thr3ads.net - samba - [Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain [Feb 2022]

If this information is useful, please help other people find it:
Share via:

L. van Belle

2022-Feb-14 10:17 UTC

[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain

The important part of thie message. 

Could not find machine account in secrets database: Failed to fetch machine
account password for KK from both 
secrets.ldb (Could not find entry to match filter:
'(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No
such object: dsdb_search at ../../source4/dsdb/common/util.c:4774) and from 

This is the hint : cn=Primary Domains

Was this from origin a 2003 server? 

Read this carefully. 
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting 
* also https://bugzilla.samba.org/show_bug.cgi?id=13298 

I did look for a solution here, i know there is one but i cant find it. 
Sooo.. Lets hope Rowland his memory is better then mine today. ;-) 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Arndt Kritzner via samba
> Verzonden: zondag 13 februari 2022 20:39
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Exception and error 
> (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an 
> existing W2012R2 domain
> 
> When trying to join an existing 2012R2 ADS (object Version 
> 69) this results in an error and subsequential rollback of 
> the join:
> ERROR(runtime): uncaught exception - (9003, 
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>    File 
> "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py", 
> line 186, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py", 
> line 700, in run
>      join_DC(logger=logger, server=server, creds=creds, 
> lp=lp, domain=domain,
>    File "/usr/lib/python3.10/site-packages/samba/join.py", 
> line 1543, in join_DC
>      ctx.do_join()
>    File "/usr/lib/python3.10/site-packages/samba/join.py", 
> line 1440, in do_join
>      ctx.join_add_dns_records()
>    File "/usr/lib/python3.10/site-packages/samba/join.py", 
> line 1181, in join_add_dns_records
>      = ctx.samdb.dns_lookup("%s.%s" % (name, zone),
>    File "/usr/lib/python3.10/site-packages/samba/samdb.py", 
> line 1357, in dns_lookup
>      return dsdb_dns.lookup(self, dns_name,
> 
> Samba version is 4.15.5 (Arch Linux). The ADS-domain is of 
> software version 69 (W2012R2) on an W2k8 base system. I was 
> installing and initializing samba after this tutorial:
> 	
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis
> ting_Active_Directory
> DNS and Kerberos might work. The existing DC/DNS reports in 
> the Moment of the exception an event 6702 (see below). With 
> in the end the same result these join commands were attempted:
> 	samba-tool domain join kk.lokal DC 
> --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
> 	samba-tool domain join kk.lokal DC -U"KK\Administrator" 
> --dns-backend=SAMBA_INTERNAL --verbose -d3
> 
> Any ideas how to resolve or further investigate this? For 
> details see below.
> 
> Kind regards
> Arndt
> 
> 
> details:
> =============================================================>
=======================================> event 6702 (windows DNS side)
description: german info:
> "DNS-Server hat die eigenen Host-Eintr?ge (A) aktualisiert. Um 
> sicherzustellen, dass die verzeichnisdienstintegrierten 
> Peer-DNS-Server mit diesem Server replizieren k?nnen, wurde 
> versucht, diese mit dem neuen Eintrag mittels dynamischer 
> Aktualisierung zu aktualisieren. Dabei ist ein Fehler 
> aufgetreten. Die Daten enthalten den Fehlercode."
> => means:"DNS server has updated it's own host entries (A). 
> ... was tried to also update peer DNSes. This resulted in an 
> error. ..."
> 
> [root at dc1-samba ~]# klist
> Ticketzwischenspeicher: FILE:/tmp/krb5cc_0
> Standard-Principal: Administrator at KK.LOCAL
> 
> Valid starting       Expires              Service principal
> 13.02.2022 16:26:07  14.02.2022 02:26:07  krbtgt/KK.LOCAL at KK.LOCAL
>          erneuern bis 14.02.2022 16:26:01
> 13.02.2022 16:33:20  14.02.2022 02:26:07  
> ldap/ADS-2008.kk.local at KK.LOCAL
> 13.02.2022 16:33:20  14.02.2022 02:26:07  
> ldap/ADS-2008.KK.LOCAL at KK.LOCAL
> 13.02.2022 16:33:28  14.02.2022 02:26:07  
> host/ADS-2008.KK.LOCAL at KK.LOCAL
> 
> 
> [root at dc1-samba ~]# smbd -b | egrep 
> "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
>     LOCKDIR: /var/cache/samba
>     STATEDIR: /var/lib/samba
>     CACHEDIR: /var/cache/samba
>     PRIVATE_DIR: /var/lib/samba/private
> [root at dc1-samba ~]# find /var/cache/samba -name "*db" -exec rm
{} \;
> [root at dc1-samba ~]# find /var/lib/samba -name "*db" -exec rm
{} \;
> [root at dc1-samba ~]# rm /etc/samba/smb.conf
> 
> 
> [root at dc1-samba ~]# samba-tool domain join kk.local DC 
> --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'http_negotiate' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> INFO 2022-02-13 17:36:05,040 pid:2096 
> /usr/lib/python3.10/site-packages/samba/join.py #105: Finding 
> a writeable DC for 
> domain 'kk.local'
> resolve_lmhosts: Attempting lmhosts lookup for name 
> _ldap._tcp.kk.local<0x0>
> INFO 2022-02-13 17:36:05,045 pid:2096 
> /usr/lib/python3.10/site-packages/samba/join.py #107: Found 
> DC ADS-2008.kk.local
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> INFO 2022-02-13 17:36:05,080 pid:2096 
> /usr/lib/python3.10/site-packages/samba/join.py #1527: workgroup is KK
> INFO 2022-02-13 17:36:05,080 pid:2096 
> /usr/lib/python3.10/site-packages/samba/join.py #1530: realm 
> is kk.local
> Adding CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Adding 
> CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,C
> N=Sites,CN=Configuration,DC=kk,DC=local
> Adding CN=NTDS 
> Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-St
andorts,CN=Sites,CN=Configuration,DC=kk,DC=local> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> Adding SPNs to CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Setting account password for DC1-SAMBA$
> Enabling account
> Calling bare provision
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> INFO 2022-02-13 17:36:05,362 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2105: Looking up 
> IPv4 addresses
> INFO 2022-02-13 17:36:05,362 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2122: Looking up 
> IPv6 addresses
> WARNING 2022-02-13 17:36:05,362 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2129: No IPv6 
> address will be assigned
> INFO 2022-02-13 17:36:05,556 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2271: Setting up 
> share.ldb
> INFO 2022-02-13 17:36:05,570 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2275: Setting up 
> secrets.ldb
> INFO 2022-02-13 17:36:05,578 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2280: Setting up 
> the registry
> ldb_wrap open of hklm.ldb
> Key 'key=SOFTWARE,hive=NONE' not found
> key added: key=SOFTWARE,hive=NONE
> Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=CurrentVersion,key=Windows 
> NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
> key added: key=CurrentVersion,key=Windows 
> NT,key=Microsoft,key=SOFTWARE,hive=NONE
> Key 'key=SYSTEM,hive=NONE' not found
> key added: key=SYSTEM,hive=NONE
> Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
> key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not
found
> key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYST
> EM,hive=NONE' not found
> key added: 
> key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTE
> M,hive=NONE
> Key 
> 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=N
> ONE' not found
> key added: 
> key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Terminal 
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
>  not found
> key added: key=Terminal 
> Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' 
> not found
> key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hi
> ve=NONE' not found
> key added: 
> key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSe
> t,key=SYSTEM,hive=NONE' not found
> key added: 
> key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet
> ,key=SYSTEM,hive=NONE
> Key 
> 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hiv
> e=NONE' not found
> key added: 
> key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
> Key 
> 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet
> ,key=SYSTEM,hive=NONE' not found
> key added: 
> key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,
> key=SYSTEM,hive=NONE
> INFO 2022-02-13 17:36:05,605 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2283: Setting up 
> the privileges database
> INFO 2022-02-13 17:36:05,618 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2286: Setting up 
> idmap db
> INFO 2022-02-13 17:36:05,628 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2293: Setting up SAM db
> INFO 2022-02-13 17:36:05,631 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #880: Setting up 
> sam.ldb partitions and settings
> INFO 2022-02-13 17:36:05,631 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #892: Setting up 
> sam.ldb rootDSE
> INFO 2022-02-13 17:36:05,634 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #1305: Pre-loading 
> the Samba 4 and AD schema
> partition_metadata: Migrating partition metadata: open of 
> metadata.tdb gave: No such Base DN: @INDEXLIST
> Unable to determine the DomainSID, can not enforce uniqueness 
> constraint on local domainSIDs
> 
> INFO 2022-02-13 17:36:05,649 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2345: A Kerberos 
> configuration suitable for Samba AD has been generated at 
> /var/lib/samba/private/krb5.conf
> INFO 2022-02-13 17:36:05,649 pid:2096 
> /usr/lib/python3.10/site-packages/samba/provision/__init__.py 
> #2347: Merge the 
> contents of this file with your system krb5.conf or replace 
> it with this one. Do not create a symlink!
> Provision OK for domain DN DC=kk,DC=local
> Starting replication
> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] 
> objects[402/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] 
> objects[804/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] 
> objects[1206/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] 
> objects[1608/2277] linked_values[0/0]
> Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] 
> objects[1743/2277] linked_values[0/0]
> Analyze and apply schema objects
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor 
> on CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor 
> on CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor 
> on CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectClass on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to dSASignature on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 37215069-30ae-460f-a9aa-90172f984318
> Discarding older DRS attribute update to objectVersion on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> showInAdvancedViewOnly on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor 
> on CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to schemaInfo on 
> CN=Schema,CN=Configuration,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Replicated 1743 objects (0 linked attributes) for 
> CN=Schema,CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[402/3491] 
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[804/3491] 
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1206/3491] 
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1608/3491] 
> linked_values[0/12]
> Replicated 402 objects (0 linked attributes) for 
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1896/3491] 
> linked_values[0/12]
> dsdb_replicated_objects_convert: Ignoring object outside 
> partition 28cc91bc-56cb-4e6e-b855-c4d9fb1de9e1 
> CN=Schema,CN=Configuration,DC=kk,DC=local: 
> WERR_DS_ADD_REPLICA_INHIBITED
> Replicated 287 objects (0 linked attributes) for 
> CN=Configuration,DC=kk,DC=local
> Partition[CN=Configuration,DC=kk,DC=local] objects[1949/3491] 
> linked_values[12/12]
> Replicated 53 objects (12 linked attributes) for 
> CN=Configuration,DC=kk,DC=local
> Replicating critical objects from the base DN of the domain
> Partition[DC=kk,DC=local] objects[99/148] linked_values[0/16]
> Replicated 99 objects (0 linked attributes) for DC=kk,DC=local
> Partition[DC=kk,DC=local] objects[402/5344] linked_values[0/16]
> Replicated 402 objects (0 linked attributes) for DC=kk,DC=local
> Partition[DC=kk,DC=local] objects[661/5344] linked_values[16/16]
> dsdb_replicated_objects_convert: Ignoring object outside 
> partition 0072135d-84d3-4a6b-8161-558fae7f612f 
> CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside 
> partition 1c3e80cd-a49b-496e-91e3-9163f182345a 
> DC=DomainDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
> dsdb_replicated_objects_convert: Ignoring object outside 
> partition 87ce9ad5-1c53-4529-87ba-da71ba908779 
> DC=ForestDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
> Replicated 256 objects (16 linked attributes) for DC=kk,DC=local
> Partition[DC=kk,DC=local] objects[741/5344] linked_values[16/16]
> Replicated 80 objects (0 linked attributes) for DC=kk,DC=local
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=kk,DC=local
> Partition[DC=DomainDnsZones,DC=kk,DC=local] objects[21/21] 
> linked_values[0/0]
> Replicated 21 objects (0 linked attributes) for 
> DC=DomainDnsZones,DC=kk,DC=local
> Replicating DC=ForestDnsZones,DC=kk,DC=local
> Partition[DC=ForestDnsZones,DC=kk,DC=local] objects[5/5] 
> linked_values[0/0]
> Replicated 5 objects (0 linked attributes) for 
> DC=ForestDnsZones,DC=kk,DC=local
> Exop on[CN=RID Manager$,CN=System,DC=kk,DC=local] objects[3] 
> linked_values[0]
> Discarding older DRS attribute update to objectClass on 
> CN=RID Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to whenCreated on 
> CN=RID Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to 
> showInAdvancedViewOnly on CN=RID 
> Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to nTSecurityDescriptor 
> on CN=RID Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to name on CN=RID 
> Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to fSMORoleOwner on 
> CN=RID Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to systemFlags on 
> CN=RID Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectCategory on 
> CN=RID Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to 
> isCriticalSystemObject on CN=RID 
> Manager$,CN=System,DC=kk,DC=local from 
> 3b98d086-0b63-4b2f-81e7-a8855827b4f5
> Discarding older DRS attribute update to objectClass on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to whenCreated on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to displayName on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to nTSecurityDescriptor 
> on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to name on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to userAccountControl 
> on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to codePage on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to countryCode on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to dBCSPwd on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to localPolicyFlags on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to logonHours on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to unicodePwd on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to ntPwdHistory on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to pwdLastSet on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to primaryGroupID on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> supplementalCredentials on CN=DC1-SAMBA,OU=Domain 
> Controllers,DC=kk,DC=local 
> from 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectSid on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to accountExpires on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to lmPwdHistory on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to sAMAccountName on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to sAMAccountType on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to dNSHostName on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to servicePrincipalName 
> on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to objectCategory on 
> CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from 
> 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> isCriticalSystemObject on CN=DC1-SAMBA,OU=Domain 
> Controllers,DC=kk,DC=local 
> from 5382ee1d-7748-45f1-80ff-318179cceab7
> Discarding older DRS attribute update to 
> msDS-SupportedEncryptionTypes on CN=DC1-SAMBA,OU=Domain 
> Controllers,DC=kk,DC=local from 5382ee1d-7748-45f1-80ff-318179cceab7
> Replicated 3 objects (0 linked attributes) for DC=kk,DC=local
> Committing SAM database
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> Badly formatted SDDL ' 
> (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
> replmd_prepare_commit: Processing linked attributes
> Repacking database from v1 to v2 format (first record 
> CN=Scope-Flags,CN=Schema,CN=Configuration,DC=kk,DC=local)
> Repack: re-packed 10000 records so far
> Repacking database from v1 to v2 format (first record 
> CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,CN=Configu
> ration,DC=kk,DC=local)
> Repacking database from v1 to v2 format (first record 
> DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=Dom
> ainDnsZones,DC=kk,DC=local)
> Repacking database from v1 to v2 format (first record CN=NTDS 
> Quotas,DC=ForestDnsZones,DC=kk,DC=local)
> Repacking database from v1 to v2 format (first record 
> CN=E74E40BE7F8F42468F72B5888FDE5E96300AE2B119D511DEAF315254001
> 23457,CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=kk,DC=local)
> INFO 2022-02-13 17:36:12,173 pid:2096 
> /usr/lib/python3.10/site-packages/samba/join.py #1100: Adding 
> 1 remote DNS records 
> for DC1-SAMBA.kk.local
> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,sign]
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name 
> ADS-2008.kk.local<0x20>
> INFO 2022-02-13 17:36:12,205 pid:2096 
> /usr/lib/python3.10/site-packages/samba/join.py #1163: Adding 
> DNS A record 
> DC1-SAMBA.kk.local for IPv4 IP: 192.168.1.3
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to 
> fetch machine account password for KK from both 
> secrets.ldb (Could not find entry to match filter: 
> '(&(flatname=KK)(objectclass=primaryDomain))' base:
'cn=Primary
> Domains': No such object: dsdb_search at 
> ../../source4/dsdb/common/util.c:4774) and from 
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=RID Set,CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Deleted CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
> Deleted CN=NTDS 
> Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-St
andorts,CN=Sites,CN=Configuration,DC=kk,DC=local> Deleted 
> CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,C
> N=Sites,CN=Configuration,DC=kk,DC=local
> ERROR(runtime): uncaught exception - (9003, 
> 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
>    File 
> "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py", 
> line 186, in _run
>      return self.run(*args, **kwargs)
>    File 
> "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py", 
> line 700, in run
>      join_DC(logger=logger, server=server, creds=creds, 
> lp=lp, domain=domain,
>    File "/usr/lib/python3.10/site-packages/samba/join.py", 
> line 1543, in join_DC
>      ctx.do_join()
>    File "/usr/lib/python3.10/site-packages/samba/join.py", 
> line 1440, in do_join
>      ctx.join_add_dns_records()
>    File "/usr/lib/python3.10/site-packages/samba/join.py", 
> line 1181, in join_add_dns_records
>      = ctx.samdb.dns_lookup("%s.%s" % (name, zone),
>    File "/usr/lib/python3.10/site-packages/samba/samdb.py", 
> line 1357, in dns_lookup
>      return dsdb_dns.lookup(self, dns_name,
> 
> 
> [root at dc1-samba ~]# cat /var/lib/samba/private/krb5.conf
> [libdefaults]
>          default_realm = KK.LOCAL
>          dns_lookup_realm = false
>          dns_lookup_kdc = true
> 
> [realms]
> KK.LOCAL = {
>          default_domain = kk.local
> }
> 
> [domain_realm]
>          DC1-SAMBA = KK.LOCAL
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

