Igor Sousa
2019-Oct-11 20:56 UTC
[Samba] Failed when join to an existing Active Directory Domain
Hi,
I've tried to update my samba AD/DC environment. Then, I've removed a
existing offline DC with "samba-tool domain demote
--remove-other-dead-server=genos". I've re-created "genos"
(yes, I try to
keep the same name and IP address) and install a 4.10.2 samba version (I
know the new version is 4.11.0). When I've tried to join it on my domain,
I've received message "Join failed - cleaning up" and the error
ERROR(runtime): uncaught exception - (9714,
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST'). I've never seen this error
before
and I don't know how to fix it.
OBS: I've verified on DNS Manager, Active Directory Sites and Services and
Active Directory Users and Computers if genos demonted was successful.
See below the output of join command.
[root at genos ~]# samba-tool domain join smb DC -U"SMB\administrator"
--dns-backend=BIND9_DLZ --option='idmap_ldb:use rfc2307 = yes'
INFO 2019-10-11 17:48:28,951 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/join.py #103: Finding
a writeable DC for domain 'smb'
INFO 2019-10-11 17:48:28,972 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/join.py #105: Found DC
samba4.smb
Password for [SMB\administrator]:
INFO 2019-10-11 17:48:35,306 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1519:
workgroup is SMB
INFO 2019-10-11 17:48:35,307 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1522: realm
is smb
Adding CN=GENOS,OU=Domain Controllers,DC=SMB
Adding
CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
Adding CN=NTDS
Settings,CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
Adding SPNs to CN=GENOS,OU=Domain Controllers,DC=SMB
Setting account password for GENOS$
Enabling account
Adding DNS account CN=dns-GENOS,CN=Users,DC=SMB with dns/ SPN
Setting account password for dns-GENOS
Calling bare provision
INFO 2019-10-11 17:48:37,247 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2079: Looking up IPv4 addresses
INFO 2019-10-11 17:48:37,248 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2096: Looking up IPv6 addresses
WARNING 2019-10-11 17:48:37,249 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2103: No IPv6 address will be assigned
INFO 2019-10-11 17:48:38,134 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2269: Setting up share.ldb
INFO 2019-10-11 17:48:38,164 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2273: Setting up secrets.ldb
INFO 2019-10-11 17:48:38,194 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2279: Setting up the registry
INFO 2019-10-11 17:48:38,287 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2282: Setting up the privileges database
INFO 2019-10-11 17:48:38,333 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2285: Setting up idmap db
INFO 2019-10-11 17:48:38,362 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2292: Setting up SAM db
INFO 2019-10-11 17:48:38,369 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#882: Setting up sam.ldb partitions and settings
INFO 2019-10-11 17:48:38,370 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#894: Setting up sam.ldb rootDSE
INFO 2019-10-11 17:48:38,375 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#1297: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2019-10-11 17:48:38,415 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2342: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2019-10-11 17:48:38,416 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py
#2343: Merge the contents of this file with your system krb5.conf or
replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=SMB
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[1206/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[1550/1550]
linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=SMB] objects[402/1643] linked_values[0/0]
Partition[CN=Configuration,DC=SMB] objects[804/1643] linked_values[0/0]
Partition[CN=Configuration,DC=SMB] objects[1206/1643] linked_values[0/0]
Partition[CN=Configuration,DC=SMB] objects[1608/1643] linked_values[0/0]
Partition[CN=Configuration,DC=SMB] objects[1643/1643] linked_values[56/0]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=SMB] objects[2045/1643] linked_values[56/0]
Partition[CN=Configuration,DC=SMB] objects[2447/1643] linked_values[56/0]
Partition[CN=Configuration,DC=SMB] objects[2849/1643] linked_values[56/0]
Partition[CN=Configuration,DC=SMB] objects[3251/1643] linked_values[56/0]
Partition[CN=Configuration,DC=SMB] objects[3286/1643] linked_values[112/0]
Replicating critical objects from the base DN of the domain
Partition[DC=SMB] objects[99/99] linked_values[42/0]
Partition[DC=SMB] objects[402/564] linked_values[0/0]
../../lib/ldb/ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value
in CN=SAULO-THINK,CN=Computers,DC=SMB for index on servicePrincipalName,
duplicate of objectGUID 449c0f09-c392-498b-9ad1-fce0c288d610 in
@INDEX:SERVICEPRINCIPALNAME:TERMSRV/SAULO-THINK.SMB
Partition[DC=SMB] objects[564/564] linked_values[155/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SMB
