Matthew Delfino
2015-Nov-16 02:36 UTC
[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
Hello Colleagues and Mentors, I'm attempting to join a Samba AD DC that I compiled with samba 4.3.1 on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba on Ubuntu 14.04.3, but each of them is running Canonical's pre-compiled Samba package, v4.1.6. This already-existing domain has had it's schema updated to include Kerio Connect-specific schema (to support our mail server). When I run the following command as root: samba-tool domain join mydomain.lan DC -Uadministrator --realm=mydomain.lan --dns-backend=SAMBA_INTERNAL I see the following output: Finding a writeable DC for domain 'mydomain.lan' Found DC AC-DC10.mydomain.lan Password for [WORKGROUP\administrator]: workgroup is MYDOMAIN realm is mydomain.lan checking sAMAccountName Adding CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan Adding CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan Adding CN=NTDS Settings,CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan Adding SPNs to CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan Setting account password for AD-DC00$ Enabling account Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf Provision OK for domain DN DC=mydomain,DC=lan Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[402/1578] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[804/1578] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[1206/1578] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=lan] objects[1578/1578] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=mydomain,DC=lan] objects[402/1688] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=lan] objects[804/1688] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1206/1688] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1608/1688] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=lan] objects[1688/1688] linked_values[45/0] Replicating critical objects from the base DN of the domain Partition[DC=mydomain,DC=lan] objects[100/100] linked_values[34/0] Partition[DC=mydomain,DC=lan] objects[502/755] linked_values[0/0] No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan! Failed to apply records: replmd_replicated_apply_add: error during DRS repl ADD: No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan! : Object class violation Failed to commit objects: WERR_GENERAL_FAILURE Join failed - cleaning up checking sAMAccountName Deleted CN=AD-DC00,OU=Domain Controllers,DC=mydomain,DC=lan Deleted CN=NTDS Settings,CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan Deleted CN=AD-DC00,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=lan ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 621, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1183, in join_DC ctx.do_join() File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 1088, in do_join ctx.join_replicate() File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line 828, in join_replicate replica_flags=ctx.domain_replica_flags) File "/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py", line 257, in replicate schema=schema, req_level=req_level, req=req) It appears to me that this initial replication is choking here: No objectClass found in replPropertyMetaData for CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan! This makes me think something about my addition of specialized schema has triggered, or tripped on, a bug somewhere downstream. I searched for strings on the internet with similar warnings and found this conversation between Rowland Penny and Luke Bigum: https://lists.samba.org/archive/samba/2015-June/192516.html I'm wondering if I'm in a similar pickle. Could this be the bug I'm hitting? https://bugzilla.samba.org/show_bug.cgi?id=10973#c8 Any advice on how to get myself out of this, via work-arounds or whatever, would be greatly appreciated. Thank you in advance! Matthew ©2015 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
Andrew Bartlett
2015-Nov-16 08:53 UTC
[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
On Sun, 2015-11-15 at 20:36 -0600, Matthew Delfino wrote:> Hello Colleagues and Mentors, > > I'm attempting to join a Samba AD DC that I compiled with samba 4.3.1 > on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba on > Ubuntu 14.04.3, but each of them is running Canonical's pre-compiled > Samba package, v4.1.6.> It appears to me that this initial replication is choking here: > > No objectClass found in replPropertyMetaData for > CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan > ! > > This makes me think something about my addition of specialized schema > has triggered, or tripped on, a bug somewhere downstream. I searched > for strings on the internet with similar warnings and found this > conversation between Rowland Penny and Luke Bigum: > > https://lists.samba.org/archive/samba/2015-June/192516.html > > I'm wondering if I'm in a similar pickle. Could this be the bug I'm > hitting? > > https://bugzilla.samba.org/show_bug.cgi?id=10973#c8 > > Any advice on how to get myself out of this, via work-arounds or > whatever, would be greatly appreciated. Thank you in advance!Yes, this is the same issue. You need to upgrade to Samba 4.3 on the source DC, run dbcheck, fix the issues, and then you can join another DC to the domain. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Matthew Delfino
2015-Nov-16 13:12 UTC
[Samba] Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
On 2015.11.16, at 2:53 AM, Andrew Bartlett <abartlet at samba.org> wrote:> On Sun, 2015-11-15 at 20:36 -0600, Matthew Delfino wrote: >> Hello Colleagues and Mentors, >> >> I'm attempting to join a Samba AD DC that I compiled with samba 4.3.1 >> on Ubuntu 14.04.3 to a group of three AD DCs, also running Samba on >> Ubuntu 14.04.3, but each of them is running Canonical's pre-compiled >> Samba package, v4.1.6. > >> It appears to me that this initial replication is choking here: >> >> No objectClass found in replPropertyMetaData for >> CN=kerio_emailgroup,OU=Services,OU=Groups,OU=knock,DC=mydomain,DC=lan >> ! >> >> This makes me think something about my addition of specialized schema >> has triggered, or tripped on, a bug somewhere downstream. I searched >> for strings on the internet with similar warnings and found this >> conversation between Rowland Penny and Luke Bigum: >> >> https://lists.samba.org/archive/samba/2015-June/192516.html >> >> I'm wondering if I'm in a similar pickle. Could this be the bug I'm >> hitting? >> >> https://bugzilla.samba.org/show_bug.cgi?id=10973#c8 >> >> Any advice on how to get myself out of this, via work-arounds or >> whatever, would be greatly appreciated. Thank you in advance! > > Yes, this is the same issue. You need to upgrade to Samba 4.3 on the > source DC, run dbcheck, fix the issues, and then you can join another > DC to the domain. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/sambaI’m breathing a sigh of relief this morning in rainy Minneapolis because this is very encouraging to hear. Thank you! HOWEVER… this opens a door to another room I’ve never been in because I know the Debian/Ubuntu version of Samba 4.1.6 has been configured with some tweaks to install it differently (sbin and bin binaries installed into existing directories, conf file installed under /etc/samba/, etc.). How would an expert do this? Just apt-get remove samba and install the latest version from source? Any configure tweaks? Where would I move the existing databases and other files? What do I need to keep? What can I leave behind? I’m not expecting you to answer all of these questions, but perhaps you know of a helpful tutorial online? I can’t seem to find a good one… Matthew ©2015 KNOCK, inc. All rights reserved. KNOCK is a registered trademark of KNOCK, inc. This message and any attachments contain information, which is confidential and/or privileged. If you are not the intended recipient, please refrain from any disclosure, copying, distribution or use of this information. Please be aware that such actions are prohibited. If you have received this transmission in error, kindly notify the sender by e-mail. Your cooperation is appreciated.
Possibly Parallel Threads
- Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
- Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
- Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
- Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData
- Domain join failure - error during DRS repl ADD: No objectClass found in replPropertyMetaData