Claudio Nicora
2018-Feb-23 08:52 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Thanks for your help.> On the Windows DC can you check that the A record is actually created?Yes, it is, and it persists after join failure. Another sign of presence of SRVAD-NEW on the old DC is the new computer account, created in "Domain controllers" folder in "Active Directory Users and Computers" at the beginning of join procedure then automatically removed just after the failure message. > Try with some additional debugging perhaps, using -d3 That's exactly what I meant with "shed some light"... that option should be mentioned in the "Joining a Samba DC to an Existing Active Directory" Wikipage ;) Here's the new log: ===========================================================root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ --option="interfaces=eth_lan" --verbose -d3 lpcfg_load: refreshing parameters from /etc/samba/smb.conf GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'SAMDOM.LOCAL' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.SAMDOM.LOCAL<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Password for [SAMDOM.LOCAL\Administrator]: workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN Setting account password for dns-SRVAD-NEW Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2386] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1812/2386] linked_values[20/20] Replicated 203 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[396/1750] linked_values[0/0] Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[798/1750] linked_values[0/0] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[917/1750] linked_values[0/0] Replicated 119 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 Join failed - cleaning up ldb_wrap open of secrets.ldb Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) =========================================================== This caught my attention, but I don't know how to fix it: ==Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO == Thanks again for your help. Il 22/02/2018 23:09, Garming Sam via samba ha scritto:> On the Windows DC can you check that the A record is actually created? > >> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > It appears that the record is added over RPC, but then fails to find it > over LDAP. Presumably they are to the same domain controller, so you > should be able to see if there is a record in the domain DNS zone. Maybe > there is a race here, but that seems a little unlikely. Alternatively, > it might be storing the record in a place we do not expect. Try with > some additional debugging perhaps, using -d3 for instance and see if > there's any more detail on the DNS error. > > Cheers, > > Garming
Claudio Nicora
2018-Feb-25 11:28 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Tried again to join, now with full cleanup of /var/lib/samba/private folder on new server... same error. Anyone have an idea of what's going wrong? Il 23/02/2018 09:52, Claudio Nicora via samba ha scritto:> Thanks for your help. > >> On the Windows DC can you check that the A record is actually created? > > Yes, it is, and it persists after join failure. > Another sign of presence of SRVAD-NEW on the old DC is the new > computer account, created in "Domain controllers" folder in "Active > Directory Users and Computers" at the beginning of join procedure then > automatically removed just after the failure message. > > > Try with some additional debugging perhaps, using -d3 > > That's exactly what I meant with "shed some light"... that option > should be mentioned in the "Joining a Samba DC to an Existing Active > Directory" Wikipage ;) > > Here's the new log: > > ===========================================================> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC > -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ > --option="interfaces=eth_lan" --verbose -d3 > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Finding a writeable DC for domain 'SAMDOM.LOCAL' > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.SAMDOM.LOCAL<0x0> > Found DC SRVAD-OLD.SAMDOM.LOCAL > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Password for [SAMDOM.LOCAL\Administrator]: > workgroup is SAMDOM > realm is SAMDOM.LOCAL > Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Adding > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Adding CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Setting account password for SRVAD-NEW$ > Enabling account > Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with > dns/ SPN > Setting account password for dns-SRVAD-NEW > Calling bare provision > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up secrets.ldb > Setting up the registry > ldb_wrap open of hklm.ldb > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > partition_metadata: Migrating partition metadata: open of metadata.tdb > gave: (null) > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Provision OK for domain DN DC=SAMDOM,DC=LOCAL > Starting replication > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[402/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[804/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1206/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1553/1557] linked_values[0/0] > Analyze and apply schema objects > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 1553 objects (0 linked attributes) for > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2386] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2386] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2386] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2386] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1812/2386] > linked_values[20/20] > Replicated 203 objects (20 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Replicating critical objects from the base DN of the domain > Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] > Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[396/1750] linked_values[0/0] > Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[798/1750] linked_values[0/0] > Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[917/1750] linked_values[0/0] > Replicated 119 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] > linked_values[0/0] > Replicated 21 objects (0 linked attributes) for > DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] > linked_values[0/0] > Replicated 94 objects (0 linked attributes) for > DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] > linked_values[0] > Discarding older DRS attribute update to objectClass on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to name on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to systemFlags on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectCategory on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to isCriticalSystemObject on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectClass on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to whenCreated on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to displayName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to name on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to userAccountControl on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to codePage on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to countryCode on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dBCSPwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to localPolicyFlags on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to logonHours on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to unicodePwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to ntPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to pwdLastSet on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to primaryGroupID on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to supplementalCredentials on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectSid on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to accountExpires on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to lmPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountType on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dNSHostName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to servicePrincipalName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectCategory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to isCriticalSystemObject on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to msDS-SupportedEncryptionTypes > on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Committing SAM database > Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > Join failed - cleaning up > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to fetch > machine account password for SAMDOM from both secrets.ldb (Could not > find entry to match filter: > '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4636) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL > Deleted CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Deleted > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 661, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in > join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in > do_join > ctx.join_add_dns_records() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in > join_add_dns_records > dns_partition=domaindns_zone_dn) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in > dns_lookup > dns_partition=dns_partition) > ===========================================================> > > This caught my attention, but I don't know how to fix it: > ==> Could not find machine account in secrets database: Failed to fetch > machine account password for SAMDOM from both secrets.ldb (Could not > find entry to match filter: > '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4636) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > ==> > Thanks again for your help. > > > > Il 22/02/2018 23:09, Garming Sam via samba ha scritto: >> On the Windows DC can you check that the A record is actually created? >> >>> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 >> It appears that the record is added over RPC, but then fails to find it >> over LDAP. Presumably they are to the same domain controller, so you >> should be able to see if there is a record in the domain DNS zone. Maybe >> there is a race here, but that seems a little unlikely. Alternatively, >> it might be storing the record in a place we do not expect. Try with >> some additional debugging perhaps, using -d3 for instance and see if >> there's any more detail on the DNS error. >> >> Cheers, >> >> Garming > >
Rowland Penny
2018-Feb-25 13:30 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
On Sun, 25 Feb 2018 12:28:39 +0100 Claudio Nicora via samba <samba at lists.samba.org> wrote:> Tried again to join, now with full cleanup of /var/lib/samba/private > folder on new server... same error. > > Anyone have an idea of what's going wrong? > > > > ===========================================================> > root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC > > -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ > > --option="interfaces=eth_lan" --verbose -d3 > >Is your WORKGROUP really the same as your dnsdomain ?> > Finding a writeable DC for domain 'SAMDOM.LOCAL' > > resolve_lmhosts: Attempting lmhosts lookup for name > > _ldap._tcp.SAMDOM.LOCAL<0x0> > > Found DC SRVAD-OLD.SAMDOM.LOCAL > > resolve_lmhosts: Attempting lmhosts lookup for name > > SRVAD-OLD.SAMDOM.LOCAL<0x20> > > Password for [SAMDOM.LOCAL\Administrator]: > > workgroup is SAMDOM > > realm is SAMDOM.LOCALSeemingly not ;-) So, the command should be: samba-tool domain join samdom.local DC -U Administrator --dns-backend=BIND9_DLZ --verbose -d3 Can you post your /etc/hosts and /etc/resolv.conf files Can you also tell us the ipaddresses of the original DC and the new DC Rowland
Garming Sam
2018-Feb-25 20:33 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Can you specify the full DN of the DNS record in question? Afterwards, maybe you can also try deleting that DNS record and retry the join? Failed to find machine account is almost certainly an unrelated debug message. I don't think it has any relation to your issue. Cheers, Garming On 26/02/18 00:28, Claudio Nicora via samba wrote:> Tried again to join, now with full cleanup of /var/lib/samba/private > folder on new server... same error. > > Anyone have an idea of what's going wrong? > > > Il 23/02/2018 09:52, Claudio Nicora via samba ha scritto: >> Thanks for your help. >> >>> On the Windows DC can you check that the A record is actually created? >> >> Yes, it is, and it persists after join failure. >> Another sign of presence of SRVAD-NEW on the old DC is the new >> computer account, created in "Domain controllers" folder in "Active >> Directory Users and Computers" at the beginning of join procedure >> then automatically removed just after the failure message. >> >> > Try with some additional debugging perhaps, using -d3 >> >> That's exactly what I meant with "shed some light"... that option >> should be mentioned in the "Joining a Samba DC to an Existing Active >> Directory" Wikipage ;) >> >> Here's the new log: >> >> ===========================================================>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC >> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ >> --option="interfaces=eth_lan" --verbose -d3 >> >> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >> GENSEC backend 'gssapi_spnego' registered >> GENSEC backend 'gssapi_krb5' registered >> GENSEC backend 'gssapi_krb5_sasl' registered >> GENSEC backend 'spnego' registered >> GENSEC backend 'schannel' registered >> GENSEC backend 'naclrpc_as_system' registered >> GENSEC backend 'sasl-EXTERNAL' registered >> GENSEC backend 'ntlmssp' registered >> GENSEC backend 'ntlmssp_resume_ccache' registered >> GENSEC backend 'http_basic' registered >> GENSEC backend 'http_ntlm' registered >> GENSEC backend 'krb5' registered >> GENSEC backend 'fake_gssapi_krb5' registered >> Finding a writeable DC for domain 'SAMDOM.LOCAL' >> resolve_lmhosts: Attempting lmhosts lookup for name >> _ldap._tcp.SAMDOM.LOCAL<0x0> >> Found DC SRVAD-OLD.SAMDOM.LOCAL >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Password for [SAMDOM.LOCAL\Administrator]: >> workgroup is SAMDOM >> realm is SAMDOM.LOCAL >> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Adding >> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Adding CN=NTDS >> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Setting account password for SRVAD-NEW$ >> Enabling account >> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with >> dns/ SPN >> Setting account password for dns-SRVAD-NEW >> Calling bare provision >> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >> Looking up IPv4 addresses >> Looking up IPv6 addresses >> No IPv6 address will be assigned >> Setting up secrets.ldb >> Setting up the registry >> ldb_wrap open of hklm.ldb >> Setting up the privileges database >> Setting up idmap db >> Setting up SAM db >> Setting up sam.ldb partitions and settings >> Setting up sam.ldb rootDSE >> Pre-loading the Samba 4 and AD schema >> partition_metadata: Migrating partition metadata: open of >> metadata.tdb gave: (null) >> A Kerberos configuration suitable for Samba AD has been generated at >> /var/lib/samba/private/krb5.conf >> Provision OK for domain DN DC=SAMDOM,DC=LOCAL >> Starting replication >> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[402/1557] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[804/1557] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[1206/1557] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[1553/1557] linked_values[0/0] >> Analyze and apply schema objects >> Discarding older DRS attribute update to objectClass on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectVersion on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to name on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to objectCategory on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to schemaInfo on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectClass on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectVersion on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to name on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to objectCategory on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to schemaInfo on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectClass on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectVersion on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to name on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to objectCategory on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to schemaInfo on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Replicated 1553 objects (0 linked attributes) for >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2386] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2386] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2386] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2386] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1812/2386] >> linked_values[20/20] >> Replicated 