thr3ads.net - samba - [Samba] Can't join new samba dc to existing dc [Aug 2024]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2024-Aug-16 07:55 UTC

[Samba] Can't join new samba dc to existing dc

On Fri, 16 Aug 2024 14:02:42 +0700
fransnicho via samba <samba at lists.samba.org> wrote:
> 
> DC6 is my new samba DC that can't join to exsiting AD DC (DC4).
> DC3 is the old DC that no longer exist.
> I can't find any reference or anything contains to DC6 in my AD but
> I able to find a reference about DC3 (my old AD) that no longer exist
> in my AD. Should I remove the old DC3 references ?
> 
> /var/log/samba/log.samba
> [2024/08/16 09:40:31.399346,  0]
>
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> does not exist in the specified objectclasses! [2024/08/16
> 09:40:31.399744,  0]
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
> WERR_DS_INTERNAL_FAILURE [2024/08/16 10:05:14.013306,  0]
>
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> does not exist in the specified objectclasses! [2024/08/16
> 10:05:14.013861,  0]
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
> WERR_DS_INTERNAL_FAILURE [2024/08/16 10:23:24.851791,  1]
> ../../source4/kdc/db-glue.c:3476(samba_kdc_check_s4u2proxy_rbcd)
> 
> regarding attribute 'hasMasterNCs', how to add it ?
> 
> Best Regards,
> Nicho.
> 
> 
You never actually said what your new DC was called (though I should have been
able to work it out) and your join error message is this:

Failed add of CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
- objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
does not exist in the specified objectclasses!

What that appears to be saying is:

When it tried to add 'CN=NTDS
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
with the 'hasMasterNCs' attribute, that attribute wasn't valid
because it didn't have the required objectclass, which is a bit of a
mystery.

If I check one of my DCs using:
ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b
'CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'

I get this (cropped) output:

dn: CN=NTDS
Settings,CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
objectClass: top
objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
...............
hasMasterNCs: CN=Configuration,DC=samdom,DC=example,DC=com
hasMasterNCs: DC=samdom,DC=example,DC=com
hasMasterNCs: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
............................

if you check the schema, you will find that the objectclass nTDSDSA may contain
'hasMasterNCs'.
On the face of it, it appears, for some reason, that DN is being created without
the nTDSDSA objectclass, but with the hasMasterNCs attribute, this isn't
being allowed, so the join fails.

What OS are you using ?

Where have you got the Samba packages from ?

Have you installed all the Samba packages ?

When the domain was first provisioned, was it as a Samba AD domain, or
was it originally a Microsoft one and if it was a Microsoft one,which
version.

Rowland

fransnicho

2024-Aug-16 16:50 UTC

head link

[Samba] Can't join new samba dc to existing dc

Pada Jum, 16 Agu 2024 pukul 14.56 Rowland Penny via samba <
samba at lists.samba.org> menulis:
> On Fri, 16 Aug 2024 14:02:42 +0700
> fransnicho via samba <samba at lists.samba.org> wrote:
>
> >
> > DC6 is my new samba DC that can't join to exsiting AD DC (DC4).
> > DC3 is the old DC that no longer exist.
> > I can't find any reference or anything contains to DC6 in my AD
but
> > I able to find a reference about DC3 (my old AD) that no longer exist
> > in my AD. Should I remove the old DC3 references ?
> >
> > /var/log/samba/log.samba
> > [2024/08/16 09:40:31.399346,  0]
> >
>
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> > ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> > CN=NTDS
> >
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> > - objectclass_attrs: attribute 'hasMasterNCs' on entry
'CN=NTDS
> >
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> > does not exist in the specified objectclasses! [2024/08/16
> > 09:40:31.399744,  0]
> >
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> > ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
> > WERR_DS_INTERNAL_FAILURE [2024/08/16 10:05:14.013306,  0]
> >
>
../../source4/dsdb/repl/replicated_objects.c:1244(dsdb_origin_objects_commit)
> > ../../source4/dsdb/repl/replicated_objects.c:1244: Failed add of
> > CN=NTDS
> >
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> > - objectclass_attrs: attribute 'hasMasterNCs' on entry
'CN=NTDS
> >
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> > does not exist in the specified objectclasses! [2024/08/16
> > 10:05:14.013861,  0]
> >
> ../../source4/rpc_server/drsuapi/addentry.c:209(dcesrv_drsuapi_DsAddEntry)
> > ../../source4/rpc_server/drsuapi/addentry.c:209: DsAddEntry failed -
> > WERR_DS_INTERNAL_FAILURE [2024/08/16 10:23:24.851791,  1]
> > ../../source4/kdc/db-glue.c:3476(samba_kdc_check_s4u2proxy_rbcd)
> >
> > regarding attribute 'hasMasterNCs', how to add it ?
> >
> > Best Regards,
> > Nicho.
> >
> >
>
> You never actually said what your new DC was called (though I should have
> been able to work it out) and your join error message is this:
>
> Failed add of CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
> - objectclass_attrs: attribute 'hasMasterNCs' on entry 'CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
> does not exist in the specified objectclasses!
>
> What that appears to be saying is:
>
> When it tried to add 'CN=NTDS
>
Settings,CN=DC6,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com',
> with the 'hasMasterNCs' attribute, that attribute wasn't valid
because it
> didn't have the required objectclass, which is a bit of a mystery.
>
> If I check one of my DCs using:
> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P -b
>
'CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com'
>
> I get this (cropped) output:
>
> dn: CN=NTDS
>
Settings,CN=RPIDC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> objectClass: top
> objectClass: applicationSettings
> objectClass: nTDSDSA
> cn: NTDS Settings
> ...............
> hasMasterNCs: CN=Configuration,DC=samdom,DC=example,DC=com
> hasMasterNCs: DC=samdom,DC=example,DC=com
> hasMasterNCs: CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
> ............................
>
> if you check the schema, you will find that the objectclass nTDSDSA may
> contain 'hasMasterNCs'.
> On the face of it, it appears, for some reason, that DN is being created
> without the nTDSDSA objectclass, but with the hasMasterNCs attribute, this
> isn't being allowed, so the join fails.
>
> What OS are you using ?
>
> Where have you got the Samba packages from ?
>
> Have you installed all the Samba packages ?
>
> When the domain was first provisioned, was it as a Samba AD domain, or
> was it originally a Microsoft one and if it was a Microsoft one,which
> version.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
Hi Rowland,
Thanks for your response ?

it at dc4:~$ sudo  ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -P
-b
'CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com'
# record 1
dn: CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
objectClass: top
objectClass: applicationSettings
objectClass: nTDSDSA
cn: NTDS Settings
instanceType: 4
whenCreated: 20220305075453.0Z
uSNCreated: 1691
dMDLocation: CN=Schema,CN=Configuration,DC=nicho,DC=com
invocationId: dcc0e472-7296-4ec1-9a75-5d35fc4b2de6
showInAdvancedViewOnly: TRUE
name: NTDS Settings
objectGUID: 831af773-d0ef-49eb-9415-1840b61c889e
options: 1
systemFlags: 33554432
objectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,DC=nicho,DC=com
msDS-Behavior-Version: 4
hasMasterNCs: CN=Configuration,DC=nicho,DC=com
hasMasterNCs: DC=nicho,DC=com
hasMasterNCs: CN=Schema,CN=Configuration,DC=nicho,DC=com
whenChanged: 20220305075458.0Z
msDS-HasDomainNCs: DC=nicho,DC=com
msDS-hasMasterNCs: CN=Configuration,DC=nicho,DC=com
msDS-hasMasterNCs: DC=DomainDnsZones,DC=nicho,DC=com
msDS-hasMasterNCs: DC=nicho,DC=com
msDS-hasMasterNCs: CN=Schema,CN=Configuration,DC=nicho,DC=com
msDS-hasMasterNCs: DC=ForestDnsZones,DC=nicho,DC=com
uSNChanged: 2764
distinguishedName: CN=NTDS
Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Na
 me,CN=Sites,CN=Configuration,DC=nicho,DC=com

# record 2
dn:
CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=nicho,DC=com
objectClass: top
objectClass: server
cn: DC4
instanceType: 4
whenCreated: 20220305075453.0Z
uSNCreated: 1690
showInAdvancedViewOnly: TRUE
name: DC4
objectGUID: 56719993-5d53-4c55-94d2-df82b3937fbe
systemFlags: 1375731712
dNSHostName: dc4.nicho.com
objectCategory: CN=Server,CN=Schema,CN=Configuration,DC=nicho,DC=com
serverReference: CN=DC4,OU=Domain Controllers,DC=nicho,DC=com
whenChanged: 20220305075458.0Z
uSNChanged: 2774
distinguishedName:
CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Co
 nfiguration,DC=nicho,DC=com

# returned 2 records
# 2 entries
# 0 referrals

Please find my answers below :

What OS are you using ?
Ubuntu 20.04.5 LTS

Where have you got the Samba packages from ?
Originally was samba package for ubuntu 20.04 then i upgrade to samba
4.19.5

Have you installed all the Samba packages ?
Yes

When the domain was first provisioned, was it as a Samba AD domain, or
was it originally a Microsoft one and if it was a Microsoft one,which
version.
The domain was first provisioned originally Windows 2003 R2.

Is something wrong with my schema ?

Best Regards,
Nicho.

samba - Aug 2024 - Can't join new samba dc to existing dc

[Samba] Can't join new samba dc to existing dc

[Samba] Can't join new samba dc to existing dc