[Samba] Failed to fetch machine account password for MYDOMAIN from both secrets.ldb

Rowland Penny rpenny at samba.org
Fri Jun 21 11:01:25 UTC 2024 

On Fri, 21 Jun 2024 11:45:23 +0100
Luis Peromarta via samba <samba at lists.samba.org> wrote:

> Guys,
> 
> While trying to join a DC to a old domain, I am getting this:
> 
> Replicated 91 objects (338 linked attributes) for DC=mydomain,DC=int
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for MYDOMAIN from both secrets.ldb (Could
> not find entry to match filter:
> '(&(flatname=MYDOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary
> Domains': No such object: dsdb_search at
> ../source4/dsdb/common/util.c:4575) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> ERROR(runtime): uncaught exception - (8442,
> 'WERR_DS_DRA_INTERNAL_ERROR') File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run return self.run(*args, **kwargs) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652,
> in run machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend) File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in
> join_DC ctx.do_join() File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 1153, in
> do_join ctx.join_replicate() File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 907, in
> join_replicate replica_flags=ctx.replica_flags) File
> "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 254, in
> replicate (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
> req_level, req) Adding CN=DEBIAN-9,OU=Domain
> Controllers,DC=mydomain,DC=int Adding
> CN=DEBIAN-9,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=mydomain,DC=int
> Adding CN=NTDS
> Settings,CN=DEBIAN-9,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=mydomain,DC=int
> Adding SPNs to CN=DEBIAN-9,OU=Domain Controllers,DC=mydomain,DC=int
> Setting account password for DEBIAN-9$ Enabling account Calling bare
> provision Provision OK for domain DN DC=aresbarcelona,DC=lan 

Up until here it was 'DC=mydomain,DC=int', then it becomes something
different, bad sanitisation ?

>Starting
> replication Replicating critical objects from the base DN of the
> domain Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=aresbarcelona,DC=lan Join failed -
> cleaning up Deleted CN=DEBIAN-9,OU=Domain
> Controllers,DC=mydomain,DC=int Deleted CN=NTDS
> Settings,CN=DEBIAN-9,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=mydomain,DC=int
> Deleted
> CN=DEBIAN-9,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=mydomain,DC=int
> 
> 
> Would anyone have a clue of what this can mean ? Machine account for
> “MYDOMAIN” ? Is this why the join fails ?
> 
> 
> I have seen this before
> 
> https://lists.samba.org/archive/samba/2020-February/228367.html

If you track back a bit in your link, the error turned out to be an
extra, invalid zone, have you checked for this ?

Rowland

More information about the samba mailing list