203 objects (20 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Replicating critical objects from the base DN of the domain >> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] >> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1750] linked_values[0/0] >> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1750] linked_values[0/0] >> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Partition[DC=SAMDOM,DC=LOCAL] objects[917/1750] linked_values[0/0] >> Replicated 119 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Done with always replicated NC (base, config, schema) >> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL >> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] >> linked_values[0/0] >> Replicated 21 objects (0 linked attributes) for >> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL >> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL >> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] >> linked_values[0/0] >> Replicated 94 objects (0 linked attributes) for >> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL >> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] >> linked_values[0] >> Discarding older DRS attribute update to objectClass on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to name on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to systemFlags on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectCategory on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to isCriticalSystemObject on >> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectClass on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to whenCreated on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to displayName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to name on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to userAccountControl on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to codePage on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to countryCode on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to dBCSPwd on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to localPolicyFlags on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to logonHours on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to unicodePwd on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to ntPwdHistory on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to pwdLastSet on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to primaryGroupID on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to supplementalCredentials on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectSid on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to accountExpires on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to lmPwdHistory on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to sAMAccountName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to sAMAccountType on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to dNSHostName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to servicePrincipalName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectCategory on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to isCriticalSystemObject on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to >> msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain >> Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Committing SAM database >> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL >> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 >> Join failed - cleaning up >> ldb_wrap open of secrets.ldb >> Could not find machine account in secrets database: Failed to fetch >> machine account password for SAMDOM from both secrets.ldb (Could not >> find entry to match filter: >> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary >> Domains': No such object: dsdb_search at >> ../source4/dsdb/common/util.c:4636) and from >> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO >> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL >> Deleted CN=NTDS >> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Deleted >> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> ERROR(runtime): uncaught exception - (9003, >> 'WERR_DNS_ERROR_RCODE_NAME_ERROR') >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 176, in _run >> return self.run(*args, **kwargs) >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", >> line 661, in run >> machinepass=machinepass, use_ntvfs=use_ntvfs, >> dns_backend=dns_backend) >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, >> in join_DC >> ctx.do_join() >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, >> in do_join >> ctx.join_add_dns_records() >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, >> in join_add_dns_records >> dns_partition=domaindns_zone_dn) >> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, >> in dns_lookup >> dns_partition=dns_partition) >> ===========================================================>> >> >> This caught my attention, but I don't know how to fix it: >> ==>> Could not find machine account in secrets database: Failed to fetch >> machine account password for SAMDOM from both secrets.ldb (Could not >> find entry to match filter: >> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary >> Domains': No such object: dsdb_search at >> ../source4/dsdb/common/util.c:4636) and from >> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO >> ==>> >> Thanks again for your help. >> >> >> >> Il 22/02/2018 23:09, Garming Sam via samba ha scritto: >>> On the Windows DC can you check that the A record is actually created? >>> >>>> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 >>> It appears that the record is added over RPC, but then fails to find it >>> over LDAP. Presumably they are to the same domain controller, so you >>> should be able to see if there is a record in the domain DNS zone. >>> Maybe >>> there is a race here, but that seems a little unlikely. Alternatively, >>> it might be storing the record in a place we do not expect. Try with >>> some additional debugging perhaps, using -d3 for instance and see if >>> there's any more detail on the DNS error. >>> >>> Cheers, >>> >>> Garming >> >> > >
Claudio Nicora
2018-Feb-28 16:10 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Tested again to join, now clearing both Kerberos, Samba config and Samba private folder. The new log now has some more details (resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still not able to join. Wonder why is it trying to do an lmhosts lookup, 4.6 is not. An identical server (with same hostname and IP) with Samba 4.6 joins without issues (except for the need to manually create the DNS entries). NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to get back to the same initial conditions. NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning in Samba wiki https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries : "If you join a Samba DC that runs Samba 4.7 and later, samba-tool created all required DNS entries automatically. To manually create the records on an earlier version, see Verifying and Creating a DC DNS Record." Here you are both logs: 4.7.4 (fail) and 4.6.7 (success). Hope someone can help me... ============================Test environment ============================Domain: SAMDOM.LOCAL Existing DC: Win2008R2, Hostname: SRVAD-OLD, IP: 10.0.3.90 New DC: Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100 ============================Samba 4.7.4 ============================root at srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf /var/lib/samba/private/* root at srvad-new:~# samba-tool domain join samdom.local DC -U"administrator" -d3 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'samdom.local' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173] linked_values[20/20] Replicated 200 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2] Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2] Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2] Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Discarding older DRS linked attribute update to member on CN=Enterprise Admins,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS linked attribute update to member on CN=Domain Users,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 Join failed - cleaning up ldb_wrap open of secrets.ldb Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) ============================Samba 4.6.7 ============================root at srvad-new:~# samba-tool domain join samdom.local DC -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo eth_lan" --option="bind interfaces only=yes" -d3 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'samdom.local' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL Got challenge flags: Got NTLMSSP neg_flags=0x62898235 Password for [WORKGROUP\Administrator]: NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN Setting account password for dns-SRVAD-NEW Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1554] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995] linked_values[20/20] Replicated 146 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0] Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0] Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93] linked_values[0/0] Replicated 93 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Sending DsReplicaUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database See /var/lib/samba/private/named.conf for an example configuration include file for BIND and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as a DC
