thr3ads.net - samba - [Samba] I can't join to an existing domain (yet) [Feb 2015]

If this information is useful, please help other people find it:
Share via:

Denis Morejon Lopez

2015-Feb-13 13:22 UTC

[Samba] I can't join to an existing domain (yet)

People:

I have not solved my problem. I have only one DC with Zentyal 3.4 and I 
want to change it by samba 4.1.16. That's why if I can't join the samba 
to the existing domain I would not do anything else.

The samba server error is this:
(Command from samba)
samba-tool domain join dtcf.etecsa.cu DC -U administrator 
--realm=DTCF.ETECSA.CU --dns-backend=BIND9_DLZ

(Response)
No objectClass found in replPropertyMetaData for 
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu!

Failed to apply records: replmd_replicated_apply_add: error during DRS 
repl ADD: No objectClass found in replPropertyMetaData for 
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu!
: Object class violation
Failed to commit objects: WERR_GENERAL_FAILURE
Join failed - cleaning up

I can see this entry in the Zentyal server
(Command from Zentyal)
  ldbsearch -H /var/lib/samba/private/sam.ldb 
'(CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5)'

(Response)
# record 1
dn: 
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
cn:: 
UEMwMDAxNzEwNDMzNgpDTkY6NTc5ODQyNWEtZGIzMC00ZjM5LTk4ZWQtNmU4YWExNWMzNGI1
instanceType: 4
whenChanged: 20140811142141.0Z
uSNCreated: 3996
uSNChanged: 3996
name:: 
UEMwMDAxNzEwNDMzNgpDTkY6NTc5ODQyNWEtZGIzMC00ZjM5LTk4ZWQtNmU4YWExNWMzNGI
  1
objectGUID: 5798425a-db30-4f39-98ed-6e8aa15c34b5
distinguishedName: 
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5
  ,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu

But I can't delete it
(Command from Zentyal)
ldbdel -H /var/lib/samba/private/sam.ldb 
'CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu'

(Response)
delete of 
'CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu'
failed - (No such object) objectclass: Cannot delete 
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu,
entry does not exist!

So, I tried all ldbdel options looking for one that forces the deletion. 
And I found "--relax"
(Command from Zentyal)
  ldbdel --relax -H /var/lib/samba/private/sam.ldb 
'CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu'

(Response)
==============================================================INTERNAL ERROR:
Signal 11 in pid 26667 (4.1.5-Zentyal)
Please read the Trouble-Shooting section of the Samba HOWTO
==============================================================PANIC: internal
error
Aborted (core dumped)

I repeated the operation stopping samba daemon but the I got the same 
response.

Event, I could delete other entries with the pattern  '(CN=*CNF:*)' as 
Rowland taught me. But only 10 are not erasable like the one I write here.

Is it imposible to delete these bad entries ??




-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: not available
URL:
<http://lists.samba.org/pipermail/samba/attachments/20150213/e6a9c040/attachment.ksh>

Rowland Penny

2015-Feb-13 13:46 UTC

head link

[Samba] I can't join to an existing domain (yet)

On 13/02/15 13:22, Denis Morejon Lopez wrote:>
> People:
>
> I have not solved my problem. I have only one DC with Zentyal 3.4 and 
> I want to change it by samba 4.1.16. That's why if I can't join the
> samba to the existing domain I would not do anything else.
>
> The samba server error is this:
> (Command from samba)
> samba-tool domain join dtcf.etecsa.cu DC -U administrator 
> --realm=DTCF.ETECSA.CU --dns-backend=BIND9_DLZ
>
> (Response)
> No objectClass found in replPropertyMetaData for 
>
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu!
>
> Failed to apply records: replmd_replicated_apply_add: error during DRS 
> repl ADD: No objectClass found in replPropertyMetaData for 
>
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu!
> : Object class violation
> Failed to commit objects: WERR_GENERAL_FAILURE
> Join failed - cleaning up
>
> I can see this entry in the Zentyal server
> (Command from Zentyal)
>  ldbsearch -H /var/lib/samba/private/sam.ldb 
> '(CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5)'
>
> (Response)
> # record 1
> dn: 
>
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
> cn:: 
> UEMwMDAxNzEwNDMzNgpDTkY6NTc5ODQyNWEtZGIzMC00ZjM5LTk4ZWQtNmU4YWExNWMzNGI1
> instanceType: 4
> whenChanged: 20140811142141.0Z
> uSNCreated: 3996
> uSNChanged: 3996
> name:: 
> UEMwMDAxNzEwNDMzNgpDTkY6NTc5ODQyNWEtZGIzMC00ZjM5LTk4ZWQtNmU4YWExNWMzNGI
>  1
> objectGUID: 5798425a-db30-4f39-98ed-6e8aa15c34b5
> distinguishedName: 
> CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5
>  ,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>
> But I can't delete it
> (Command from Zentyal)
> ldbdel -H /var/lib/samba/private/sam.ldb 
>
'CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu'
>
> (Response)
> delete of 
>
'CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu'
> failed - (No such object) objectclass: Cannot delete 
>
CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu,
> entry does not exist!
>
> So, I tried all ldbdel options looking for one that forces the 
> deletion. And I found "--relax"
> (Command from Zentyal)
>  ldbdel --relax -H /var/lib/samba/private/sam.ldb 
>
'CN=PC00017104336\0ACNF:5798425a-db30-4f39-98ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu'
>
> (Response)
> ==============================================================> INTERNAL
ERROR: Signal 11 in pid 26667 (4.1.5-Zentyal)
> Please read the Trouble-Shooting section of the Samba HOWTO
> ==============================================================> PANIC:
internal error
> Aborted (core dumped)
>
> I repeated the operation stopping samba daemon but the I got the same 
> response.
>
> Event, I could delete other entries with the pattern '(CN=*CNF:*)'
as
> Rowland taught me. But only 10 are not erasable like the one I write 
> here.
>
> Is it imposible to delete these bad entries ??
>
Have a look here: http://support.microsoft.com/kb/297083

Not sure if this will help, but it sounds plausible.

Rowland

Rowland Penny

2015-Feb-13 16:06 UTC

head link

[Samba] I can't join to an existing domain (yet)

On 13/02/15 15:29, Denis Morejon Lopez wrote:>
> I tried first all these with linux ldbmodify using that ldif with the 
> dn::  (code 64)
> but an error like the last you will see here occurred.
>
> Then, I tried with Windows ldifde.
>
> # The Windows OS is in spanish. That's why I will comment the must 
> important lines for you (Since my point of view).
>
> C:\Users\denis.morejon.DTCF.002\rename.ldif
> # Rename a RDN using base64 encode
> dn:: 
>
Q049UEMwMDAxNzEwNDMzNlwwQUNORjo1Nzk4NDI1YS1kYjMwLTRmMzktOThlZC02ZThhYTE1YzM0YjUsQ049UEMwMDkzNzUsQ049Q29tcHV0ZXJzLERDPWR0Y2YsREM9ZXRlY3NhLERDPWN1Cg=>
changetype:modrdn
> newrdn: cn=trash1
> deleteoldrdn: 1
>
> # Note: The encode is ok because if I change some characters in the 
> encoded string, It doesn't show me CN=PC00... in the response.
>
> C:\Users\denis.morejon.DTCF.002>ldifde -i -f rename.ldif -s zentyal1
> Conect?ndose a "zentyal1"
> Iniciando sesi?n como usuario actual usando SSPI
> Importando directorio desde el archivo "rename.ldif"
> La compatibilidad con compromiso relajado no est? disponible en el 
> servidor; (*Support for relaxed commitment is not available on the 
> server)
> el compromiso relajado se deshabilitar?. (relaxed commitment will be 
> disabled)
> Cargando entradas.
> Agregar error en la entrada que empieza en la l?nea 2: otros
> El error del lado del servidor es: 0x2095 Error del servicio de 
> directorios.
> El error extendido del servidor es:
> 00002095: objectclass: Cannot rename 
> CN=PC00017104336\0ACNF:5798425a-db30-4f39-9
> 8ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
> , parent does not exist!
> 0 entradas modificadas correctamente.
> Error en el programa
> No se escribieron archivos de registro. Para generar un archivo de 
> registro,
> utilice la opci?n -j para especificar su ruta de acceso.
>
Hmm:

El error extendido del servidor es:
00002095: objectclass: Cannot rename 
CN=PC00017104336\0ACNF:5798425a-db30-4f39-9
8ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
, parent does not exist!

does 'CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu' exist ??

As you have access to windows you could try 'repadmin'

Rowland

Rowland Penny

2015-Feb-13 20:39 UTC

head link

[Samba] I can't join to an existing domain (yet)

On 13/02/15 19:31, Denis Morejon Lopez wrote:> Yes, it exists and it's a real pc:
>
> (Command)
> ldbsearch -H /var/lib/samba/private/sam.ldb '(CN=PC009375)'
>
> (Response)
> # record 1
> dn: CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> objectClass: computer
> cn: PC009375
> instanceType: 4
> whenCreated: 20150211134757.0Z
> uSNCreated: 40651
> name: PC009375
> objectGUID: 210eef29-986f-4bdc-a0ae-5833f1948018
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> lastLogon: 0
> objectSid: S-1-5-21-1294415360-3796152602-1730644256-3166
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: PC009375$
> objectCategory: 
> CN=Computer,CN=Schema,CN=Configuration,DC=dtcf,DC=etecsa,DC=cu
> sAMAccountType: 805306369
> isCriticalSystemObject: FALSE
> primaryGroupID: 515
> pwdLastSet: 130681360770000000
> displayName: PC009375$
> userAccountControl: 4096
> dNSHostName: pc009375.dtcf.etecsa.cu
> servicePrincipalName: HOST/pc009375.dtcf.etecsa.cu
> servicePrincipalName: HOST/PC009375
> operatingSystem: Windows XP Professional
> operatingSystemServicePack: Service Pack 3
> operatingSystemVersion: 5.1 (2600)
> whenChanged: 20150211134801.0Z
> uSNChanged: 40656
> distinguishedName: CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>
> I will try using repadmin.
>
>
>
> On 02/13/2015 11:06 AM, Rowland Penny wrote:
>>
>> On 13/02/15 15:29, Denis Morejon Lopez wrote:
>>>
>>> I tried first all these with linux ldbmodify using that ldif with 
>>> the dn::  (code 64)
>>> but an error like the last you will see here occurred.
>>>
>>> Then, I tried with Windows ldifde.
>>>
>>> # The Windows OS is in spanish. That's why I will comment the
must
>>> important lines for you (Since my point of view).
>>>
>>> C:\Users\denis.morejon.DTCF.002\rename.ldif
>>> # Rename a RDN using base64 encode
>>> dn:: 
>>>
Q049UEMwMDAxNzEwNDMzNlwwQUNORjo1Nzk4NDI1YS1kYjMwLTRmMzktOThlZC02ZThhYTE1YzM0YjUsQ049UEMwMDkzNzUsQ049Q29tcHV0ZXJzLERDPWR0Y2YsREM9ZXRlY3NhLERDPWN1Cg=>>>
changetype:modrdn
>>> newrdn: cn=trash1
>>> deleteoldrdn: 1
>>>
>>> # Note: The encode is ok because if I change some characters in the
>>> encoded string, It doesn't show me CN=PC00... in the response.
>>>
>>> C:\Users\denis.morejon.DTCF.002>ldifde -i -f rename.ldif -s
zentyal1
>>> Conect?ndose a "zentyal1"
>>> Iniciando sesi?n como usuario actual usando SSPI
>>> Importando directorio desde el archivo "rename.ldif"
>>> La compatibilidad con compromiso relajado no est? disponible en el 
>>> servidor; (*Support for relaxed commitment is not available on the 
>>> server)
>>> el compromiso relajado se deshabilitar?. (relaxed commitment will
be
>>> disabled)
>>> Cargando entradas.
>>> Agregar error en la entrada que empieza en la l?nea 2: otros
>>> El error del lado del servidor es: 0x2095 Error del servicio de 
>>> directorios.
>>> El error extendido del servidor es:
>>> 00002095: objectclass: Cannot rename 
>>> CN=PC00017104336\0ACNF:5798425a-db30-4f39-9
>>> 8ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>>> , parent does not exist!
>>> 0 entradas modificadas correctamente.
>>> Error en el programa
>>> No se escribieron archivos de registro. Para generar un archivo de 
>>> registro,
>>> utilice la opci?n -j para especificar su ruta de acceso.
>>>
>>
>> Hmm:
>>
>> El error extendido del servidor es:
>> 00002095: objectclass: Cannot rename 
>> CN=PC00017104336\0ACNF:5798425a-db30-4f39-9
>> 8ed-6e8aa15c34b5,CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu
>> , parent does not exist!
>>
>> does 'CN=PC009375,CN=Computers,DC=dtcf,DC=etecsa,DC=cu' exist
??
>>
>> As you have access to windows you could try 'repadmin'
>>
>> Rowland
>>
>>
>>
>> ---
>> This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE
running at host imx2.etecsa.cu
>> Visit our
web-site:<http://www.kaspersky.com>,<http://www.viruslist.com>
>
>
>
> ---
> This message was processed by Kaspersky Mail Gateway 5.6.28/RELEASE running
at host imx3.etecsa.cu
> Visit our web-site: <http://www.kaspersky.com>,
<http://www.viruslist.com>
Then what is: CN=PC00017104336 ??

Rowland

Maybe Matching Threads

Search for more maybe matching threads

samba - Feb 2015 - I can't join to an existing domain (yet)

[Samba] I can't join to an existing domain (yet)

[Samba] I can't join to an existing domain (yet)

[Samba] I can't join to an existing domain (yet)

[Samba] I can't join to an existing domain (yet)

Maybe Matching Threads