Hi, i have setted up a DC ESC.LAN, if i try to do "samba-tool domain join MUNICH.ESC.LAN SUBDOMAIN -Uadministrator" i get the following error, how can i build up a AD Subdomain (Domain Tree) [root at MUC-PDC ~]# samba-tool domain join MUNICH.ESC.LAN SUBDOMAIN -Uadministrator Administrator password will be set randomly! Finding a writeable DC for domain 'ESC.LAN' Found DC esc-pdc.esc.lan Password for [ESC\administrator]: Reconnecting to naming master 6f13c3e5-b440-4696-8e07-359f4a3955bf._msdcs.esc.lan DNS name of new naming master is esc-pdc.esc.lan Deleted CN=NTDS Settings,CN=MUC-PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=esc,DC=lan Deleted CN=MUC-PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=esc,DC=lan ERROR(runtime): uncaught exception - (-1073741790, 'Access denied') File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 671, in run adminpass=adminpass) File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1332, in join_subdomain ctx.do_join() File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1147, in do_join ctx.cleanup_old_join() File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 264, in cleanup_old_join objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED) -- Mit freundlichen Grüßen / Best regards Simon König Am Isenknie 9 84435, Lengdorf +49 (0) 178 / 1892055 Simon at Noname-Gamers.de <mailto:Pimmal at E-Sport.Club> <youtube.com/channel/UC1TxJLtFCfmwHmWg1VbhUgw>Diese Email und jeglicher Anhang sind vertraulich und ausschließlich für den/die bezeichneten Adressaten bestimmt. Diese Mitteilung kann rechtlich geschützte, firmeninterne oder anderweitige vertrauliche Informationen enthalten, deren Weitergabe ohne unsere Zustimmung strengstens untersagt ist. Sofern Sie nicht der beabsichtigte Adressat sind oder diese Email irrtümlich erhalten haben, sind Sie nicht autorisiert, diese Mitteilung bekanntzumachen, zu kopieren, weiterzugeben oder aufzubewahren. Bitte informieren Sie uns in diesem Fall unverzüglich und vernichten diese Email.
On Wed, 2016-11-02 at 00:27 +0100, Simon 'Pimmal' König via samba wrote:> Hi, > > i have setted up a DC ESC.LAN, if i try to do "samba-tool domain > join > MUNICH.ESC.LAN SUBDOMAIN -Uadministrator" i get the following error, > how > can i build up a AD Subdomain (Domain Tree) > > [root at MUC-PDC ~]# samba-tool domain join MUNICH.ESC.LAN SUBDOMAIN > -Uadministrator > Administrator password will be set randomly! > Finding a writeable DC for domain 'ESC.LAN' > Found DC esc-pdc.esc.lan > Password for [ESC\administrator]: > Reconnecting to naming master > 6f13c3e5-b440-4696-8e07-359f4a3955bf._msdcs.esc.lan > DNS name of new naming master is esc-pdc.esc.lan > Deleted CN=NTDS > Settings,CN=MUC-PDC,CN=Servers,CN=Default-First-Site- > Name,CN=Sites,CN=Configuration,DC=esc,DC=lan > Deleted > CN=MUC-PDC,CN=Servers,CN=Default-First-Site- > Name,CN=Sites,CN=Configuration,DC=esc,DC=lan > ERROR(runtime): uncaught exception - (-1073741790, 'Access denied') > File > "/usr/local/samba/lib64/python2.7/site- > packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python2.7/site- > packages/samba/netcmd/domain.py", > line 671, in run > adminpass=adminpass) > File "/usr/local/samba/lib64/python2.7/site- > packages/samba/join.py", > line 1332, in join_subdomain > ctx.do_join() > File "/usr/local/samba/lib64/python2.7/site- > packages/samba/join.py", > line 1147, in do_join > ctx.cleanup_old_join() > File "/usr/local/samba/lib64/python2.7/site- > packages/samba/join.py", > line 264, in cleanup_old_join > objectAttr, security.SEC_FLAG_MAXIMUM_ALLOWED)I'm sorry, but currently subdomain support is only partially implemented. That is why we don't talk about it much, but the partial parts are in the codebase. Sadly this need substantially more work to progress further. Sorry, Andrew Bartlett -- Andrew Bartlett samba.org/~abartlet Authentication Developer, Samba Team samba.org Samba Developer, Catalyst IT catalyst.net.nz/services/samba