Claudio Nicora
2018-Mar-01 10:58 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
Tested again to join, now clearing both Kerberos, Samba config and Samba private folder. The new log now has some more details (resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still not able to join. Wonder why is it trying to do an lmhosts lookup, 4.6 is not. An identical server (with same hostname and IP) with Samba 4.6 joins without issues (except for the need to manually create the DNS entries). NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to get back to the same initial conditions. NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning in Samba wiki https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries : "If you join a Samba DC that runs Samba 4.7 and later, samba-tool created all required DNS entries automatically. To manually create the records on an earlier version, see Verifying and Creating a DC DNS Record." Here you are both logs: 4.7.4 (fail) and 4.6.7 (success). Hope someone can help me... ============================Test environment ============================Domain: SAMDOM.LOCAL Existing DC: Win2008R2, Hostname: SRVAD-OLD, IP: 10.0.3.90 New DC: Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100 ============================Samba 4.7.4 ============================root at srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf /var/lib/samba/private/* root at srvad-new:~# samba-tool domain join samdom.local DC -U"administrator" -d3 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'samdom.local' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173] linked_values[20/20] Replicated 200 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2] Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2] Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2] Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Discarding older DRS linked attribute update to member on CN=Enterprise Admins,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS linked attribute update to member on CN=Domain Users,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 Join failed - cleaning up ldb_wrap open of secrets.ldb Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) ============================Samba 4.6.7 ============================root at srvad-new:~# samba-tool domain join samdom.local DC -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo eth_lan" --option="bind interfaces only=yes" -d3 GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'samdom.local' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL Got challenge flags: Got NTLMSSP neg_flags=0x62898235 Password for [WORKGROUP\Administrator]: NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN Setting account password for dns-SRVAD-NEW Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Key 'key=SOFTWARE,hive=NONE' not found key added: key=SOFTWARE,hive=NONE Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE Key 'key=SYSTEM,hive=NONE' not found key added: key=SYSTEM,hive=NONE Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1554] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995] linked_values[20/20] Replicated 146 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0] Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0] Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93] linked_values[0/0] Replicated 93 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Sending DsReplicaUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database See /var/lib/samba/private/named.conf for an example configuration include file for BIND and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as a DC Il 26/02/2018 11:33, Claudio Nicora ha scritto:> Thanks for the time you're dedicating to solving my issue. > >> Is your WORKGROUP really the same as your dnsdomain ? >> So, the command should be: >> samba-tool domain join samdom.local DC -U Administrator >> --dns-backend=BIND9_DLZ --verbose -d3 > > I've replaced log sensitive data before posting it (replacing real > domain name with SAMDOM), but replace was case-insensitive so > everything became uppercase. > I'm attaching the correct log below, sorry for the confusion. > Anyway I've already tried either -U"SAMDOM.LOCAL\Administrator", > -U"SAMDOM\Administrator" and -U Administrator and all of them fail > with the same result. > > Additional info: before testing Sabma 4.7.4, I've tested to join > previous Samba version server (Ubuntu 17.10, Samba 4.6.7) and it worked. > > Here's the new log (with case-preserved replacement), together with > other required files: > > ========================================> root at srvad-new:~# samba-tool domain join samdom.local DC > -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo > eth_lan" --option="bind interfaces only=yes" -d3 > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Finding a writeable DC for domain 'samdom.local' > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.samdom.local<0x0> > Found DC SRVAD-OLD.SAMDOM.LOCAL > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > workgroup is SAMDOM > realm is SAMDOM.LOCAL > Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Adding > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Adding CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Setting account password for SRVAD-NEW$ > Enabling account > Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with > dns/ SPN > Setting account password for dns-SRVAD-NEW > Calling bare provision > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up secrets.ldb > Setting up the registry > ldb_wrap open of hklm.ldb > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > partition_metadata: Migrating partition metadata: open of metadata.tdb > gave: (null) > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Provision OK for domain DN DC=SAMDOM,DC=LOCAL > Starting replication > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[402/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[804/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1206/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1553/1557] linked_values[0/0] > Analyze and apply schema objects > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 1553 objects (0 linked attributes) for > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2508] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2508] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2508] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2508] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1833/2508] > linked_values[20/20] > Replicated 224 objects (20 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Replicating critical objects from the base DN of the domain > Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] > Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[396/1918] linked_values[0/0] > Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[798/1918] linked_values[0/0] > Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[936/1918] linked_values[0/0] > Replicated 138 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] > linked_values[0/0] > Replicated 21 objects (0 linked attributes) for > DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] > linked_values[0/0] > Replicated 94 objects (0 linked attributes) for > DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] > linked_values[0] > Discarding older DRS attribute update to objectClass on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to name on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to systemFlags on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectCategory on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to isCriticalSystemObject on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectClass on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to whenCreated on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to displayName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to name on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to userAccountControl on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to codePage on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to countryCode on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dBCSPwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to localPolicyFlags on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to logonHours on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to unicodePwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to ntPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to pwdLastSet on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to primaryGroupID on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to supplementalCredentials on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectSid on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to accountExpires on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to lmPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountType on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dNSHostName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to servicePrincipalName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectCategory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to isCriticalSystemObject on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to msDS-SupportedEncryptionTypes > on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Committing SAM database > Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > Join failed - cleaning up > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to fetch > machine account password for SAMDOM from both secrets.ldb (Could not > find entry to match filter: > '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4636) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL > Deleted CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Deleted > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 661, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in > join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in > do_join > ctx.join_add_dns_records() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in > join_add_dns_records > dns_partition=domaindns_zone_dn) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in > dns_lookup > dns_partition=dns_partition) > > > > root at srvad-new:~# cat /etc/hosts > 127.0.0.1 localhost > 10.0.3.90 srvad-old.samdom.local srvad-old > 10.0.3.100 srvad-new.samdom.local srvad-new > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > > root at srvad-new:~# cat /etc/hostname > srvad-new.samdom.local (---> also tried with "srvad-new" only) > > > root at srvad-new:~# cat /etc/resolv.conf > nameserver 10.0.3.90 > search samdom.local > ======================> > > > > > > > > Il 25/02/2018 14:30, Rowland Penny via samba ha scritto: >> On Sun, 25 Feb 2018 12:28:39 +0100 >> Claudio Nicora via samba <samba at lists.samba.org> wrote: >> >>> Tried again to join, now with full cleanup of /var/lib/samba/private >>> folder on new server... same error. >>> >>> Anyone have an idea of what's going wrong? >>> >>> >>>> ===========================================================>>>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC >>>> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ >>>> --option="interfaces=eth_lan" --verbose -d3 >>>> >> Is your WORKGROUP really the same as your dnsdomain ? >> >> >>>> Finding a writeable DC for domain 'SAMDOM.LOCAL' >>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>> _ldap._tcp.SAMDOM.LOCAL<0x0> >>>> Found DC SRVAD-OLD.SAMDOM.LOCAL >>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>> SRVAD-OLD.SAMDOM.LOCAL<0x20> >>>> Password for [SAMDOM.LOCAL\Administrator]: >>>> workgroup is SAMDOM >>>> realm is SAMDOM.LOCAL >> Seemingly not ;-) >> >> So, the command should be: >> >> samba-tool domain join samdom.local DC -U Administrator >> --dns-backend=BIND9_DLZ --verbose -d3 >> >> Can you post your /etc/hosts and /etc/resolv.conf files >> >> Can you also tell us the ipaddresses of the original DC and the new DC >> >> Rowland >> >
Claudio Nicora
2018-Mar-01 13:05 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
It seems I'm talking to myself... anyway another test here: Added the existing DC IP config to /etc/hosts and the join now shows a more explicit LDAP error: --- Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed (Preauthentication failed) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <> Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <> --- The Administrator password is correct (the SRVAD-NEW computer account is created on existing DC, then removed after fail). What shall I do now? New test config: root at srvad-old:~# cat /etc/hosts 127.0.0.1 localhost 10.0.3.90 srvad-old.samdom.local srvad-old 10.0.3.100 srvad-new.samdom.local srvad-new root at srvad-new:~# samba-tool domain join samdom.local DC -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo eth_lan" --option="bind interfaces only=yes" -d3 lpcfg_load: refreshing parameters from /etc/samba/smb.conf GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Finding a writeable DC for domain 'samdom.local' resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0> Found DC SRVAD-OLD.SAMDOM.LOCAL resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> workgroup is SAMDOM realm is SAMDOM.LOCAL Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Setting account password for SRVAD-NEW$ Enabling account Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN Setting account password for dns-SRVAD-NEW Calling bare provision lpcfg_load: refreshing parameters from /etc/samba/smb.conf Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up secrets.ldb Setting up the registry ldb_wrap open of hklm.ldb Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=SAMDOM,DC=LOCAL Starting replication Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0] Analyze and apply schema objects Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1800/2187] linked_values[20/20] Replicated 191 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Replicating critical objects from the base DN of the domain Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[396/1607] linked_values[0/0] Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[798/1607] linked_values[0/0] Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Partition[DC=SAMDOM,DC=LOCAL] objects[903/1607] linked_values[0/0] Replicated 105 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL Committing SAM database Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 Join failed - cleaning up ldb_wrap open of secrets.ldb resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed (Preauthentication failed) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088235 Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <> Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) Il 01/03/2018 11:58, Claudio Nicora ha scritto:> Tested again to join, now clearing both Kerberos, Samba config and > Samba private folder. > The new log now has some more details (resolve_lmhosts: Attempting > lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still > not able to join. > Wonder why is it trying to do an lmhosts lookup, 4.6 is not. > > An identical server (with same hostname and IP) with Samba 4.6 joins > without issues (except for the need to manually create the DNS entries). > NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to > get back to the same initial conditions. > > NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning > in Samba wiki > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries > : > "If you join a Samba DC that runs Samba 4.7 and later, samba-tool > created all required DNS entries automatically. > To manually create the records on an earlier version, see Verifying > and Creating a DC DNS Record." > > Here you are both logs: 4.7.4 (fail) and 