thr3ads.net - samba - [Samba] Problem trying join Samba 4.18 to Windows AD [Aug 2023]

If this information is useful, please help other people find it:
Share via:

Miguel Angel Coa M.

2023-Aug-27 14:21 UTC

[Samba] Problem trying join Samba 4.18 to Windows AD

Hi,
I have Rocky Linux 8 with Samba 4.18.6 compiled, and trying join to Windows
Server AD 2012 DC (2008 R2 function level).

1. sambadc05.domain.cl is the Samba 4.18.
2. windowsdc01.domain.cl is the Windows Ad.

[..............................]
PS C:\Windows\system32> Get-ADForest | Fl Name, ForestMode
Name       : domain.cl
ForestMode : Windows2008R2Forest
[..............................]

But i've the next error after a few minutes and sync process:

[..............................]
Replicated 139 objects (0 linked attributes) for DC=mydomain,DC=cl
Partition[DC=mydomain,DC=cl] objects[81336/127121]
linked_values[20217/22649]
Remote server advised us of a new partition
DC=DomainDnsZones,DC=mydomain,DC=cl while processing DC=mydomain,DC=cl,
ignoring
dsdb_replicated_objects_convert: Ignoring object outside partition
e34d97b5-37ca-4b1e-bc7f-b1ae18613198 DC=DomainDnsZones,DC=mydomain,DC=cl:
WERR_DS_ADD_REPLICA_INHIBITED:
.....
.....
.....Could not find machine account in secrets database: Failed to fetch
machine account password for MYDOMAIN from both secrets.ldb (Could not find
entry to match filter:
'(&(flatname=MYDOMAIN)(objectclass=primaryDomain))'
base: 'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:5435) and from
/usr/local/samba/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFODeleted CN=RID Set,CN=SAMBADC05,OU=Domain
Controllers,DC=domain,DC=cl
Deleted CN=SAMBADC05,OU=Domain Controllers,DC=domain,DC=cl
Deleted CN=NTDS
Settings,CN=SAMBADC05,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=cl
Deleted
CN=SAMBADC05,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=cl
ERROR(ldb): uncaught exception - end_trans error on DC=domain,DC=cl: An
operation failed during a batch mode transaction, the transaction was
rolled back
  File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 230, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py",
line 740, in run:
[..............................]

For join used the next command:

[..............................]
samba-tool domain join mydomain.cl DC -U "mydomain\administrator"
--realmMYDOMAIN.CL -W MYDOMAIN --server=windowsdc01.mydomain.cl
--password=secret
--dns-backend=BIND9_DLZ -d3
[..............................]

I read another similar threads but not found
https://lists.samba.org/archive/samba/2018-November/219590.html

Saludos.
---
Miguel Coa M.

Andrew Bartlett

2023-Aug-27 20:39 UTC

head link

[Samba] Problem trying join Samba 4.18 to Windows AD

On Sun, 2023-08-27 at 10:21 -0400, Miguel Angel Coa M. via samba
wrote:> Hi,
> I have Rocky Linux 8 with Samba 4.18.6 compiled, and trying join to
> Windows
> Server AD 2012 DC (2008 R2 function level).
> 
> 1. sambadc05.domain.cl is the Samba 4.18.
> 2. windowsdc01.domain.cl is the Windows Ad.
> 
> [..............................]
> PS C:\Windows\system32> Get-ADForest | Fl Name, ForestMode
> Name       : domain.cl
> ForestMode : Windows2008R2Forest
> [..............................]
> 
> But i've the next error after a few minutes and sync process:
> 
> [..............................]
> Replicated 139 objects (0 linked attributes) for DC=mydomain,DC=cl
> Partition[DC=mydomain,DC=cl] objects[81336/127121]
> linked_values[20217/22649]
> Remote server advised us of a new partition
> DC=DomainDnsZones,DC=mydomain,DC=cl while processing
> DC=mydomain,DC=cl,
> ignoring
> dsdb_replicated_objects_convert: Ignoring object outside partition
> e34d97b5-37ca-4b1e-bc7f-b1ae18613198
> DC=DomainDnsZones,DC=mydomain,DC=cl:
> WERR_DS_ADD_REPLICA_INHIBITED:
This looks to me like your windows domain has a sub-partition.  I
thought we had good support for this now, but I've also seen others
asking about adding it and the thread you linked indicates the same
issue.

https://gitlab.com/samba-team/samba/-/merge_requests/3150 is a draft
Merge Request that deals with some of this area.  Given what you are
seeing, I suspect there is still work to do.  Sadly I don't think this
domain can be migrated to Samba at this time.

Sorry,

Andrew Bartlett


-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

samba - Aug 2023 - Problem trying join Samba 4.18 to Windows AD

[Samba] Problem trying join Samba 4.18 to Windows AD

[Samba] Problem trying join Samba 4.18 to Windows AD