basti
2016-Aug-25 10:03 UTC
[Samba] Join an additional Samba DC to an existing Active Directory
Hello,
I try to add a BDC to my AD using this Howto
https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#Preparing_the_host_for_the_domain_join
host -t A pdc.kes.local
pdc.kes.local has address 192.168.122.2
ldapsearch -h pdc.kes.local -b'dc=kes,dc=local' -x
# extended LDIF
#
# LDAPv3
# base <dc=kes,dc=local> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# kes.local
dn: dc=kes,dc=local
objectClass: top
objectClass: dcObject
objectClass: organization
o: kes.local
dc: kes
...
but when I try
samba-tool domain join kes.local DC -Uadministrator --realm=KES.local
--dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'kes.local'
Found DC pdc.kes.local
Failed to bind - LDAP client internal error: NT code 0x80090302
Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap':
(null)
ERROR(ldb): uncaught exception - None
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
657, in run
dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in
join_RODC
machinepass, use_ntvfs, dns_backend, promote_existing)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 85, in
__init__
credentials=ctx.creds, lp=ctx.lp)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in
__init__
options=options)
File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115,
in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in
connect
options=options)
root at rtr:/home/user# man samba-tool
On my pdc I use BIND aus DNS backend.
Thanks for any support.
Best Regards
Rowland Penny
2016-Aug-25 10:24 UTC
[Samba] Join an additional Samba DC to an existing Active Directory
On Thu, 25 Aug 2016 12:03:30 +0200 basti via samba <samba at lists.samba.org> wrote:> Hello, > I try to add a BDC to my AD using this Howto > https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#Preparing_the_host_for_the_domain_join > > host -t A pdc.kes.local > pdc.kes.local has address 192.168.122.2 > > ldapsearch -h pdc.kes.local -b'dc=kes,dc=local' -x > # extended LDIF > # > # LDAPv3 > # base <dc=kes,dc=local> with scope subtree > # filter: (objectclass=*) > # requesting: ALL > # > > # kes.local > dn: dc=kes,dc=local > objectClass: top > objectClass: dcObject > objectClass: organization > o: kes.local > dc: kes > > ... > > but when I try > > samba-tool domain join kes.local DC -Uadministrator --realm=KES.local > --dns-backend=SAMBA_INTERNAL > Finding a writeable DC for domain 'kes.local' > Found DC pdc.kes.local > Failed to bind - LDAP client internal error: NT code 0x80090302 > Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap': > (null) ERROR(ldb): uncaught exception - None > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 657, in run > dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in > join_RODC > machinepass, use_ntvfs, dns_backend, promote_existing) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 85, in > __init__ > credentials=ctx.creds, lp=ctx.lp) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in > __init__ > options=options) > File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, > in __init__ > self.connect(url, flags, options) > File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in > connect > options=options) > root at rtr:/home/user# man samba-tool > > On my pdc I use BIND aus DNS backend. > > Thanks for any support. > Best Regards >Bit obvious really, use bind on the second DC as well. You should also note that you DO NOT HAVE A PDC, you have a DC, your second DC will not be a BDC, it will just be another DC. Please do not use the terms 'PDC' & 'BDC' when referring to AD DCs, those terms are only used when referring to NT4-style domain controllers. Rowland
basti
2016-Aug-25 10:46 UTC
[Samba] Join an additional Samba DC to an existing Active Directory
On 25.08.2016 12:24, Rowland Penny via samba wrote:> On Thu, 25 Aug 2016 12:03:30 +0200 > basti via samba <samba at lists.samba.org> wrote: > >> Hello, >> I try to add a BDC to my AD using this Howto >> https://wiki.samba.org/index.php/Join_an_additional_Samba_DC_to_an_existing_Active_Directory#Preparing_the_host_for_the_domain_join >> >> host -t A pdc.kes.local >> pdc.kes.local has address 192.168.122.2 >> >> ldapsearch -h pdc.kes.local -b'dc=kes,dc=local' -x >> # extended LDIF >> # >> # LDAPv3 >> # base <dc=kes,dc=local> with scope subtree >> # filter: (objectclass=*) >> # requesting: ALL >> # >> >> # kes.local >> dn: dc=kes,dc=local >> objectClass: top >> objectClass: dcObject >> objectClass: organization >> o: kes.local >> dc: kes >> >> ... >> >> but when I try >> >> samba-tool domain join kes.local DC -Uadministrator --realm=KES.local >> --dns-backend=SAMBA_INTERNAL >> Finding a writeable DC for domain 'kes.local' >> Found DC pdc.kes.local >> Failed to bind - LDAP client internal error: NT code 0x80090302 >> Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap': >> (null) ERROR(ldb): uncaught exception - None >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", >> line 175, in _run >> return self.run(*args, **kwargs) >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line >> 657, in run >> dns_backend=dns_backend) >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in >> join_RODC >> machinepass, use_ntvfs, dns_backend, promote_existing) >> File "/usr/lib/python2.7/dist-packages/samba/join.py", line 85, in >> __init__ >> credentials=ctx.creds, lp=ctx.lp) >> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in >> __init__ >> options=options) >> File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, >> in __init__ >> self.connect(url, flags, options) >> File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in >> connect >> options=options) >> root at rtr:/home/user# man samba-tool >> >> On my pdc I use BIND aus DNS backend. >> >> Thanks for any support. >> Best Regards >> > > Bit obvious really, use bind on the second DC as well. You should also > note that you DO NOT HAVE A PDC, you have a DC, your second DC will not > be a BDC, it will just be another DC. Please do not use the terms 'PDC' > & 'BDC' when referring to AD DCs, those terms are only used when > referring to NT4-style domain controllers. > > Rowland >This does not fix ther error. samba is still unable to connect to ldap. Found DC pdc.kes.local Failed to bind - LDAP client internal error: NT code 0x80090302 Failed to connect to 'ldap://pdc.kes.local' with backend 'ldap': (null)