4.6.7 (success). > Hope someone can help me... > > ============================> Test environment > ============================> Domain: SAMDOM.LOCAL > Existing DC: Win2008R2, Hostname: SRVAD-OLD, IP: 10.0.3.90 > New DC: Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100 > > ============================> Samba 4.7.4 > ============================> root at srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf > /var/lib/samba/private/* > > root at srvad-new:~# samba-tool domain join samdom.local DC > -U"administrator" -d3 > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Finding a writeable DC for domain 'samdom.local' > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.samdom.local<0x0> > Found DC SRVAD-OLD.SAMDOM.LOCAL > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > workgroup is SAMDOM > realm is SAMDOM.LOCAL > Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Adding > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Adding CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Setting account password for SRVAD-NEW$ > Enabling account > Calling bare provision > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > ldb_wrap open of hklm.ldb > Key 'key=SOFTWARE,hive=NONE' not found > key added: key=SOFTWARE,hive=NONE > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=SYSTEM,hive=NONE' not found > key added: key=SYSTEM,hive=NONE > Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > partition_metadata: Migrating partition metadata: open of metadata.tdb > gave: (null) > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Provision OK for domain DN DC=SAMDOM,DC=LOCAL > Starting replication > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[402/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[804/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1206/1557] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1553/1557] linked_values[0/0] > Analyze and apply schema objects > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 1553 objects (0 linked attributes) for > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173] > linked_values[20/20] > Replicated 200 objects (20 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Replicating critical objects from the base DN of the domain > Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2] > Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2] > Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2] > Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2] > Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] > linked_values[0/0] > Replicated 21 objects (0 linked attributes) for > DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] > linked_values[0/0] > Replicated 94 objects (0 linked attributes) for > DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] > linked_values[0] > Discarding older DRS attribute update to objectClass on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to name on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to systemFlags on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectCategory on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to isCriticalSystemObject on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectClass on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to whenCreated on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to displayName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to name on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to userAccountControl on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to codePage on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to countryCode on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dBCSPwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to localPolicyFlags on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to logonHours on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to unicodePwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to ntPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to pwdLastSet on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to primaryGroupID on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to supplementalCredentials on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectSid on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to accountExpires on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to lmPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountType on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dNSHostName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to servicePrincipalName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectCategory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to isCriticalSystemObject on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to msDS-SupportedEncryptionTypes > on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Committing SAM database > Discarding older DRS linked attribute update to member on > CN=Enterprise Admins,CN=Users,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS linked attribute update to member on CN=Domain > Users,CN=Users,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 > Join failed - cleaning up > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to fetch > machine account password for SAMDOM from both secrets.ldb (Could not > find entry to match filter: > '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4636) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Deleted CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Deleted > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 661, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in > join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in > do_join > ctx.join_add_dns_records() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in > join_add_dns_records > dns_partition=domaindns_zone_dn) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in > dns_lookup > dns_partition=dns_partition) > > > ============================> Samba 4.6.7 > ============================> root at srvad-new:~# samba-tool domain join samdom.local DC > -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo > eth_lan" --option="bind interfaces only=yes" -d3 > > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Finding a writeable DC for domain 'samdom.local' > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.samdom.local<0x0> > Found DC SRVAD-OLD.SAMDOM.LOCAL > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > cli_credentials(WORKGROUP\Administrator) without realm, cannot use > kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > Password for [WORKGROUP\Administrator]: > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > workgroup is SAMDOM > realm is SAMDOM.LOCAL > Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Adding > CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Adding CN=NTDS > Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > cli_credentials(WORKGROUP\Administrator) without realm, cannot use > kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL > Setting account password for SRVAD-NEW$ > Enabling account > Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with > dns/ SPN > Setting account password for dns-SRVAD-NEW > Calling bare provision > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > ldb_wrap open of hklm.ldb > Key 'key=SOFTWARE,hive=NONE' not found > key added: key=SOFTWARE,hive=NONE > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=SYSTEM,hive=NONE' not found > key added: key=SYSTEM,hive=NONE > Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: > key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > partition_metadata: Migrating partition metadata: open of metadata.tdb > gave: (null) > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Provision OK for domain DN DC=SAMDOM,DC=LOCAL > Starting replication > Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > SRVAD-OLD.SAMDOM.LOCAL<0x20> > cli_credentials(WORKGROUP\Administrator) without realm, cannot use > kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL > Got challenge flags: > Got NTLMSSP neg_flags=0x62898235 > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x62088235 > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[402/1554] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[804/1554] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1206/1554] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] > objects[1553/1554] linked_values[0/0] > Analyze and apply schema objects > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 1553 objects (0 linked attributes) for > CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995] > linked_values[0/20] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995] > linked_values[20/20] > Replicated 146 objects (20 linked attributes) for > CN=Configuration,DC=SAMDOM,DC=LOCAL > Replicating critical objects from the base DN of the domain > Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] > Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0] > Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0] > Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0] > Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] > linked_values[0/0] > Replicated 21 objects (0 linked attributes) for > DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL > Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93] > linked_values[0/0] > Replicated 93 objects (0 linked attributes) for > DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL > Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] > linked_values[0] > Discarding older DRS attribute update to objectClass on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to whenCreated on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to showInAdvancedViewOnly on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to name on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to fSMORoleOwner on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 > Discarding older DRS attribute update to systemFlags on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectCategory on CN=RID > Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to isCriticalSystemObject on > CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from > a9e55326-e32f-4da3-8baa-8cf29cbafded > Discarding older DRS attribute update to objectClass on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to whenCreated on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to displayName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to nTSecurityDescriptor on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to name on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to userAccountControl on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to codePage on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to countryCode on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dBCSPwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to localPolicyFlags on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to logonHours on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to unicodePwd on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to ntPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to pwdLastSet on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to primaryGroupID on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to supplementalCredentials on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectSid on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to accountExpires on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to lmPwdHistory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to sAMAccountType on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to dNSHostName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to servicePrincipalName on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to objectCategory on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to isCriticalSystemObject on > CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Discarding older DRS attribute update to msDS-SupportedEncryptionTypes > on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from > 5129d5e2-1df1-4299-bede-1eed9ff37869 > Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL > Committing SAM database > Sending DsReplicaUpdateRefs for all the replicated partitions > Setting isSynchronized and dsServiceName > Setting up secrets database > See /var/lib/samba/private/named.conf for an example configuration > include file for BIND > and /var/lib/samba/private/named.txt for further documentation > required for secure DNS updates > Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as > a DC > > > Il 26/02/2018 11:33, Claudio Nicora ha scritto: >> Thanks for the time you're dedicating to solving my issue. >> >>> Is your WORKGROUP really the same as your dnsdomain ? >>> So, the command should be: >>> samba-tool domain join samdom.local DC -U Administrator >>> --dns-backend=BIND9_DLZ --verbose -d3 >> >> I've replaced log sensitive data before posting it (replacing real >> domain name with SAMDOM), but replace was case-insensitive so >> everything became uppercase. >> I'm attaching the correct log below, sorry for the confusion. >> Anyway I've already tried either -U"SAMDOM.LOCAL\Administrator", >> -U"SAMDOM\Administrator" and -U Administrator and all of them fail >> with the same result. >> >> Additional info: before testing Sabma 4.7.4, I've tested to join >> previous Samba version server (Ubuntu 17.10, Samba 4.6.7) and it worked. >> >> Here's the new log (with case-preserved replacement), together with >> other required files: >> >> ========================================>> root at srvad-new:~# samba-tool domain join samdom.local DC >> -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo >> eth_lan" --option="bind interfaces only=yes" -d3 >> >> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >> GENSEC backend 'gssapi_spnego' registered >> GENSEC backend 'gssapi_krb5' registered >> GENSEC backend 'gssapi_krb5_sasl' registered >> GENSEC backend 'spnego' registered >> GENSEC backend 'schannel' registered >> GENSEC backend 'naclrpc_as_system' registered >> GENSEC backend 'sasl-EXTERNAL' registered >> GENSEC backend 'ntlmssp' registered >> GENSEC backend 'ntlmssp_resume_ccache' registered >> GENSEC backend 'http_basic' registered >> GENSEC backend 'http_ntlm' registered >> GENSEC backend 'krb5' registered >> GENSEC backend 'fake_gssapi_krb5' registered >> Finding a writeable DC for domain 'samdom.local' >> resolve_lmhosts: Attempting lmhosts lookup for name >> _ldap._tcp.samdom.local<0x0> >> Found DC SRVAD-OLD.SAMDOM.LOCAL >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> workgroup is SAMDOM >> realm is SAMDOM.LOCAL >> Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Adding >> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Adding CN=NTDS >> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Setting account password for SRVAD-NEW$ >> Enabling account >> Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with >> dns/ SPN >> Setting account password for dns-SRVAD-NEW >> Calling bare provision >> lpcfg_load: refreshing parameters from /etc/samba/smb.conf >> Looking up IPv4 addresses >> Looking up IPv6 addresses >> No IPv6 address will be assigned >> Setting up secrets.ldb >> Setting up the registry >> ldb_wrap open of hklm.ldb >> Setting up the privileges database >> Setting up idmap db >> Setting up SAM db >> Setting up sam.ldb partitions and settings >> Setting up sam.ldb rootDSE >> Pre-loading the Samba 4 and AD schema >> partition_metadata: Migrating partition metadata: open of >> metadata.tdb gave: (null) >> A Kerberos configuration suitable for Samba AD has been generated at >> /var/lib/samba/private/krb5.conf >> Provision OK for domain DN DC=SAMDOM,DC=LOCAL >> Starting replication >> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal] >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[402/1557] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[804/1557] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[1206/1557] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] >> objects[1553/1557] linked_values[0/0] >> Analyze and apply schema objects >> Discarding older DRS attribute update to objectClass on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectVersion on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to name on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to objectCategory on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to schemaInfo on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectClass on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectVersion on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to name on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to objectCategory on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to schemaInfo on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectClass on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectVersion on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to