Hello! I am not able to joing new Samba DC to existing domain: Linux side: OS: Centos 7 Samba version: 4.9.8 (Tranquil repo) Hostname: adserver9 Windows side: OS: Windows Server 2016 Domain/forrest level: Windows Server 2008 R2 Hostname: adserver8 Domain: spcr.local I am following this guide: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory I am getting this error: [root at adserver9 /]# samba-tool domain join spcr.local DC -U"SPCR\Administrator" --verbose Finding a writeable DC for domain 'spcr.local' Found DC adserver8.spcr.local Password for [SPCR\Administrator]: workgroup is SPCR realm is spcr.local Adding CN=ADSERVER9,OU=Domain Controllers,DC=spcr,DC=local Adding CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local Adding CN=NTDS Settings,CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local Join failed - cleaning up Deleted CN=ADSERVER9,OU=Domain Controllers,DC=spcr,DC=local Deleted CN=NTDS Settings,CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local Deleted CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - <000021A2: SvcErr: DSID-030A089E, problem 5012 (DIR_ERROR), data 8610> <>File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 178, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 716, in run backend_store=backend_store) File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1501, in join_DC ctx.do_join() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1397, in do_join ctx.join_add_objects() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 683, in join_add_objects ctx.samdb.modify(m) I would be grateful if somebody could point me to a right direction... Best regards Michal
On 13/07/2019 13:03, Michal Sl?dek via samba wrote:> Hello! > > I am not able to joing new Samba DC to existing domain: > > Linux side: > OS: Centos 7 > Samba version: 4.9.8 (Tranquil repo) > Hostname: adserver9 > > Windows side: > OS: Windows Server 2016 > Domain/forrest level: Windows Server 2008 R2 > Hostname: adserver8 > Domain: spcr.local > > I am following this guide: > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_DirectoryYou cannot directly add a Samba DC directly to a Windows 2012 Domain, never mind a 2016 DC, see here: https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD Read the introduction and the warning. Samba 4.11.0 will have support for schema version 69 (Windows Server 2012R2), but the function level will still not be available. Rowland> > I am getting this error: > [root at adserver9 /]# samba-tool domain join spcr.local DC > -U"SPCR\Administrator" --verbose > Finding a writeable DC for domain 'spcr.local' > Found DC adserver8.spcr.local > Password for [SPCR\Administrator]: > workgroup is SPCR > realm is spcr.local > Adding CN=ADSERVER9,OU=Domain Controllers,DC=spcr,DC=local > Adding > CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > Adding CN=NTDS > Settings,CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > Join failed - cleaning up > Deleted CN=ADSERVER9,OU=Domain Controllers,DC=spcr,DC=local > Deleted CN=NTDS > Settings,CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > Deleted > CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - > <000021A2: SvcErr: DSID-030A089E, problem 5012 (DIR_ERROR), data 8610 >> <> > File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line > 178, in _run > return self.run(*args, **kwargs) > File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line > 716, in run > backend_store=backend_store) > File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1501, in > join_DC > ctx.do_join() > File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1397, in > do_join > ctx.join_add_objects() > File "/usr/lib64/python2.7/site-packages/samba/join.py", line 683, in > join_add_objects > ctx.samdb.modify(m) > > I would be grateful if somebody could point me to a right direction... > > Best regards > > Michal
I always thought that it would be possible to join Windows Server 2016 if the domain level remains 2008 R2. Thanks for clarification. Michal Dne so 13. 7. 2019 14:30 u?ivatel Rowland penny via samba < samba at lists.samba.org> napsal:> On 13/07/2019 13:03, Michal Sl?dek via samba wrote: > > Hello! > > > > I am not able to joing new Samba DC to existing domain: > > > > Linux side: > > OS: Centos 7 > > Samba version: 4.9.8 (Tranquil repo) > > Hostname: adserver9 > > > > Windows side: > > OS: Windows Server 2016 > > Domain/forrest level: Windows Server 2008 R2 > > Hostname: adserver8 > > Domain: spcr.local > > > > I am following this guide: > > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory > > You cannot directly add a Samba DC directly to a Windows 2012 Domain, > never mind a 2016 DC, see here: > > > https://wiki.samba.org/index.php/Joining_a_Windows_Server_2012_/_2012_R2_DC_to_a_Samba_AD > > Read the introduction and the warning. > > Samba 4.11.0 will have support for schema version 69 (Windows Server > 2012R2), but the function level will still not be available. > > Rowland > > > > > > I am getting this error: > > [root at adserver9 /]# samba-tool domain join spcr.local DC > > -U"SPCR\Administrator" --verbose > > Finding a writeable DC for domain 'spcr.local' > > Found DC adserver8.spcr.local > > Password for [SPCR\Administrator]: > > workgroup is SPCR > > realm is spcr.local > > Adding CN=ADSERVER9,OU=Domain Controllers,DC=spcr,DC=local > > Adding > > > CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > > Adding CN=NTDS > > > Settings,CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > > Join failed - cleaning up > > Deleted CN=ADSERVER9,OU=Domain Controllers,DC=spcr,DC=local > > Deleted CN=NTDS > > > Settings,CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > > Deleted > > > CN=ADSERVER9,CN=Servers,CN=Vychozi-nazev-prvni-site,CN=Sites,CN=Configuration,DC=spcr,DC=local > > ERROR(ldb): uncaught exception - LDAP error 1 LDAP_OPERATIONS_ERROR - > > <000021A2: SvcErr: DSID-030A089E, problem 5012 (DIR_ERROR), data 8610 > >> <> > > File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", > line > > 178, in _run > > return self.run(*args, **kwargs) > > File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line > > 716, in run > > backend_store=backend_store) > > File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1501, in > > join_DC > > ctx.do_join() > > File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1397, in > > do_join > > ctx.join_add_objects() > > File "/usr/lib64/python2.7/site-packages/samba/join.py", line 683, in > > join_add_objects > > ctx.samdb.modify(m) > > > > I would be grateful if somebody could point me to a right direction... > > > > Best regards > > > > Michal > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >