James-Arthur Eaton Gonzalez
2013-Apr-28 09:57 UTC
[Samba] Joining samba4 as a DC to Windows Server 2012 active directory
Hello all,
I am attempting to join samba4 to my current domain which is controlled by
a Windows 2012 Active Directory Server. When following the instructions on
the official WIKI:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
I am able to do a kinit administrator, which then gives me a ticket which I
can see via klist.
The problem is that once I run the command:
# bin/samba-tool domain join samba.example.com DC -Uadministrator
--realm=samba.example.com
It does not work. I get the following error:
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
Could this be because of the version of AD? I can't find much
around compatibility of this version of Windows. Any help is greatly
appreciated.
Here is the full debug:
1. ./samba-tool domain join example.com DC -Uadministrator --realm
example.com
2. Finding a writeable DC for domain 'example.com'
3. Found DC dc01.example.com
4. Password for [WORKGROUP\administrator]:
5. workgroup is EXAMPLE
6. realm is example.com
7. checking sAMAccountName
8. Deleted CN=DC02,CN=Computers,DC=example,DC=com
9. Adding CN=DC02,OU=Domain Controllers,DC=example,DC=com
10. Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
11. Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
12. DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info
(8567,
'WERR_DS_INCOMPATIBLE_VERSION')
13. Join failed - cleaning up
14. checking sAMAccountName
15. Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=com
16. Deleted
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
17. ERROR(runtime): uncaught exception - DsAddEntry failed
18. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
19. return self.run(*args, **kwargs)
20. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
21. machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
22. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1104,
in join_DC
23. ctx.do_join()
24. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1007,
in do_join
25. ctx.join_add_objects()
26. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 525,
in join_add_objects
27. ctx.join_add_ntdsdsa()
28. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 458,
in join_add_ntdsdsa
29. ctx.DsAddEntry([rec])
30. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 421,
in DsAddEntry
31. raise RuntimeError("DsAddEntry failed")
Matthieu Patou
2013-Apr-30 04:36 UTC
[Samba] Joining samba4 as a DC to Windows Server 2012 active directory
On 04/28/2013 02:57 AM, James-Arthur Eaton Gonzalez wrote:> Hello all, > > I am attempting to join samba4 to my current domain which is controlled by > a Windows 2012 Active Directory Server. When following the instructions on > the official WIKI: > > http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC > > I am able to do a kinit administrator, which then gives me a ticket which I > can see via klist. > > The problem is that once I run the command: > > > # bin/samba-tool domain join samba.example.com DC -Uadministrator > --realm=samba.example.com > > > It does not work. I get the following error: > DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, > 'WERR_DS_INCOMPATIBLE_VERSION') > > Could this be because of the version of AD? I can't find much > around compatibility of this version of Windows. Any help is greatly > appreciated.What is the level of your forest and domain, I suspect that you have a 2012 Forest and Domain level. For the moment we don't support this and we still have a schema issue with 2012 so you'd better off not using 2012. Matthieu. -- Matthieu Patou Samba Team http://samba.org
Max Luehrig
2015-Feb-03 09:13 UTC
[Samba] Joining samba4 as a DC to Windows Server 2012 active directory
Matthieu Patou <mat <at> samba.org> writes:> > On 04/28/2013 02:57 AM, James-Arthur Eaton Gonzalez wrote: > > Hello all, > > > > I am attempting to join samba4 to my current domain which is controlled by > > a Windows 2012 Active Directory Server. When following the instructions on > > the official WIKI: > > > > http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC > > > > I am able to do a kinit administrator, which then gives me a ticket which I > > can see via klist. > > > > The problem is that once I run the command: > > > > > > # bin/samba-tool domain join samba.example.com DC -Uadministrator > > --realm=samba.example.com > > > > > > It does not work. I get the following error: > > DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, > > 'WERR_DS_INCOMPATIBLE_VERSION') > > > > Could this be because of the version of AD? I can't find much > > around compatibility of this version of Windows. Any help is greatly > > appreciated. > What is the level of your forest and domain, I suspect that you have a > 2012 Forest and Domain level. > > For the moment we don't support this and we still have a schema issue > with 2012 so you'd better off not using 2012. > > Matthieu. >Hi Matthieu, I will warm up this story again. We are using Windows 2012 R2 Domain Controller with AD level 2008 R2. samba-tool domain join STX.CORP DC -UAdministrator --realm=STX.CORP Finding a writeable DC for domain 'STX.CORP' Found DC MAINFRAME.stx.corp Password for [STX\Administrator]: workgroup is STX realm is stx.corp checking sAMAccountName Adding CN=DC02,OU=Domain Controllers,DC=stx,DC=corp Adding CN=DC02,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=stx,DC=corp Adding CN=NTDS Settings,CN=DC02,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=st x,DC=corp DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8612, 'WERR_DS_DOM AIN_RENAME_IN_PROGRESS') Join failed - cleaning up checking sAMAccountName Deleted CN=DC02,OU=Domain Controllers,DC=stx,DC=corp Deleted CN=DC02,CN=Servers,CN=HQ,CN=Sites,CN=Configuration,DC=stx,DC=corp ERROR(runtime): uncaught exception - DsAddEntry failed File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 555, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1172, in join_DC ctx.do_join() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1075, in do_join ctx.join_add_objects() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 541, in join_add _objects ctx.join_add_ntdsdsa() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 474, in join_add _ntdsdsa ctx.DsAddEntry([rec]) File "/usr/lib64/python2.7/site-packages/samba/join.py", line 437, in DsAddEnt ry raise RuntimeError("DsAddEntry failed") Anything that I can do for you to analyze the issue? We are running CentOS 7 with latest Sernet Samba package (Version 4.1.16-SerNet-RedHat-10.el7). Many thanks, Max
Reasonably Related Threads
- Joining samba4 as a DC to Windows Server 2012 active directory
- Joining samba4 as a DC to Windows Server 2012 active directory
- Unable to Join the Active Directory as a Domain Controller
- Linux/Windows Domain Controller
- Samba 4.1 supports to join Windows 2012 server as a secondary DC?