name on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to objectCategory on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to schemaInfo on >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Replicated 1553 objects (0 linked attributes) for >> CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2508] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2508] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2508] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2508] >> linked_values[0/20] >> Replicated 402 objects (0 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1833/2508] >> linked_values[20/20] >> Replicated 224 objects (20 linked attributes) for >> CN=Configuration,DC=SAMDOM,DC=LOCAL >> Replicating critical objects from the base DN of the domain >> Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0] >> Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Partition[DC=SAMDOM,DC=LOCAL] objects[396/1918] linked_values[0/0] >> Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Partition[DC=SAMDOM,DC=LOCAL] objects[798/1918] linked_values[0/0] >> Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Partition[DC=SAMDOM,DC=LOCAL] objects[936/1918] linked_values[0/0] >> Replicated 138 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Done with always replicated NC (base, config, schema) >> Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL >> Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] >> linked_values[0/0] >> Replicated 21 objects (0 linked attributes) for >> DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL >> Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL >> Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] >> linked_values[0/0] >> Replicated 94 objects (0 linked attributes) for >> DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL >> Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] >> linked_values[0] >> Discarding older DRS attribute update to objectClass on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to whenCreated on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to showInAdvancedViewOnly on >> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to name on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to fSMORoleOwner on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 >> Discarding older DRS attribute update to systemFlags on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectCategory on CN=RID >> Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to isCriticalSystemObject on >> CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from >> a9e55326-e32f-4da3-8baa-8cf29cbafded >> Discarding older DRS attribute update to objectClass on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to whenCreated on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to displayName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to nTSecurityDescriptor on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to name on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to userAccountControl on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to codePage on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to countryCode on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to dBCSPwd on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to localPolicyFlags on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to logonHours on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to unicodePwd on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to ntPwdHistory on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to pwdLastSet on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to primaryGroupID on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to supplementalCredentials on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectSid on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to accountExpires on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to lmPwdHistory on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to sAMAccountName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to sAMAccountType on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to dNSHostName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to servicePrincipalName on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to objectCategory on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to isCriticalSystemObject on >> CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from >> 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Discarding older DRS attribute update to >> msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain >> Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 >> Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL >> Committing SAM database >> Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL >> Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign] >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name >> SRVAD-OLD.SAMDOM.LOCAL<0x20> >> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100 >> Join failed - cleaning up >> ldb_wrap open of secrets.ldb >> Could not find machine account in secrets database: Failed to fetch >> machine account password for SAMDOM from both secrets.ldb (Could not >> find entry to match filter: >> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary >> Domains': No such object: dsdb_search at >> ../source4/dsdb/common/util.c:4636) and from >> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO >> Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL >> Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL >> Deleted CN=NTDS >> Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> Deleted >> CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL >> ERROR(runtime): uncaught exception - (9003, >> 'WERR_DNS_ERROR_RCODE_NAME_ERROR') >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 176, in _run >> return self.run(*args, **kwargs) >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", >> line 661, in run >> machinepass=machinepass, use_ntvfs=use_ntvfs, >> dns_backend=dns_backend) >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, >> in join_DC >> ctx.do_join() >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, >> in do_join >> ctx.join_add_dns_records() >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, >> in join_add_dns_records >> dns_partition=domaindns_zone_dn) >> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, >> in dns_lookup >> dns_partition=dns_partition) >> >> >> >> root at srvad-new:~# cat /etc/hosts >> 127.0.0.1 localhost >> 10.0.3.90 srvad-old.samdom.local srvad-old >> 10.0.3.100 srvad-new.samdom.local srvad-new >> >> # The following lines are desirable for IPv6 capable hosts >> ::1 localhost ip6-localhost ip6-loopback >> ff02::1 ip6-allnodes >> ff02::2 ip6-allrouters >> >> >> root at srvad-new:~# cat /etc/hostname >> srvad-new.samdom.local (---> also tried with "srvad-new" only) >> >> >> root at srvad-new:~# cat /etc/resolv.conf >> nameserver 10.0.3.90 >> search samdom.local >> ======================>> >> >> >> >> >> >> >> >> Il 25/02/2018 14:30, Rowland Penny via samba ha scritto: >>> On Sun, 25 Feb 2018 12:28:39 +0100 >>> Claudio Nicora via samba <samba at lists.samba.org> wrote: >>> >>>> Tried again to join, now with full cleanup of /var/lib/samba/private >>>> folder on new server... same error. >>>> >>>> Anyone have an idea of what's going wrong? >>>> >>>> >>>>> ===========================================================>>>>> root at SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC >>>>> -U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ >>>>> --option="interfaces=eth_lan" --verbose -d3 >>>>> >>> Is your WORKGROUP really the same as your dnsdomain ? >>> >>> >>>>> Finding a writeable DC for domain 'SAMDOM.LOCAL' >>>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>>> _ldap._tcp.SAMDOM.LOCAL<0x0> >>>>> Found DC SRVAD-OLD.SAMDOM.LOCAL >>>>> resolve_lmhosts: Attempting lmhosts lookup for name >>>>> SRVAD-OLD.SAMDOM.LOCAL<0x20> >>>>> Password for [SAMDOM.LOCAL\Administrator]: >>>>> workgroup is SAMDOM >>>>> realm is SAMDOM.LOCAL >>> Seemingly not ;-) >>> >>> So, the command should be: >>> >>> samba-tool domain join samdom.local DC -U Administrator >>> --dns-backend=BIND9_DLZ --verbose -d3 >>> >>> Can you post your /etc/hosts and /etc/resolv.conf files >>> >>> Can you also tell us the ipaddresses of the original DC and the new DC >>> >>> Rowland >>> >> >
Apparently Analagous Threads
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain