Owen DeLong
2023-May-08 23:34 UTC
[Samba] Need help setting up Samba DC in Windows environment
I'm having difficulty constructing my first samba DC in a currently windows-only environment. When I run: samba-tool domain join <domain> DC -U ?<workgroup>\owen.delong" I get the authentication prompt, enter my password, then: INFO 2023-05-08 15:28:07,002 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1488: workgroup is <workgroup> INFO 2023-05-08 15:28:07,004 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1491: realm is <domain> Adding CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2> Adding CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> Got krbtgt_name=krbtgt_14279 Renaming CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> to CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2> Adding CN=SJC-BR-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> Join failed - cleaning up Deleted CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2> Deleted CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> <0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2>'> <>I'm completely out of my depth when it comes to Active Directory. I'm a long-time linux/unix/juniper/cisco guy. The intent is for this to be a local DC at a stub site (branch office). This is on a dietpi system (arm64, nanopi r6s). Linux sjc-br-01 5.10.110 #1 SMP Tue Mar 14 21:59:07 CST 2023 aarch64 GNU/Linux Samba 4.13.13-Debian (.deb package install) Any assistance, pointers, references greatly appreciated. Thanks, Owen
Rowland Penny
2023-May-09 07:24 UTC
[Samba] Need help setting up Samba DC in Windows environment
On 09/05/2023 00:34, Owen DeLong via samba wrote:> I'm having difficulty constructing my first samba DC in a currently windows-only environment. > When I run: > samba-tool domain join <domain> DC -U ?<workgroup>\owen.delong" > I get the authentication prompt, enter my password, then: > INFO 2023-05-08 15:28:07,002 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1488: workgroup is <workgroup> > INFO 2023-05-08 15:28:07,004 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1491: realm is <domain> > Adding CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2> > Adding CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> > Got krbtgt_name=krbtgt_14279 > Renaming CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> to CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2> > Adding CN=SJC-BR-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> > Join failed - cleaning up > Deleted CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2> > Deleted CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2> > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> <0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of: > 'CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2>' >> <> > I'm completely out of my depth when it comes to Active Directory. I'm a long-time linux/unix/juniper/cisco guy. > The intent is for this to be a local DC at a stub site (branch office). > This is on a dietpi system (arm64, nanopi r6s). > Linux sjc-br-01 5.10.110 #1 SMP Tue Mar 14 21:59:07 CST 2023 aarch64 GNU/Linux > Samba 4.13.13-Debian > (.deb package install) > > > > Any assistance, pointers, references greatly appreciated. > > Thanks, > > Owen >Several things here, first is, I know it works on arm64, because I run my DC's on arm64. Next, you are going to have to use Administrator to join the DC, a normal user doesn't work. Why is 'krbtgt' called 'krbtgt_14279' and then why is it being renamed to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever happen before. I have never used dietpi, but believe it is based on Debian, if this is the case, you will be better off using Samba from backports. I think you need to tell us just what you did (in broad terms for now) before you ran the samba-tool join command. Rowland