I cannot join two new VMs to my domain, I receive the following error on
both machines:
twerks at cbadc03:~$ kinit
Administrator
Password for Administrator at CB.CLIFFBELLS.COM:
itwerks at cbadc03:~$ klist -e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: Administrator at CB.CLIFFBELLS.COM
Valid starting Expires Service principal
03/21/2016 00:19:56 03/21/2016 10:19:56 krbtgt/
CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM
renew until 03/22/2016 00:19:41, Etype (skey, tkt):
aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join
cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM
--dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'cb.cliffbells.com'
Found DC filer.cb.cliffbells.com
Password for [WORKGROUP\administrator]:
workgroup is CB
realm is cb.cliffbells.com
checking sAMAccountName
Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -
<00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
objectSid in CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com -
../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in
CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com> <>
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line
621, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1183, in join_DC
ctx.do_join()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1086, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
536, in join_add_objects
ctx.samdb.add(rec)
itwerks at cbadc03:~$
Neither machine exists in ADUC on either of my current DCs. Neither
machine has any records in DNS. I ran ldbsearch and dumped it's output to
a text file, there are no references to either machine name in the file.
Please advise.
JS
Hi JS, Le 21/03/2016 05:26, IT Admin a écrit :> I cannot join two new VMs to my domain, I receive the following error on > both machines: > > twerks at cbadc03:~$ kinit > Administrator > Password for Administrator at CB.CLIFFBELLS.COM: > itwerks at cbadc03:~$ klist -e > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: Administrator at CB.CLIFFBELLS.COM > > Valid starting Expires Service principal > 03/21/2016 00:19:56 03/21/2016 10:19:56 krbtgt/ > CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM > renew until 03/22/2016 00:19:41, Etype (skey, tkt): > aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 > itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join > cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM > --dns-backend=SAMBA_INTERNAL > Finding a writeable DC for domain 'cb.cliffbells.com' > Found DC filer.cb.cliffbells.com > Password for [WORKGROUP\administrator]: > workgroup is CB > realm is cb.cliffbells.com > checking sAMAccountName > Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com > Join failed - cleaning up > checking sAMAccountNamehave you cleaned up the /usr/local/samba/private/ directory and /usr/local/samba/etc/smb.conf file before trying to rejoin the domain? HTH, Denis> ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - > <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index > objectSid in CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com - > ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in > CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com> <> > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line > 621, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 1183, in join_DC > ctx.do_join() > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 1086, in do_join > ctx.join_add_objects() > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 536, in join_add_objects > ctx.samdb.add(rec) > itwerks at cbadc03:~$ > > Neither machine exists in ADUC on either of my current DCs. Neither > machine has any records in DNS. I ran ldbsearch and dumped it's output to > a text file, there are no references to either machine name in the file. > > Please advise. > > JS >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil-it-systems.fr
Yes, I have:
itwerks at cbadc03:~$ sudo /etc/init.d/samba4 stop
[sudo] password for itwerks:
[ ok ] Stopping samba4 (via systemctl): samba4.service
itwerks at cbadc03:~$ sudo mkdir /usr/local/samba-backups/3.21.2016 &&
sudo mv
/usr/local/samba/private /usr/local/samba-backups/3.21.2016/
itwerks at cbadc03:~$ ls -la /usr/local/samba/etc/
total 8
drwxr-xr-x 2 root root 4096 Mar 17 06:17 .
drwxr-xr-x 9 root root 4096 Mar 21 13:23 ..
itwerks at cbadc03:~$ kinit
Administrator
Password for Administrator at CB.CLIFFBELLS.COM:
itwerks at cbadc03:~$ klist
-e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: Administrator at CB.CLIFFBELLS.COM
Valid starting Expires Service principal
03/21/2016 13:24:37 03/21/2016 23:24:37 krbtgt/
CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM
renew until 03/22/2016 13:24:25, Etype (skey, tkt):
aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join
cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM
--dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'cb.cliffbells.com'
Found DC filer.cb.cliffbells.com
Password for [WORKGROUP\administrator]:
workgroup is CB
realm is cb.cliffbells.com
checking sAMAccountName
Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -
<00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
objectSid in CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com -
../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in
CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com> <>
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line
621, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1183, in join_DC
ctx.do_join()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1086, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
536, in join_add_objects
ctx.samdb.add(rec)
itwerks at cbadc03:~$
Both cbadc02 and cbadc03 exhibit this behavior.
JS
On Mar 21, 2016 10:16 AM, "Denis Cardon" <
denis.cardon at tranquil-it-systems.fr> wrote:
> Hi JS,
>
> Le 21/03/2016 05:26, IT Admin a écrit :
>
>> I cannot join two new VMs to my domain, I receive the following error
on
>> both machines:
>>
>> twerks at cbadc03:~$ kinit
>> Administrator
>> Password for Administrator at CB.CLIFFBELLS.COM:
>> itwerks at cbadc03:~$ klist -e
>> Ticket cache: FILE:/tmp/krb5cc_1000
>> Default principal: Administrator at CB.CLIFFBELLS.COM
>>
>> Valid starting Expires Service principal
>> 03/21/2016 00:19:56 03/21/2016 10:19:56 krbtgt/
>> CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM
>> renew until 03/22/2016 00:19:41, Etype (skey, tkt):
>> aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
>> itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join
>> cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM
>> --dns-backend=SAMBA_INTERNAL
>> Finding a writeable DC for domain 'cb.cliffbells.com'
>> Found DC filer.cb.cliffbells.com
>> Password for [WORKGROUP\administrator]:
>> workgroup is CB
>> realm is cb.cliffbells.com
>> checking sAMAccountName
>> Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>> Join failed - cleaning up
>> checking sAMAccountName
>>
>
>
> have you cleaned up the /usr/local/samba/private/ directory and
> /usr/local/samba/etc/smb.conf file before trying to rejoin the domain?
>
> HTH,
>
> Denis
>
> ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -
>> <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
>> objectSid in CN=CBADC03,OU=Domain
Controllers,DC=cb,DC=cliffbells,DC=com -
>> ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on
objectSid
>> in
>> CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com>
<>
>> File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>> return self.run(*args, **kwargs)
>> File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>> line
>> 621, in run
>> machinepass=machinepass, use_ntvfs=use_ntvfs,
>> dns_backend=dns_backend)
>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 1183, in join_DC
>> ctx.do_join()
>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 1086, in do_join
>> ctx.join_add_objects()
>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 536, in join_add_objects
>> ctx.samdb.add(rec)
>> itwerks at cbadc03:~$
>>
>> Neither machine exists in ADUC on either of my current DCs. Neither
>> machine has any records in DNS. I ran ldbsearch and dumped it's
output to
>> a text file, there are no references to either machine name in the
file.
>>
>> Please advise.
>>
>> JS
>>
>>
> --
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint Sébastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil-it-systems.fr
>
>
On 21/03/16 04:26, IT Admin wrote:> I cannot join two new VMs to my domain, I receive the following error on > both machines: > > twerks at cbadc03:~$ kinit > Administrator > Password for Administrator at CB.CLIFFBELLS.COM: > itwerks at cbadc03:~$ klist -e > Ticket cache: FILE:/tmp/krb5cc_1000 > Default principal: Administrator at CB.CLIFFBELLS.COM > > Valid starting Expires Service principal > 03/21/2016 00:19:56 03/21/2016 10:19:56 krbtgt/ > CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM > renew until 03/22/2016 00:19:41, Etype (skey, tkt): > aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 > itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join > cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM > --dns-backend=SAMBA_INTERNAL > Finding a writeable DC for domain 'cb.cliffbells.com' > Found DC filer.cb.cliffbells.com > Password for [WORKGROUP\administrator]: > workgroup is CB > realm is cb.cliffbells.com > checking sAMAccountName > Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com > Join failed - cleaning up > checking sAMAccountName > ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - > <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index > objectSid in CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com - > ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in > CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com> <> > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line > 621, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 1183, in join_DC > ctx.do_join() > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 1086, in do_join > ctx.join_add_objects() > File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line > 536, in join_add_objects > ctx.samdb.add(rec) > itwerks at cbadc03:~$ > > Neither machine exists in ADUC on either of my current DCs. Neither > machine has any records in DNS. I ran ldbsearch and dumped it's output to > a text file, there are no references to either machine name in the file. > > Please advise. > > JSThe join seems to be failing because it seems to be trying to add an objectsid that already exists: unique index violation on objectSid in CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com Try pre-creating the computer in 'OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com' and then try joining again. Rowland
No dice.
Logged in to a workstation with RSAT installed. Added computer to OU
Domain Controllers, closed ADUC, attempted join again.
itwerks at cbadc03:~$ kinit
Administrator
Password for Administrator at CB.CLIFFBELLS.COM:
itwerks at cbadc03:~$ klist
-e
Ticket cache: FILE:/tmp/krb5cc_1000
Default principal: Administrator at CB.CLIFFBELLS.COM
Valid starting Expires Service principal
03/21/2016 17:21:42 03/22/2016 03:21:42 krbtgt/
CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM
renew until 03/22/2016 17:21:29, Etype (skey, tkt):
aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join
cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM
--dns-backend=SAMBA_INTERNAL
[sudo] password for itwerks:
Finding a writeable DC for domain 'cb.cliffbells.com'
Found DC filer.cb.cliffbells.com
Password for [WORKGROUP\administrator]:
workgroup is CB
realm is cb.cliffbells.com
checking sAMAccountName
Deleted CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -
<00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
objectSid in CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com -
../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in
CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com> <>
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line
621, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1183, in join_DC
ctx.do_join()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
1086, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
line
536, in join_add_objects
ctx.samdb.add(rec)
itwerks at cbadc03:~
Please advise.
JS
On Mar 21, 2016 3:54 PM, "Rowland penny" <rpenny at samba.org>
wrote:
> On 21/03/16 04:26, IT Admin wrote:
>
>> I cannot join two new VMs to my domain, I receive the following error
on
>> both machines:
>>
>> twerks at cbadc03:~$ kinit
>> Administrator
>> Password for Administrator at CB.CLIFFBELLS.COM:
>> itwerks at cbadc03:~$ klist -e
>> Ticket cache: FILE:/tmp/krb5cc_1000
>> Default principal: Administrator at CB.CLIFFBELLS.COM
>>
>> Valid starting Expires Service principal
>> 03/21/2016 00:19:56 03/21/2016 10:19:56 krbtgt/
>> CB.CLIFFBELLS.COM at CB.CLIFFBELLS.COM
>> renew until 03/22/2016 00:19:41, Etype (skey, tkt):
>> aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96
>> itwerks at cbadc03:~$ sudo /usr/local/samba/bin/samba-tool domain join
>> cb.cliffbells.com DC -Uadministrator --realm=CB.CLIFFBELLS.COM
>> --dns-backend=SAMBA_INTERNAL
>> Finding a writeable DC for domain 'cb.cliffbells.com'
>> Found DC filer.cb.cliffbells.com
>> Password for [WORKGROUP\administrator]:
>> workgroup is CB
>> realm is cb.cliffbells.com
>> checking sAMAccountName
>> Adding CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com
>> Join failed - cleaning up
>> checking sAMAccountName
>> ERROR(ldb): uncaught exception - LDAP error 68
LDAP_ENTRY_ALREADY_EXISTS -
>> <00002071: ../lib/ldb/ldb_tdb/ldb_index.c:1216: Failed to re-index
>> objectSid in CN=CBADC03,OU=Domain
Controllers,DC=cb,DC=cliffbells,DC=com -
>> ../lib/ldb/ldb_tdb/ldb_index.c:1148: unique index violation on
objectSid
>> in
>> CN=CBADC03,OU=Domain Controllers,DC=cb,DC=cliffbells,DC=com>
<>
>> File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>> return self.run(*args, **kwargs)
>> File
>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>> line
>> 621, in run
>> machinepass=machinepass, use_ntvfs=use_ntvfs,
>> dns_backend=dns_backend)
>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 1183, in join_DC
>> ctx.do_join()
>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 1086, in do_join
>> ctx.join_add_objects()
>> File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 536, in join_add_objects
>> ctx.samdb.add(rec)
>> itwerks at cbadc03:~$
>>
>> Neither machine exists in ADUC on either of my current DCs. Neither
>> machine has any records in DNS. I ran ldbsearch and dumped it's
output to
>> a text file, there are no references to either machine name in the
file.
>>
>> Please advise.
>>
>> JS
>>
>
> The join seems to be failing because it seems to be trying to add an
> objectsid that already exists:
>
> unique index violation on objectSid in CN=CBADC03,OU=Domain
> Controllers,DC=cb,DC=cliffbells,DC=com
>
> Try pre-creating the computer in 'OU=Domain
> Controllers,DC=cb,DC=cliffbells,DC=com' and then try joining again.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>