Rick Hollinbeck
2020-Feb-07 17:57 UTC
[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head> <title></title> <meta http-equiv="content-type" content="text/html;charset=utf-8"/> <meta http-equiv="Content-Style-Type" content="text/css"/> </head> <body> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">I'm trying to get a Samba 4.11.6 member DC up and running with two Windows 2008 AD servers</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Using samba-tool to join, replication proceeds successfully but I'm getting an error about the machine account missing when it goes to add the A record for the new samba DC.</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Here's a part of the -d4 log from the samba-tool join:</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">....</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">INFO 2020-02-07 17:38:33,160 pid:2801 /usr/lib/python3/dist-packages/samba/join.py #1179: Adding DNS A record SAMBA1.office.example.com for IPv4 IP: 192                                                   .168.0.13</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">ldb_wrap open of secrets.ldb</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Could not find machine account in secrets database: Failed to fetch machine account password for OFFICE from both secrets.ldb (Could not find entry to match filter: '(&(flatname=OFFICE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">...</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">I'm wondering if my smb.conf file is set up correctly for joining and using BIND9_DLZ:</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">Here's my smb.conf file:</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">--------</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"># Global parameters</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">[global]</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        log level = 4</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        netbios name = SAMBA1</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        realm = OFFICE.EXAMPLE.COM</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        server role = active directory domain controller</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        workgroup = OFFICE</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">[sysvol]</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        path = /var/lib/samba/sysvol</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        read only = No</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">[netlogon]</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        path = /var/lib/samba/sysvol/office.example.com/scripts</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">        read only = No</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">-------</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt">What could be causing this error?</span></font></div> <div align="left"><font face="Arial" size="2"><span style=" font-size:10pt"><br /> </span></font></div> <div align="left"> </div> </body> </html>
Rowland penny
2020-Feb-07 18:47 UTC
[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'
On 07/02/2020 17:57, Rick Hollinbeck via samba wrote:> I'm trying to get a Samba 4.11.6 member DC up and running with two Windows 2008 AD servers > > > Using samba-tool to join, replication proceeds successfully but I'm getting an error about the machine account missing when it goes to add the A record for the new samba DC. > > > Here's a part of the -d4 log from the samba-tool join: > > > .... > > > INFO 2020-02-07 17:38:33,160 pid:2801 /usr/lib/python3/dist-packages/samba/join.py #1179: Adding DNS A record SAMBA1.office.example.com for IPv4 IP: 192 .168.0.13 > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to fetch machine account password for OFFICE from both secrets.ldb (Could not find entry to match filter: > '(&(flatname=OFFICE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > ... >Where these 2008 DCs upgraded from an earlier version ? (2000, 2003) Also, can we see more of the join output, what you posted is usually the fallout from a failed join and is usually meaningless, I think there will be a line similar to 'join failed', we need to see what is above this.> > > I'm wondering if my smb.conf file is set up correctly for joining and using BIND9_DLZ:Did you create this smb.conf manually ? If so, remove it and try again, you shouldn't have a smb.conf before the join. Rowland