[Samba] LDAP error 53 LDAP_UNWILLING_TO_PERFORM

Rowland Penny rpenny at samba.org
Tue May 28 11:25:14 UTC 2024 

On Tue, 28 May 2024 12:22:23 +0300
Omnis ludis - games <sergey.gortinsc17 at gmail.com> wrote:

> the CENTOS 7 operating system is used

OK, but where did you get the Samba packages from, by default, Centos,
like RHEL cannot be provisioned or joined as a DC.

> the command to enter is as follows: samba-tool domain join
> admugra.local DC -U Administrator --dns-backend=BIND9_DLZ

Using '.local' is not recommended or supported.

> --realm=ADMUGRA.LOCAL 
> --backend-store=mdb 

Don't change the backend, it isn't required.

> --option="ad dc functional
> level = 2016" --server=dc1.admugra.local -d 10
> version exactly 4.19

Sorry, but no it isn't, it will be in the format 4.19.x where 'x' is a
number between (at present) 0 and 6

> join to DC not RODC

That is what I cannot understand, your error is this:

ERROR(ldb): uncaught exception - LDAP error 53
LDAP_UNWILLING_TO_PERFORM - <00002010: SvcErr: DSID-031A124C, problem
5003 (WILL_NOT_PERFORM), data 0> <> File "samba/netcmd/__init__.py",
line 279, in samba.netcmd.Command._run File
"samba/netcmd/domain/join.py", line 130, in
samba.netcmd.domain.join.cmd_domain_join.run File "samba/join.py", line
1683, in samba.join.join_DC File "samba/join.py", line 1590, in
samba.join.DCJoinContext.do_join File "samba/join.py", line 1563, in
samba.join.DCJoinContext.do_join File "samba/join.py",
logger.info("Joined domain %s (SID %s) as an RODC" % (ctx.domain_name,
ctx.domsid))line 649, in samba.join.DCJoinContext.join_add_objects
Adding CN=DCRED,OU=Domain Controllers,DC=domain,DC=local

The last of the 'File' lines is where the error actually occurs and
each one of the 'File' lines calls the next.
If you download the 4.19.0 tarball and go to python/samba/join.py then
to line 649, you will find that it is actually a blank line, but line
651 is: print("Adding %s" % ctx.server_dn), which is the last line of
your error.
Line 649 is part of join_add_objects
The line above it in the error is line 1563, which is DCJoinContext and
this calls 'ctx.do_join()', which, if it succeeds, runs the next line:

logger.info("Joined domain %s (SID %s) as an RODC" % (ctx.domain_name,
 ctx.domsid))

So I come back to my original question, where did you get your Samba
packages from ?
You seem to running the command to join as a DC, but it seems to end up
trying join as an RODC, unless I am missing something somewhere.

Rowland

More information about the samba mailing list