[Samba] Issues joining DC

Rowland Penny rpenny at samba.org
Sun Jun 16 16:50:37 UTC 2024 

On Sun, 16 Jun 2024 17:52:26 +0200
Josep Maria Gorro via samba <samba at lists.samba.org> wrote:

> Hello Rowland
> 
> You're right. This has been my mistake to have only one DC on the 
> network. But I thought that better way to have Samba was using source 
> and compiling. Now I know that using Debian is the natural way to do
> it. I'm waiting for 2 commercial supports quotations to solve this
> situation and avoid to start up with a new domain.
> In the mean time I'm still searching for information that could be 
> useful to "recover" the domain.
> 
> I've launched a dcdiag test against the AD server and this has been
> the part of the result that I think is the most important one (sorry
> but is in spanish)
> 
>         Ejecutando pruebas de partición en: DomainDnsZones
>            Iniciando prueba: CheckSDRefDom
>                  A la partición del directorio de la aplicación
>     DC=DomainDnsZones,DC=domainname,DC=lan le falta un dominio de
>                  referencia del descriptor de seguridad. El
>     administrador debe
>                  establecer el atributo DS-SD-Reference-Domain del
>     objeto de la
>                  referencia cruzada
>     CN=65a4ea8a-bd7a-4702-9937-786e1062cce1,CN=Partitions,CN=Configuration,DC=domainname,DC=lan
>                  en el DN de un dominio.
>     ......................... DomainDnsZones no superó la prueba
>               CheckSDRefDom
>            Iniciando prueba: CrossRefValidation
>     ......................... DomainDnsZones superó la prueba
>               CrossRefValidation
> 
>         Ejecutando pruebas de partición en: ForestDnsZones
>            Iniciando prueba: CheckSDRefDom
>                  A la partición del directorio de la aplicación
>     DC=ForestDnsZones,DC=domainname,DC=lan le falta un dominio de
>                  referencia del descriptor de seguridad. El
>     administrador debe
>                  establecer el atributo DS-SD-Reference-Domain del
>     objeto de la
>                  referencia cruzada
>     CN=3c813d55-5f95-4a78-aa07-65fe675abe7d,CN=Partitions,CN=Configuration,DC=domainname,DC=lan
>                  en el DN de un dominio.
> 
> So I started to search again and I can find this article.
> https://bugzilla.samba.org/show_bug.cgi?id=14234
> It is really similar as on my situation because I have also a w2012 
> server enrolled but in my case only as member.
> 
> Do you think that create missing objects could fix the issue and
> allows me to integrate another DC to the domain?
> 

It isn't going to hurt and is something that could be removed if it
causes further problems.

It seems that it is something that Windows requires but Samba doesn't.

Rowland

More information about the samba mailing list