Rowland Penny

2022-Feb-14 10:37 UTC

head link

[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain

On Mon, 2022-02-14 at 11:17 +0100, L. van Belle via samba
wrote:> The important part of thie message. 
Sorry, but no it isn't :-)
> 
> Could not find machine account in secrets database: Failed to fetch
> machine
> account password for KK from both 
> secrets.ldb (Could not find entry to match filter:
> '(&(flatname=KK)(objectclass=primaryDomain))' base:
'cn=Primary
> Domains': No
> such object: dsdb_search at ../../source4/dsdb/common/util.c:4774)
> and from 
> 
> This is the hint : cn=Primary Domains
No, the hint was:

Join failed - cleaning up

Anything after that can be ignored, it is an artefact of the join
failing.
> 
> Was this from origin a 2003 server? 
That could be the problem, the join is failing because it cannot add an
'A' record, perhaps there isn't anywhere to put it.
> 
> Read this carefully. 
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting 
> * also https://bugzilla.samba.org/show_bug.cgi?id=13298 
> 
> I did look for a solution here, i know there is one but i cant find
> it. 
> Sooo.. Lets hope Rowland his memory is better then mine today. ;-) 
Err, who are you ??? :-D

Rowland

L.P.H. van Belle

2022-Feb-14 10:51 UTC

head link

[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: maandag 14 februari 2022 11:37
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Exception and error 
> (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an 
> existing W2012R2 domain
> 
> On Mon, 2022-02-14 at 11:17 +0100, L. van Belle via samba wrote:
> > The important part of thie message. 
> 
> Sorry, but no it isn't :-)
:-( uh.. not.. The wasnt the fail due to that the zone isnt there? 
> 
> > 
> > Could not find machine account in secrets database: Failed to fetch
> > machine
> > account password for KK from both 
> > secrets.ldb (Could not find entry to match filter:
> > '(&(flatname=KK)(objectclass=primaryDomain))' base:
'cn=Primary
> > Domains': No
> > such object: dsdb_search at ../../source4/dsdb/common/util.c:4774)
> > and from 
> > 
> > This is the hint : cn=Primary Domains
> 
> No, the hint was:
> 
> Join failed - cleaning up
> 
> Anything after that can be ignored, it is an artefact of the join
> failing.
But wasnt this a problem in dns zones something due and upgrade from 2003 to
2008R2.
Something like that.. I know we had microsoft links on howto change that but
ahh..
Cant recall/find them. 
> 
> > 
> > Was this from origin a 2003 server? 
> 
> That could be the problem, the join is failing because it 
> cannot add an
> 'A' record, perhaps there isn't anywhere to put it.
> 
> > 
> > Read this carefully. 
> > https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting 
> > * also https://bugzilla.samba.org/show_bug.cgi?id=13298 
> > 
> > I did look for a solution here, i know there is one but i cant find
> > it. 
> > Sooo.. Lets hope Rowland his memory is better then mine today. ;-) 
> 
> Err, who are you ??? :-D
:-p 
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

samba - Feb 2022 - Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain

[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain

[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain

[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain