Hi,
I have followed this guide on the wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
in
order to join samba to an existing Active Directory.
I'm using CentOS 7, using Samba 4.6 and compiled from source.
So the thing is that I'm stuck on step
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
Basically when I try to join Samba to the AD I get this error
[root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
"EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'EXAMPLE.COM'
Found DC dc-01.example.com
Password for [EXAMPLE\Administrator]:
workgroup is EXAMPLE
realm is example.com
Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Sites,CN=Configuration,DC=example,DC=com'> <>
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
line
1269, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
line
1175, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py",
line
606, in join_add_objects
ctx.samdb.add(rec)
This is my currrent Kerberos conf
[root at samba-dc-02 ]# cat /etc/krb5.conf
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
default_realm = EXAMPLE.COM
And the Kerberos ticket is opened successfully.
[root at samba-dc-02 ]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at EXAMPLE.COM
Valid starting Expires Service principal
04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM
renew until 04/07/2017 20:42:18
The Samba server itelsf resolves to the AD ip
[root at samba-dc-02 ]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.3.251.19
Anybody have an idea what could be happening? Thanks in advance.
--
Erick.
Hi Erick, We were unable recently to join a 4.6.1 machine to the domain as a domain member server. Going back to 4.5.7 solved it immediately. In our case it turned out to be a bug that will supposedly be fixed in samba 4.6.3. Perhaps this same bug is what's biting you... Try the latest 4.5.x MJ On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:> Hi, > > I have followed this guide on the wiki > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory, > in > order to join samba to an existing Active Directory. > I'm using CentOS 7, using Samba 4.6 and compiled from source. > > So the thing is that I'm stuck on step > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller > > Basically when I try to join Samba to the AD I get this error > > [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U > "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL > Finding a writeable DC for domain 'EXAMPLE.COM' > Found DC dc-01.example.com > Password for [EXAMPLE\Administrator]: > workgroup is EXAMPLE > realm is example.com > Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com > Adding > CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com > Join failed - cleaning up > Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - > CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr: > DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: > 'CN=Sites,CN=Configuration,DC=example,DC=com' >> <> > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", > line 661, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line > 1269, in join_DC > ctx.do_join() > File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line > 1175, in do_join > ctx.join_add_objects() > File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line > 606, in join_add_objects > ctx.samdb.add(rec) > > > This is my currrent Kerberos conf > > [root at samba-dc-02 ]# cat /etc/krb5.conf > [libdefaults] > dns_lookup_realm = false > dns_lookup_kdc = true > default_realm = EXAMPLE.COM > > > And the Kerberos ticket is opened successfully. > > [root at samba-dc-02 ]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: Administrator at EXAMPLE.COM > > Valid starting Expires Service principal > 04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM > renew until 04/07/2017 20:42:18 > > The Samba server itelsf resolves to the AD ip > > [root at samba-dc-02 ]# cat /etc/resolv.conf > # Generated by NetworkManager > search example.com > nameserver 10.3.251.19 > > > Anybody have an idea what could be happening? Thanks in advance. > > >
Hi, I tried with the latest stable 4.5.x, but with no success. Do you think you could share your smb.conf ? and also how you built from source? I suspect there's something missing in the KRB5 for Samba (due to KDC error messages). Thanks in advance! On 7 April 2017 at 02:26, mj via samba <samba at lists.samba.org> wrote:> Hi Erick, > > We were unable recently to join a 4.6.1 machine to the domain as a domain > member server. Going back to 4.5.7 solved it immediately. > > In our case it turned out to be a bug that will supposedly be fixed in > samba 4.6.3. Perhaps this same bug is what's biting you... > > Try the latest 4.5.x > > MJ > > > On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote: > >> Hi, >> >> I have followed this guide on the wiki >> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex >> isting_Active_Directory, >> in >> order to join samba to an existing Active Directory. >> I'm using CentOS 7, using Samba 4.6 and compiled from source. >> >> So the thing is that I'm stuck on step >> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex >> isting_Active_Directory#Joining_the_Active_Directory_as_a_ >> Domain_Controller >> >> Basically when I try to join Samba to the AD I get this error >> >> [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U >> "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL >> Finding a writeable DC for domain 'EXAMPLE.COM' >> Found DC dc-01.example.com >> Password for [EXAMPLE\Administrator]: >> workgroup is EXAMPLE >> realm is example.com >> Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com >> Adding >> CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Site >> s,CN=Configuration,DC=example,DC=com >> Join failed - cleaning up >> Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com >> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - >> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr: >> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: >> 'CN=Sites,CN=Configuration,DC=example,DC=com' >> >>> <> >>> >> File >> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd >> /__init__.py", >> line 176, in _run >> return self.run(*args, **kwargs) >> File >> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", >> line 661, in run >> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) >> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", >> line >> 1269, in join_DC >> ctx.do_join() >> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", >> line >> 1175, in do_join >> ctx.join_add_objects() >> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", >> line >> 606, in join_add_objects >> ctx.samdb.add(rec) >> >> >> This is my currrent Kerberos conf >> >> [root at samba-dc-02 ]# cat /etc/krb5.conf >> [libdefaults] >> dns_lookup_realm = false >> dns_lookup_kdc = true >> default_realm = EXAMPLE.COM >> >> >> And the Kerberos ticket is opened successfully. >> >> [root at samba-dc-02 ]# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at EXAMPLE.COM >> >> Valid starting Expires Service principal >> 04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM >> renew until 04/07/2017 20:42:18 >> >> The Samba server itelsf resolves to the AD ip >> >> [root at samba-dc-02 ]# cat /etc/resolv.conf >> # Generated by NetworkManager >> search example.com >> nameserver 10.3.251.19 >> >> >> Anybody have an idea what could be happening? Thanks in advance. >> >> >> >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Erick. ------------------------------------------- IRC : zerick Blog : http://zerick.me About : http://about.me/zerick Linux User ID : 549567