thr3ads.net - samba - [Samba] Problems joining station in domain [Aug 2019]

If this information is useful, please help other people find it:
Share via:

Marcio Demetrio Bacci

2019-Aug-26 23:04 UTC

[Samba] Problems joining station in domain

Hi,

I'm using Samba 4.5-16 on Debian 9.9.

I intend upgrade to Samba 4.10.6, but I want to solve all the issues first.

Regards,

M?rcio Bacci

Em Seg, 26 de ago de 2019 18:50, Andrew Bartlett <abartlet at samba.org>
escreveu:
> On Mon, 2019-08-26 at 15:35 -0300, Marcio Demetrio Bacci via samba
> wrote:
> > Hi,
> >
> > I'm having trouble entering stations in the domain, as message
below:
> >
> > "
> >
> > *error while attempting to join domain "EMPRESA"security id
structure is
> > invalid*"
> >
> > In the log I see the following message:
> >
> > tail -f /var/log/samba/log.samba
> > [2019/08/26 15:17:12.206883,  0]
> > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user)
> >   Failed to create user record
> > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get
> access
> > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br
> >
> > My user is Administrator and before was working.
> >
> > The station is Windows 7 Professional and my DCs are Samba 4.
> >
> > How could you solve this problem?
>
> Very strange.  This is a pretty normal operation on a pretty normal
> codepath.  To chase it down further however can you please mention the
> full Samba version you are using?
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett
> https://samba.org/~abartlet/
> Authentication Developer, Samba Team         https://samba.org
> Samba Development and Support, Catalyst IT
> https://catalyst.net.nz/services/samba
>
>
>
>
>

Andrew Bartlett

2019-Aug-26 23:11 UTC

head link

[Samba] Problems joining station in domain

On Mon, 2019-08-26 at 20:04 -0300, Marcio Demetrio Bacci
wrote:> Hi,
> 
> I'm using Samba 4.5-16 on Debian 9.9.?
> 
> I intend upgrade to Samba 4.10.6, but I want to solve all the issues first.
Yeah, I suggest an upgrade.  I'm not even going to try and assist with
Samba 4.5 issues.

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

Rowland penny

2019-Aug-27 07:31 UTC

head link

[Samba] Problems joining station in domain

On 27/08/2019 00:04, Marcio Demetrio Bacci via samba
wrote:> Hi,
>
> I'm using Samba 4.5-16 on Debian 9.9.
>
> I intend upgrade to Samba 4.10.6, but I want to solve all the issues first.
>The very act of upgrading Samba may fix any problems you may have, but 
if you do not upgrade, you will never get any Samba fixes possibly 
required, Samba? 4.5.x is EOL.

Just upgrade Stretch to Buster, this will get you to 4.9.5

Rowland

Marcio Demetrio Bacci

2019-Aug-27 19:28 UTC

head link

[Samba] Problems joining station in domain

Hi,

I intend to join a Samba 4.10.7 as DC in my domain to later upgrade the
other DC from Samba 4.5.16 to Samba 4.10.7, but the following error is
occurring:

samba-tool domain join empresa.com.br DC -k yes
--serversamba4-dc1.empresa.com.br

INFO 2019-08-27 16:10:58,330 pid:744
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1106: Adding 1
remote DNS records for SAMBA4-DC3.empresa.com.br
INFO 2019-08-27 16:10:58,457 pid:744
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1169: Adding
DNS A record SAMBA4-DC3.empresa.com.br for IPv4 IP: 192.168.1.19
INFO 2019-08-27 16:10:58,537 pid:744
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1197: Adding
DNS CNAME record 7ef91385-147e-43dc-b216-48eee3157b06._msdcs.empresa.com.br
for SAMBA4-DC3.empresa.com.br
Join failed - cleaning up
Deleted CN=RID Set,CN=SAMBA4-DC3,OU=Domain
Controllers,DC=empresa,DC=com,DC=br
Deleted CN=SAMBA4-DC3,OU=Domain Controllers,DC=empresa,DC=com,DC=br
Deleted CN=NTDS
Settings,CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Deleted
CN=SAMBA4-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Deleted DC=SAMBA4-DC3,DC=empresa.com.br
,CN=MicrosoftDNS,DC=DomainDnsZones,DC=empresa,DC=com,DC=br
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
  File
"/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py",
line 185, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py",
line
700, in run
    backend_store=backend_store)
  File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py",
line
1544, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py",
line
1445, in do_join
    ctx.join_add_dns_records()
  File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py",
line
1213, in join_add_dns_records
    dns_partition=forestdns_zone_dn)
  File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py",
line
1069, in dns_lookup
    dns_partition=dns_partition)


Following are my configuration files, kerberos and DNS tests:

cat /etc/hosts
#127.0.0.1 localhost
192.168.1.19 samba4-dc3.empresa.com.br samba4-dc3

cat /etc/resolv.conf
search empresa.com.br
nameserver 192.168.1.20
nameserver 192.168.1.22

cat /etc/krb5.conf
[libdefaults]
    dns_lookup_realm = false
    dns_lookup_kdc = true
    default_realm =EMPRESA.COM.BR

root at samba4-dc3:~# ntpdate -u 192.168.1.20
27 Aug 15:21:36 ntpdate[650]: adjust time server 192.168.1.20 offset
-0.001693 sec

root at samba4-dc3:~# host -t SRV _kerberos._udp.EMPRESA.COM.BR
_kerberos._udp.EMPRESA.COM.BR has SRV record 0 100 88
samba4-dc1.empresa.com.br.
_kerberos._udp.EMPRESA.COM.BR has SRV record 0 100 88
samba4-dc2.empresa.com.br.


root at samba4-dc3:~# host -t SRV _ldap._tcp.EMPRESA.COM.BR
_ldap._tcp.EMPRESA.COM.BR has SRV record 0 100 389 samba4-dc1.empresa.com.br
.
_ldap._tcp.EMPRESA.COM.BR has SRV record 0 100 389 samba4-dc2.empresa.com.br
.

root at samba4-dc3:~# host -t A EMPRESA.COM.BR
EMPRESA.COM.BR has address 192.168.1.20
EMPRESA.COM.BR has address 192.168.1.22

kinit Administrator
klist -l
Principal name                 Cache name
--------------                 ----------
Administrator at EMPRESA.COM.BR FILE:/tmp/krb5cc_0

Regards,

M?rcio Bacci

Em ter, 27 de ago de 2019 ?s 04:32, Rowland penny via samba <
samba at lists.samba.org> escreveu:
> On 27/08/2019 00:04, Marcio Demetrio Bacci via samba wrote:
> > Hi,
> >
> > I'm using Samba 4.5-16 on Debian 9.9.
> >
> > I intend upgrade to Samba 4.10.6, but I want to solve all the issues
> first.
> >
> The very act of upgrading Samba may fix any problems you may have, but
> if you do not upgrade, you will never get any Samba fixes possibly
> required, Samba  4.5.x is EOL.
>
> Just upgrade Stretch to Buster, this will get you to 4.9.5
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Seemingly Similar Threads

Search for more apparently analagous threads

samba - Aug 2019 - Problems joining station in domain

[Samba] Problems joining station in domain

[Samba] Problems joining station in domain

[Samba] Problems joining station in domain

[Samba] Problems joining station in domain

Seemingly Similar Threads