Dominic Evans
2014-Jul-03 12:27 UTC
[Samba] Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses
Attempting to connect a second DC to an existing domain:
~# samba-tool domain join mydomain.com DC -UMYDOMAIN/administrator
Finding a writeable DC for domain 'mydomain.com'
Found DC dc1.mydomain.com
Password for [MYDOMAIN\administrator]:
workgroup is MYDOMAIN
realm is mydomain.com
checking sAMAccountName
Adding CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 65 LDAP_OBJECT_CLASS_VIOLATION
- <00002014: objectclass_attrs: attribute
'msDS-SupportedEncryptionTypes'
on entry 'CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com' does not
exist
in the specified objectclasses!> <>
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
552,
in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in
do_join
ctx.join_add_objects()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in
join_add_objects
ctx.samdb.add(rec)
It appears that there is some problem in the data held in LDAP for the
domain. However, the domain is working fine and it is not obvious how I
could attempt to fix this? samba-tool dbcheck doesn't appear to find any
problems...any thoughts?
Cheers,
Dom
L.P.H. van Belle
2014-Jul-03 12:48 UTC
[Samba] Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses
Did you define your realm in CAPS since i see.. >realm is mydomain.com and not realm is MYDOMAIN.COM please check this. Louis>-----Oorspronkelijk bericht----- >Van: oldmanuk at gmail.com [mailto:samba-bounces at lists.samba.org] >Namens Dominic Evans >Verzonden: donderdag 3 juli 2014 14:28 >Aan: samba at lists.samba.org >Onderwerp: [Samba] Join domain - attribute >'msDS-SupportedEncryptionTypes' does not exist in the >specified objectclasses > >Attempting to connect a second DC to an existing domain: > >~# samba-tool domain join mydomain.com DC -UMYDOMAIN/administrator >Finding a writeable DC for domain 'mydomain.com' >Found DC dc1.mydomain.com >Password for [MYDOMAIN\administrator]: >workgroup is MYDOMAIN >realm is mydomain.com >checking sAMAccountName >Adding CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com >Join failed - cleaning up >checking sAMAccountName >ERROR(ldb): uncaught exception - LDAP error 65 >LDAP_OBJECT_CLASS_VIOLATION >- <00002014: objectclass_attrs: attribute >'msDS-SupportedEncryptionTypes' >on entry 'CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com' >does not exist >in the specified objectclasses!> <> > File >"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line >175, in _run > return self.run(*args, **kwargs) > File >"/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552, >in run > machinepass=machinepass, use_ntvfs=use_ntvfs, >dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in >join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in >do_join > ctx.join_add_objects() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in >join_add_objects > ctx.samdb.add(rec) > >It appears that there is some problem in the data held in LDAP for the >domain. However, the domain is working fine and it is not obvious how I >could attempt to fix this? samba-tool dbcheck doesn't appear >to find any >problems...any thoughts? > >Cheers, >Dom >-- >To unsubscribe from this list go to the following URL and read the >instructions: https://lists.samba.org/mailman/options/samba > >
Andrew Bartlett
2014-Jul-04 11:00 UTC
[Samba] Join domain - attribute 'msDS-SupportedEncryptionTypes' does not exist in the specified objectclasses
On Thu, 2014-07-03 at 13:27 +0100, Dominic Evans wrote:> Attempting to connect a second DC to an existing domain: > > ~# samba-tool domain join mydomain.com DC -UMYDOMAIN/administrator > Finding a writeable DC for domain 'mydomain.com' > Found DC dc1.mydomain.com > Password for [MYDOMAIN\administrator]: > workgroup is MYDOMAIN > realm is mydomain.com > checking sAMAccountName > Adding CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com > Join failed - cleaning up > checking sAMAccountName > ERROR(ldb): uncaught exception - LDAP error 65 LDAP_OBJECT_CLASS_VIOLATION > - <00002014: objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes' > on entry 'CN=DC2,OU=Domain Controllers,DC=mydomain,DC=com' does not exist > in the specified objectclasses!> <> > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 552, > in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in > join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in > do_join > ctx.join_add_objects() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in > join_add_objects > ctx.samdb.add(rec) > > It appears that there is some problem in the data held in LDAP for the > domain. However, the domain is working fine and it is not obvious how I > could attempt to fix this? samba-tool dbcheck doesn't appear to find any > problems...any thoughts?What version of Windows or Samba does the existing server use, and what version are you joining to, and what function level is the current domain? This looks like a schema issue. You may wish to join with a lower functional level. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba