Claudio Nicora
2018-Feb-22 16:32 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
I have an existing Win2008-R2 domain with a single DC and I'd like to replace this DC with a Samba 4 DC. I'm using VirtualBox VMs to test the migration before going to production. I've cloned Windows 2008R2 Server into the first VM, then installed Ubuntu_18.04_server_x64_daily (Samba 4.7.4) into another VM. Win2008-R2:?? hostname=SRVAD-OLD, IP: 10.0.3.90 Ubuntu_18.04: hostname=SRVAD-NEW, IP: 10.0.3.100 The two machines are connected to the same virtual network and can ping each other. Now, when I run samba-tool to join the domain, the join fails with this error: =====================================================root at srvad-new:~# samba -V Version 4.7.4-Ubuntu root at srvad-new:~# samba-tool domain join samdom.local DC -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ --option="interfaces=eth_lan" --verbose Finding a writeable DC for domain 'SAMDOM.LOCAL' Found DC SRVAD-OLD.SAMDOM.LOCAL Password for [SAMDOM.LOCAL\Administrator]: workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT Setting account password for SRVAD-NEW$ Enabling account Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=IT with dns/ SPN Setting account password for dns-SRVAD-NEW Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=IT Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] objects[1553/1557] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[402/2158] linked_values[0/20] Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[804/2158] linked_values[0/20] Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1206/2158] linked_values[0/20] Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1608/2158] linked_values[0/20] Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1803/2158] linked_values[20/20] Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=IT] objects[97/169] linked_values[0/0] Partition[DC=SAMDOM,DC=IT] objects[396/1567] linked_values[0/0] Partition[DC=SAMDOM,DC=IT] objects[798/1567] linked_values[0/0] Partition[DC=SAMDOM,DC=IT] objects[908/1567] linked_values[0/0] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=IT Partition[DC=DomainDnsZones,DC=SAMDOM,DC=IT] objects[21/21] linked_values[0/0] Replicating DC=ForestDnsZones,DC=SAMDOM,DC=IT Partition[DC=ForestDnsZones,DC=SAMDOM,DC=IT] objects[94/94] linked_values[0/0] Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=IT] objects[3] linked_values[0] Committing SAM database Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 Join failed - cleaning up Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=IT Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run ??? return self.run(*args, **kwargs) ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run ??? machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ??? ctx.do_join() ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join ??? ctx.join_add_dns_records() ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records ??? dns_partition=domaindns_zone_dn) ? File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup ??? dns_partition=dns_partition) ===================================================== I've googled for'WERR_DNS_ERROR_RCODE_NAME_ERROR' but haven't found anything. Hope someone could shed some light on this...
Garming Sam
2018-Feb-22 22:09 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
On the Windows DC can you check that the A record is actually created?> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100It appears that the record is added over RPC, but then fails to find it over LDAP. Presumably they are to the same domain controller, so you should be able to see if there is a record in the domain DNS zone. Maybe there is a race here, but that seems a little unlikely. Alternatively, it might be storing the record in a place we do not expect. Try with some additional debugging perhaps, using -d3 for instance and see if there's any more detail on the DNS error. Cheers, Garming On 23/02/18 05:32, Claudio Nicora via samba wrote:> I have an existing Win2008-R2 domain with a single DC and I'd like to > replace this DC with a Samba 4 DC. > > I'm using VirtualBox VMs to test the migration before going to > production. > I've cloned Windows 2008R2 Server into the first VM, then installed > Ubuntu_18.04_server_x64_daily (Samba 4.7.4) into another VM. > > Win2008-R2:?? hostname=SRVAD-OLD, IP: 10.0.3.90 > Ubuntu_18.04: hostname=SRVAD-NEW, IP: 10.0.3.100 > > The two machines are connected to the same virtual network and can > ping each other. > > Now, when I run samba-tool to join the domain, the join fails with > this error: > > =====================================================> root at srvad-new:~# samba -V > Version 4.7.4-Ubuntu > > root at srvad-new:~# samba-tool domain join samdom.local DC > -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ > --option="interfaces=eth_lan" --verbose > > Finding a writeable DC for domain 'SAMDOM.LOCAL' > Found DC SRVAD-OLD.SAMDOM.LOCAL > Password for [SAMDOM.LOCAL\Administrator]: > workgroup is SAMDOM > realm is SAMDOM.LOCAL > Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT > Adding > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT > Adding CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT > Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT > Setting account password for SRVAD-NEW$ > Enabling account > Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=IT with dns/ > SPN > Setting account password for dns-SRVAD-NEW > Calling bare provision > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Provision OK for domain DN DC=SAMDOM,DC=IT > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] > objects[402/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] > objects[804/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] > objects[1206/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=IT] > objects[1553/1557] linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[402/2158] > linked_values[0/20] > Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[804/2158] > linked_values[0/20] > Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1206/2158] > linked_values[0/20] > Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1608/2158] > linked_values[0/20] > Partition[CN=Configuration,DC=SAMDOM,DC=IT] objects[1803/2158] > linked_values[20/20] > Replicating critical objects from the base DN of the domain > Partition[DC=SAMDOM,DC=IT] objects[97/169] linked_values[0/0] > Partition[DC=SAMDOM,DC=IT] objects[396/1567] linked_values[0/0] > Partition[DC=SAMDOM,DC=IT] objects[798/1567] linked_values[0/0] > Partition[DC=SAMDOM,DC=IT] objects[908/1567] linked_values[0/0] > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=SAMDOM,DC=IT > Partition[DC=DomainDnsZones,DC=SAMDOM,DC=IT] objects[21/21] > linked_values[0/0] > Replicating DC=ForestDnsZones,DC=SAMDOM,DC=IT > Partition[DC=ForestDnsZones,DC=SAMDOM,DC=IT] objects[94/94] > linked_values[0/0] > Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=IT] objects[3] > linked_values[0] > Committing SAM database > Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL > Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > Join failed - cleaning up > Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT > Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=IT > Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=IT > Deleted CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT > Deleted > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=IT > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > ??? return self.run(*args, **kwargs) > ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 661, in run > ??? machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) > ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in > join_DC > ??? ctx.do_join() > ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in > do_join > ??? ctx.join_add_dns_records() > ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in > join_add_dns_records > ??? dns_partition=domaindns_zone_dn) > ? File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in > dns_lookup > ??? dns_partition=dns_partition) > =====================================================> > I've googled for'WERR_DNS_ERROR_RCODE_NAME_ERROR' but haven't found > anything. > Hope someone could shed some light on this... >
Claudio Nicora
2018-Feb-23 08:52 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Thanks for your help.> On the Windows DC can you check that the A record is actually created?Yes, it is, and it persists after join failure. Another sign of presence of SRVAD-NEW on the old DC is the new computer account, created in "Domain controllers" folder in "Active Directory Users and Computers" at the beginning of join procedure then automatically removed just after the failure message. > Try with some additional debugging perhaps, using -d3 That's exactly what I meant with "shed some light"... that option should be mentioned in the "Joining a Samba DC to an Existing Active Directory" Wikipage ;) Here's the new log: ===========================================================root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ --option="interfaces=eth_lan" --verbose -d3 lpcfg_load: refreshing parameters from /etc/samba/smb.conf GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'SAMDOM.LOCAL' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SAMDOM.LOCAL<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Password for [SAMDOM.LOCAL\Administrator]: workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN Setting account password for dns-SRVAD-NEW Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1812/2386] linked_values[20/20] Replicated 203 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[396/1750] linked_values[0/0] Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[798/1750] linked_values[0/0] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[917/1750] linked_values[0/0] Replicated 119 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 Join failed - cleaning up ldb_wrap open of secrets.ldb Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) =========================================================== This caught my attention, but I don't know how to fix it: ==Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO == Thanks again for your help. Il 22/02/2018 23:09, Garming Sam via samba ha scritto:> On the Windows DC can you check that the A record is actually created? > >> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > It appears that the record is added over RPC, but then fails to find it > over LDAP. Presumably they are to the same domain controller, so you > should be able to see if there is a record in the domain DNS zone. Maybe > there is a race here, but that seems a little unlikely. Alternatively, > it might be storing the record in a place we do not expect. Try with > some additional debugging perhaps, using -d3 for instance and see if > there's any more detail on the DNS error. > > Cheers, > > Garming
Reasonably Related Threads
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain