On 07/07/16 21:13, Jason Waters wrote:> So I joined with samba's internal DNS, then converted to BIND, then > tested. Seems like it was working. I forced the 2003 machine out, > cleaned up the meta data and everything seemed to be working ok. So I > raised the domain level like this > > samba-tool domain level raise > samba-tool domain level raise --domain-level=2008_R2 > samba-tool domain level raise --forest-level=2008_R2 > > everything shows as 2008_R2 > > so now I think I'm making progress. I spin up another linux box, get > it ready to join, starts to join, then fails > > says LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <0000200A: > objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes' on entry > 'CN=DC04,OU=Domain Controllers,DC=example,DC=local' was not found in > the schema > > so I thought well I'm going to try having a windows 2008 r2 server > join as a DC, run dcpromo and it says I need to run /forestprep on the > AD. Well I can't do that now that it is on linux right? >It should be there, it sounds like you have an incomplete schema, you could try running 'samba-tool dbcheck --fix' Rowland
I did that, it fixed 6 errors, ran it again, 0 errors. Still not able to join. On Thu, Jul 7, 2016 at 4:38 PM, Rowland penny <rpenny at samba.org> wrote:> On 07/07/16 21:13, Jason Waters wrote: > >> So I joined with samba's internal DNS, then converted to BIND, then >> tested. Seems like it was working. I forced the 2003 machine out, cleaned >> up the meta data and everything seemed to be working ok. So I raised the >> domain level like this >> >> samba-tool domain level raise >> samba-tool domain level raise --domain-level=2008_R2 >> samba-tool domain level raise --forest-level=2008_R2 >> >> everything shows as 2008_R2 >> >> so now I think I'm making progress. I spin up another linux box, get it >> ready to join, starts to join, then fails >> >> says LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <0000200A: objectclass_attrs: >> attribute 'msDS-SupportedEncryptionTypes' on entry 'CN=DC04,OU=Domain >> Controllers,DC=example,DC=local' was not found in the schema >> >> so I thought well I'm going to try having a windows 2008 r2 server join >> as a DC, run dcpromo and it says I need to run /forestprep on the AD. Well >> I can't do that now that it is on linux right? >> >> > It should be there, it sounds like you have an incomplete schema, you > could try running 'samba-tool dbcheck --fix' > > Rowland > >
On 07/07/16 21:39, Jason Waters wrote:> I did that, it fixed 6 errors, ran it again, 0 errors. Still not able > to join. > > On Thu, Jul 7, 2016 at 4:38 PM, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > On 07/07/16 21:13, Jason Waters wrote: > > So I joined with samba's internal DNS, then converted to BIND, > then tested. Seems like it was working. I forced the 2003 > machine out, cleaned up the meta data and everything seemed to > be working ok. So I raised the domain level like this > > samba-tool domain level raise > samba-tool domain level raise --domain-level=2008_R2 > samba-tool domain level raise --forest-level=2008_R2 > > everything shows as 2008_R2 > > so now I think I'm making progress. I spin up another linux > box, get it ready to join, starts to join, then fails > > says LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <0000200A: > objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes' > on entry 'CN=DC04,OU=Domain Controllers,DC=example,DC=local' > was not found in the schema > > so I thought well I'm going to try having a windows 2008 r2 > server join as a DC, run dcpromo and it says I need to run > /forestprep on the AD. Well I can't do that now that it is on > linux right? > > > It should be there, it sounds like you have an incomplete schema, > you could try running 'samba-tool dbcheck --fix' > > Rowland > >Try adding '--cross-ncs' After this, I am running out of suggestions. Rowland