samba - Feb 2018 - SAMBA failed join domain DC

but I do not need a domain member (((
and another controller DC

Flag compile
%configure \
        --enable-fhs \
        --with-piddir=/run \
        --with-sockets-dir=/run/samba \
        --with-modulesdir=%{_libdir}/samba \
        --with-pammodulesdir=%{_libdir}/security \
        --with-lockdir=/var/lib/samba/lock \
        --with-statedir=/var/lib/samba \
        --with-cachedir=/var/lib/samba \
        --disable-rpath-install \
        --with-shared-modules=%{_samba_modules} \
        --bundled-libraries=%{_samba_libraries} \
        --with-pam \
        --with-pie \
        --with-relro \
        --without-fam \
        --private-libraries=%{_samba_private_libraries} \
        --with-system-mitkrb5 \
        --with-cluster-support \
        --with-profiling-data \
        --enable-selftest \
        --accel-aes=intelaesni \
        --with-systemd \

on the test environment, the controller joined the DC domain.
But it does not join in the working environment


В Пн, 19/02/2018 в 08:46 +0000, Rowland Penny via samba
пишет:
> On Mon, 19 Feb 2018 12:04:57 +0500
> "denis.shigapov via samba" <samba at lists.samba.org>
wrote:
> 
> > Hi, I'm join samba to windows AD
> > OS Centos7samba version 4.7.5
> > ========== command JOIN DC=========> > samba-tool domain join
example.ru --server=srv-dc01.example.ru --
> > username=vas.lah --password=password --realm=EXAMPLE.RU --
> > site=SITE2
> > -d 7
> > 
> 
> I would have expected to see:
> 
> samba-tool domain join example.ru DC --server=srv-dc01.example.ru
> --username=vas.lah --password=password --realm=EXAMPLE.RU --
> site=SITE2
> -d7
> 
> Without the 'DC' you will end up with a 'MEMBER' and they
do not
> work ;-)
> 
> 
> > do_join    ctx.join_add_dns_records()
> >  File "/usr/lib64/python2.7/site- packages/samba/join.py",
line
> > 1116,
> > in join_add_dns_records 
> >   dns_partition=domaindns_zone_dn)
> > File "/usr/lib64/python2.7/site-packages/samba/samdb.py",
line 939,
> > in dns_lookup
> >    dns_partition=dns_partition)
> 
> Is the DC, that you are trying to join to, running a DNS server ?
> 
> Rowland
> 
>

On Mon, 19 Feb 2018 14:30:45 +0500
"denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:
> but I do not need a domain member (((
> and another controller DC
I never said you did ;-)

The usage for 'samba-tool domain join is:

samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] [options]

You are missing this ---------------^^

If you do not specify the role to join as, you will get a 'MEMBER'

You also haven't said if the original DC 'srv-dc01.example.ru' is
running a DNS server, it might also help if you tell us what windows
version is running on the original DC

Rowland

samba-tool domain join example.ru DC --server=srv-dc01.example.ru --
username=vas.lah --password=password --realm=EXAMPLE.RU --site=SITE2
srv-dc01.example.ru - windows server 2008netdom query fsmoSchema
owner                srv-dc01.example.ruDomain role owner		
    srv-dc01.example.ruPDC role                    srv-
dc02.example.ruRID pool manager            srv-
dc01.example.ruInfrastructure owner        srv-dc01.example.ru
Setting update DNS in srv-dc01.example.ru: Security only
В Пн, 19/02/2018 в 10:02 +0000, Rowland Penny via samba
пишет:
> On Mon, 19 Feb 2018 14:30:45 +0500
> "denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:
> 
> > but I do not need a domain member (((
> > and another controller DC
> 
> I never said you did ;-)
> 
> The usage for 'samba-tool domain join is:
> 
> samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN]
> [options]
> 
> You are missing this ---------------^^
> 
> If you do not specify the role to join as, you will get a 'MEMBER'
> 
> You also haven't said if the original DC 'srv-dc01.example.ru'
is
> running a DNS server, it might also help if you tell us what windows
> version is running on the original DC
> 
> Rowland
>

samba-tool domain join example.ru DC --server=srv-dc01.example.ru --
username=vas.lah --password=password --realm=EXAMPLE.RU --site=SITE2


srv-dc01.example.ru - windows server 2008

netdom query fsmo

Schema owner                srv-dc01.example.ru

Domain role owner	    srv-dc01.example.ru

PDC role                    srv-dc02.example.ru

RID pool manager            srv-dc01.example.ru

Infrastructure owner        srv-dc01.example.ru


Setting update DNS in srv-dc01.example.ru: Security only

В Пн, 19/02/2018 в 10:02 +0000, Rowland Penny via samba
пишет:
> On Mon, 19 Feb 2018 14:30:45 +0500
> "denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:
> 
> > but I do not need a domain member (((
> > and another controller DC
> 
> I never said you did ;-)
> 
> The usage for 'samba-tool domain join is:
> 
> samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN]
> [options]
> 
> You are missing this ---------------^^
> 
> If you do not specify the role to join as, you will get a 'MEMBER'
> 
> You also haven't said if the original DC 'srv-dc01.example.ru'
is
> running a DNS server, it might also help if you tell us what windows
> version is running on the original DC
> 
> Rowland
>