Partition[DC=DomainDnsZones,DC=SMB] objects[402/858] linked_values[0/0]
Partition[DC=DomainDnsZones,DC=SMB] objects[804/858] linked_values[0/0]
Partition[DC=DomainDnsZones,DC=SMB] objects[858/858] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=SMB
Partition[DC=ForestDnsZones,DC=SMB] objects[76/76] linked_values[0/0]
Exop on[CN=RID Manager$,CN=System,DC=SMB] objects[3] linked_values[0]
Committing SAM database
INFO 2019-10-11 17:49:04,633 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1097: Adding
1 remote DNS records for GENOS.smb
INFO 2019-10-11 17:49:04,753 pid:29652
/usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1160: Adding
DNS A record GENOS.smb for IPv4 IP: 10.41.17.130
Join failed - cleaning up
Deleted CN=RID Set,CN=GENOS,OU=Domain Controllers,DC=SMB
Deleted CN=GENOS,OU=Domain Controllers,DC=SMB
Deleted CN=dns-GENOS,CN=Users,DC=SMB
Deleted CN=NTDS
Settings,CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
Deleted
CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB
ERROR(runtime): uncaught exception - (9714,
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 185, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py",
line 699, in run
backend_store=backend_store)
File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py",
line
1535, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py",
line
1436, in do_join
ctx.join_add_dns_records()
File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py",
line
1178, in join_add_dns_records
dns_partition=domaindns_zone_dn)
File
"/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py",
line 1069, in dns_lookup
dns_partition=dns_partition)
--
Igor Sousa
Rowland penny
2019-Oct-12 08:25 UTC
[Samba] Failed when join to an existing Active Directory Domain
On 11/10/2019 21:56, Igor Sousa via samba wrote:> Hi, > > I've tried to update my samba AD/DC environment. Then, I've removed a > existing offline DC with "samba-tool domain demote > --remove-other-dead-server=genos". I've re-created "genos" (yes, I try to > keep the same name and IP address) and install a 4.10.2 samba version (I > know the new version is 4.11.0). When I've tried to join it on my domain, > I've received message "Join failed - cleaning up" and the error > ERROR(runtime): uncaught exception - (9714, > 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST'). I've never seen this error before > and I don't know how to fix it. > > OBS: I've verified on DNS Manager, Active Directory Sites and Services and > Active Directory Users and Computers if genos demonted was successful. > > > See below the output of join command. > > [root at genos ~]# samba-tool domain join smb DC -U"SMB\administrator" > --dns-backend=BIND9_DLZ --option='idmap_ldb:use rfc2307 = yes' > INFO 2019-10-11 17:48:28,951 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #103: Finding > a writeable DC for domain 'smb' > INFO 2019-10-11 17:48:28,972 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #105: Found DC > samba4.smb > Password for [SMB\administrator]: > INFO 2019-10-11 17:48:35,306 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1519: > workgroup is SMB > INFO 2019-10-11 17:48:35,307 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1522: realm > is smb > Adding CN=GENOS,OU=Domain Controllers,DC=SMB > Adding > CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB > Adding CN=NTDS > Settings,CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB > Adding SPNs to CN=GENOS,OU=Domain Controllers,DC=SMB > Setting account password for GENOS$ > Enabling account > Adding DNS account CN=dns-GENOS,CN=Users,DC=SMB with dns/ SPN > Setting account password for dns-GENOS > Calling bare provision > INFO 2019-10-11 17:48:37,247 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2079: Looking up IPv4 addresses > INFO 2019-10-11 17:48:37,248 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2096: Looking up IPv6 addresses > WARNING 2019-10-11 17:48:37,249 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2103: No IPv6 address will be assigned > INFO 2019-10-11 17:48:38,134 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2269: Setting up share.ldb > INFO 2019-10-11 17:48:38,164 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2273: Setting up secrets.ldb > INFO 2019-10-11 17:48:38,194 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2279: Setting up the registry > INFO 2019-10-11 17:48:38,287 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2282: Setting up the privileges database > INFO 2019-10-11 17:48:38,333 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2285: Setting up idmap db > INFO 2019-10-11 17:48:38,362 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2292: Setting up SAM db > INFO 2019-10-11 17:48:38,369 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #882: Setting up sam.ldb partitions and settings > INFO 2019-10-11 17:48:38,370 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #894: Setting up sam.ldb rootDSE > INFO 2019-10-11 17:48:38,375 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #1297: Pre-loading the Samba 4 and AD schema > Unable to determine the DomainSID, can not enforce uniqueness constraint on > local domainSIDs > > INFO 2019-10-11 17:48:38,415 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2342: A Kerberos configuration suitable for Samba AD has been generated at > /usr/local/samba/private/krb5.conf > INFO 2019-10-11 17:48:38,416 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py > #2343: Merge the contents of this file with your system krb5.conf or > replace it with this one. Do not create a symlink! > Provision OK for domain DN DC=SMB > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[402/1550] > linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[804/1550] > linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[1206/1550] > linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=SMB] objects[1550/1550] > linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=SMB] objects[402/1643] linked_values[0/0] > Partition[CN=Configuration,DC=SMB] objects[804/1643] linked_values[0/0] > Partition[CN=Configuration,DC=SMB] objects[1206/1643] linked_values[0/0] > Partition[CN=Configuration,DC=SMB] objects[1608/1643] linked_values[0/0] > Partition[CN=Configuration,DC=SMB] objects[1643/1643] linked_values[56/0] > Failed to commit objects: DOS code 0x000021bf > Missing target object - retrying with DRS_GET_TGT > Partition[CN=Configuration,DC=SMB] objects[2045/1643] linked_values[56/0] > Partition[CN=Configuration,DC=SMB] objects[2447/1643] linked_values[56/0] > Partition[CN=Configuration,DC=SMB] objects[2849/1643] linked_values[56/0] > Partition[CN=Configuration,DC=SMB] objects[3251/1643] linked_values[56/0] > Partition[CN=Configuration,DC=SMB] objects[3286/1643] linked_values[112/0] > Replicating critical objects from the base DN of the domain > Partition[DC=SMB] objects[99/99] linked_values[42/0] > Partition[DC=SMB] objects[402/564] linked_values[0/0] > ../../lib/ldb/ldb_key_value/ldb_kv_index.c:2413: duplicate attribute value > in CN=SAULO-THINK,CN=Computers,DC=SMB for index on servicePrincipalName, > duplicate of objectGUID 449c0f09-c392-498b-9ad1-fce0c288d610 in > @INDEX:SERVICEPRINCIPALNAME:TERMSRV/SAULO-THINK.SMB > Partition[DC=SMB] objects[564/564] linked_values[155/0] > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=SMB > Partition[DC=DomainDnsZones,DC=SMB] objects[402/858] linked_values[0/0] > Partition[DC=DomainDnsZones,DC=SMB] objects[804/858] linked_values[0/0] > Partition[DC=DomainDnsZones,DC=SMB] objects[858/858] linked_values[0/0] > Replicating DC=ForestDnsZones,DC=SMB > Partition[DC=ForestDnsZones,DC=SMB] objects[76/76] linked_values[0/0] > Exop on[CN=RID Manager$,CN=System,DC=SMB] objects[3] linked_values[0] > Committing SAM database > INFO 2019-10-11 17:49:04,633 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1097: Adding > 1 remote DNS records for GENOS.smb > INFO 2019-10-11 17:49:04,753 pid:29652 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1160: Adding > DNS A record GENOS.smb for IPv4 IP: 10.41.17.130 > Join failed - cleaning up > Deleted CN=RID Set,CN=GENOS,OU=Domain Controllers,DC=SMB > Deleted CN=GENOS,OU=Domain Controllers,DC=SMB > Deleted CN=dns-GENOS,CN=Users,DC=SMB > Deleted CN=NTDS > Settings,CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB > Deleted > CN=GENOS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SMB > ERROR(runtime): uncaught exception - (9714, > 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", > line 185, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py", > line 699, in run > backend_store=backend_store) > File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line > 1535, in join_DC > ctx.do_join() > File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line > 1436, in do_join > ctx.join_add_dns_records() > File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line > 1178, in join_add_dns_records > dns_partition=domaindns_zone_dn) > File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", > line 1069, in dns_lookup > dns_partition=dns_partition) > > -- > Igor SousaYou can ignore anything after 'Join failed - cleaning up', anything after this is an artefact of the failure. Was this domain originally a Windows domain ? Rowland
Igor Sousa
2019-Oct-12 14:22 UTC
[Samba] Failed when join to an existing Active Directory Domain
Hi Rowland, My domain is a Samba Domain originally. I don't have any Windows DC and I've never had a Windows DC in this domain, only Windows members. My master DC is too old samba version and I've put a new DC with samba 4.10.2 and I've tried to update a secondary DC that had had offline. Then I have demonted it and compile a Samba 4.10.2 and I've tried to join it with the same name and IP address as I've said before. Igor Sousa
Possibly Parallel Threads
- Failed when join to an existing Active Directory Domain
- Joining Windows 2008 Domain as DC fails 4.10 (and 4.11rc3)
- Joining Windows 2008 Domain as DC fails 4.10 (and 4.11rc3)
- Failed when join to an existing Active Directory Domain
- Users appears as SID instead of their own name.