samba - Mar 2018 - Error joining Samba 4.7.4 DC to existing Win2008R2 domain

On Fri, 2 Mar 2018 16:48:26 +0100
Claudio Nicora <claudio.nicora at gmail.com> wrote:
> 
> > No, I was just checking if you where something you shouldn't, like
> > creating the zone files in the Bind configs.
> Good, it's better to clear out any doubt.
> 
> > There doesn't seem to be anything wrong in any of your conf files,
> > the only other thing I can think of is, is Avahi running on the new
> > DC ? and this only applies if your TLD is '.local'
> 
> No, it's not:
> ==> root at srvad-new:~# apt remove avahi*
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Note, selecting 'avahi-ui-utils' for glob 'avahi*'
> Note, selecting 'avahi-daemon' for glob 'avahi*'
> Note, selecting 'avahi-dnsconfd' for glob 'avahi*'
> Note, selecting 'avahi-autoipd' for glob 'avahi*'
> Note, selecting 'avahi-utils' for glob 'avahi*'
> Note, selecting 'avahi-discover' for glob 'avahi*'
> Package 'avahi-autoipd' is not installed, so not removed
> Package 'avahi-daemon' is not installed, so not removed
> Package 'avahi-utils' is not installed, so not removed
> Package 'avahi-discover' is not installed, so not removed
> Package 'avahi-dnsconfd' is not installed, so not removed
> Package 'avahi-ui-utils' is not installed, so not removed
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> ==> 
> And no, my domain is not .local but each log I post was automatically 
> cleaned up in a case-sensitive way ;)
> MYDOMAIN --> SAMDOM
> mydomain --> samdom
> .EXT --> .LOCAL
> ...
> 
> Another thing that comes to my mind is that the 2008R2 domain was 
> upgraded from an initial Win2000.
> Win2000-->Samba direct migration is not possible because Samba
> requires at least a Win2003 domain.
> So the complete upgrade was Win2000 (SRVAD-OLDOLD) --> Win2008R2 
> (SRVAD-OLD) --> Domain/forest functional level upgrade --> Samba
> 4.7.4 migration.
> 
> Could there be something wrong/unexpected in current Win2008R2 domain 
> config?
> It seems not to me because Windows client machines work ok and the 
> domain seems to function properly.
> 
> Claudio
> 
> >
> > I know that 4.7.5 will join to a Samba AD DC, but this is with
> > Debian.
> 
> That's good
And I can now confirm that 4.7.4 on the latest Ubuntu 18.04 snapshot
joins to a Samba AD domain as a DC.

As a side note, it took me longer to give the Ubuntu VM a fixed ip etc
than it took to join as a DC and then people ask me why I don't like a
certain set of packages ;-)

Rowland

> And I can now confirm that 4.7.4 on the latest Ubuntu 18.04 snapshot
> joins to a Samba AD domain as a DC.
I'm sure it does, that's why I suspect something is wrong in my 
Win2000-->Win2008R2 upgraded domain AD.
> Another thing that comes to my mind is that the 2008R2 domain was 
> upgraded from an initial Win2000.
> Win2000-->Samba direct migration is not possible because Samba
> requires at least a Win2003 domain.
> So the complete upgrade was Win2000 (SRVAD-OLDOLD) --> Win2008R2 
> (SRVAD-OLD) --> Domain/forest functional level upgrade --> Samba
> 4.7.4 migration.
>
> Could there be something wrong/unexpected in current Win2008R2 domain 
> config?
Could you suggest something to check for?
Even with -d9 there's nothing interesting between the last "Adding
DNS..." line and "Join failed - cleaning up".
There should be an explanation of why the join failed, other than "It
failes, I'm cleaning up".
> As a side note, it took me longer to give the Ubuntu VM a fixed ip etc
> than it took to join as a DC and then people ask me why I don't like a
> certain set of packages ;-)
I agree.
Netplan is not something I was needing; another (needless) thing to 
learn and yet another configuration format to know (even if I love YAML 
for other things).

Claudio

On Sun, 4 Mar 2018 00:14:48 +0100
Claudio Nicora <claudio.nicora at gmail.com> wrote:
> 
> > And I can now confirm that 4.7.4 on the latest Ubuntu 18.04 snapshot
> > joins to a Samba AD domain as a DC.
> I'm sure it does, that's why I suspect something is wrong in my 
> Win2000-->Win2008R2 upgraded domain AD.
> 
> > Another thing that comes to my mind is that the 2008R2 domain was 
> > upgraded from an initial Win2000.
> > Win2000-->Samba direct migration is not possible because Samba
> > requires at least a Win2003 domain.
> > So the complete upgrade was Win2000 (SRVAD-OLDOLD) --> Win2008R2 
> > (SRVAD-OLD) --> Domain/forest functional level upgrade --> Samba
> > 4.7.4 migration.
> >
> > Could there be something wrong/unexpected in current Win2008R2
> > domain config?
> 
> Could you suggest something to check for?
> Even with -d9 there's nothing interesting between the last "Adding
> DNS..." line and "Join failed - cleaning up". There should
be an
> explanation of why the join failed, other than "It failes, I'm
> cleaning up".
Not really sure where to go from here, I don't have a windows 2008 DC to
join to, is there anything in the windows event log ?
> 
> > As a side note, it took me longer to give the Ubuntu VM a fixed ip
> > etc than it took to join as a DC and then people ask me why I
don't
> > like a certain set of packages ;-)
> I agree.
> Netplan is not something I was needing; another (needless) thing to 
> learn and yet another configuration format to know (even if I love
> YAML for other things).
> 
That's why I didn't use it, I just turned off systemd-resolved and went
back to basics i.e. what I know and like.

Rowland