1608/1648] linked_values[0/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[1648/1648] linked_values[64/64]
> Failed to commit objects: WERR_DS_DRA_RECYCLED_TARGET
> Missing target object - retrying with DRS_GET_TGT
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[2050/1648] linked_values[64/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[2452/1648] linked_values[64/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[2854/1648] linked_values[64/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[3256/1648] linked_values[64/1]
> Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[3296/1648] linked_values[128/64]
> Replicating critical objects from the base DN of the domain
> Partition[DC=domainname,DC=lan] objects[97/97]
> linked_values[29/29] Partition[DC=domainname,DC=lan] objects[402/484]
> linked_values[0/290] Partition[DC=domainname,DC=lan] objects[484/484]
> linked_values[338/338] Done with always replicated NC (base, config,
> schema) Replicating DC=DomainDnsZones,DC=domainname,DC=lan
Where did your domain come from ?
Did it start as a Samba domain that you provisioned, or was it upgraded
from an early Microsoft domain ?
> Join failed - cleaning up
Anything after the above line is an artefact of the failure and can be
ignored.
>
> Regarding European support you're right. I'm waiting for a Sernet
> response. I sent them a mail requesting support.
>
You should be in good hands with Sernet, quite a few of the Samba team
are employed there.
Rowland
More information about the samba
mailing list