[Samba] Samba Join error: WERR_DS_ADD_REPLICA_INHIBITED
Rowland Penny
rpenny at samba.org
Tue Jun 17 20:26:52 UTC 2025
On Tue, 17 Jun 2025 17:04:15 -0300
Nicolás Hermida via samba <samba at lists.samba.org> wrote:
> Hi everyone.
>
> We have an Active Directory environment with a WS 2008 R2 functional
> level. There are two Windows Server, one is a 2008 R2 and the other a
> 2016. We started the
> task of migrating these servers to Samba. We prepared a virtual
> machine with Debian 12 and Samba 4.17.12.
>
> The actual replication is based on DFS-R. As we intend there is no
> rollback for this, but there is a workaround with robocopy.
>
> So we have:
> SERVER1: Windows Server 2008 R2 Domain Controller (owner of the FSMO
> roles) SERVER2: Windows Server 2016 Domain Controller
> SERVER3: Debian 12 with Samba 4.17.12
>
> When we try to make the join of the SERVER3 (Debian) we get this
> error: WERR_DS_ADD_REPLICA_INHIBITED
> At the end I paste the full output of the join process for your
> review.
>
> We have found in older posts that an option is to compile and use an
> older version of Samba 4.7. As this post said this version do not
> make some checks and could bypass this
> "WERR_DS_ADD_REPLICA_INHIBITED" error, but it may carry other ones.
>
> Any idea how we can solve this Debian Samba Join issue?
>
Never had this problem, but then again I do not use Windows DCs, but I
wonder if your problem isn't that your Samba isn't old enough, it isn't
new enough.
Read this:
https://wiki.samba.org/index.php/Samba_4.20_Features_added/changed#AD_DC_support_for_Authentication_Silos_and_Authentication_Policies
Then try again with Samba from bookworm-backports, this will get you
4.22.2
Rowland
More information about the samba
mailing list