Hi, I have followed this guide on the wiki https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory, in order to join samba to an existing Active Directory. I'm using CentOS 7, using Samba 4.6 and compiled from source. So the thing is that I'm stuck on step https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller Basically when I try to join Samba to the AD I get this error [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL Finding a writeable DC for domain 'EXAMPLE.COM' Found DC dc-01.example.com Password for [EXAMPLE\Administrator]: workgroup is EXAMPLE realm is example.com Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com Adding CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com Join failed - cleaning up Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr: DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: 'CN=Sites,CN=Configuration,DC=example,DC=com'> <>File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1269, in join_DC ctx.do_join() File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1175, in do_join ctx.join_add_objects() File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 606, in join_add_objects ctx.samdb.add(rec) This is my currrent Kerberos conf [root at samba-dc-02 ]# cat /etc/krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = EXAMPLE.COM And the Kerberos ticket is opened successfully. [root at samba-dc-02 ]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: Administrator at EXAMPLE.COM Valid starting Expires Service principal 04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM renew until 04/07/2017 20:42:18 The Samba server itelsf resolves to the AD ip [root at samba-dc-02 ]# cat /etc/resolv.conf # Generated by NetworkManager search example.com nameserver 10.3.251.19 Anybody have an idea what could be happening? Thanks in advance. -- Erick.
Hi Erick, We were unable recently to join a 4.6.1 machine to the domain as a domain member server. Going back to 4.5.7 solved it immediately. In our case it turned out to be a bug that will supposedly be fixed in samba 4.6.3. Perhaps this same bug is what's biting you... Try the latest 4.5.x MJ On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:> Hi, > > I have followed this guide on the wiki > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory, > in > order to join samba to an existing Active Directory. > I'm using CentOS 7, using Samba 4.6 and compiled from source. > > So the thing is that I'm stuck on step > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller > > Basically when I try to join Samba to the AD I get this error > > [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U > "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL > Finding a writeable DC for domain 'EXAMPLE.COM' > Found DC dc-01.example.com > Password for [EXAMPLE\Administrator]: > workgroup is EXAMPLE > realm is example.com > Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com > Adding > CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com > Join failed - cleaning up > Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - > CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr: > DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: > 'CN=Sites,CN=Configuration,DC=example,DC=com' >> <> > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", > line 661, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line > 1269, in join_DC > ctx.do_join() > File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line > 1175, in do_join > ctx.join_add_objects() > File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line > 606, in join_add_objects > ctx.samdb.add(rec) > > > This is my currrent Kerberos conf > > [root at samba-dc-02 ]# cat /etc/krb5.conf > [libdefaults] > dns_lookup_realm = false > dns_lookup_kdc = true > default_realm = EXAMPLE.COM > > > And the Kerberos ticket is opened successfully. > > [root at samba-dc-02 ]# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: Administrator at EXAMPLE.COM > > Valid starting Expires Service principal > 04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM > renew until 04/07/2017 20:42:18 > > The Samba server itelsf resolves to the AD ip > > [root at samba-dc-02 ]# cat /etc/resolv.conf > # Generated by NetworkManager > search example.com > nameserver 10.3.251.19 > > > Anybody have an idea what could be happening? Thanks in advance. > > >
Hi, I tried with the latest stable 4.5.x, but with no success. Do you think you could share your smb.conf ? and also how you built from source? I suspect there's something missing in the KRB5 for Samba (due to KDC error messages). Thanks in advance! On 7 April 2017 at 02:26, mj via samba <samba at lists.samba.org> wrote:> Hi Erick, > > We were unable recently to join a 4.6.1 machine to the domain as a domain > member server. Going back to 4.5.7 solved it immediately. > > In our case it turned out to be a bug that will supposedly be fixed in > samba 4.6.3. Perhaps this same bug is what's biting you... > > Try the latest 4.5.x > > MJ > > > On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote: > >> Hi, >> >> I have followed this guide on the wiki >> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex >> isting_Active_Directory, >> in >> order to join samba to an existing Active Directory. >> I'm using CentOS 7, using Samba 4.6 and compiled from source. >> >> So the thing is that I'm stuck on step >> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Ex >> isting_Active_Directory#Joining_the_Active_Directory_as_a_ >> Domain_Controller >> >> Basically when I try to join Samba to the AD I get this error >> >> [root at samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U >> "EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL >> Finding a writeable DC for domain 'EXAMPLE.COM' >> Found DC dc-01.example.com >> Password for [EXAMPLE\Administrator]: >> workgroup is EXAMPLE >> realm is example.com >> Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com >> Adding >> CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Site >> s,CN=Configuration,DC=example,DC=com >> Join failed - cleaning up >> Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com >> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - >> CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr: >> DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of: >> 'CN=Sites,CN=Configuration,DC=example,DC=com' >> >>> <> >>> >> File >> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd >> /__init__.py", >> line 176, in _run >> return self.run(*args, **kwargs) >> File >> "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", >> line 661, in run >> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) >> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", >> line >> 1269, in join_DC >> ctx.do_join() >> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", >> line >> 1175, in do_join >> ctx.join_add_objects() >> File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", >> line >> 606, in join_add_objects >> ctx.samdb.add(rec) >> >> >> This is my currrent Kerberos conf >> >> [root at samba-dc-02 ]# cat /etc/krb5.conf >> [libdefaults] >> dns_lookup_realm = false >> dns_lookup_kdc = true >> default_realm = EXAMPLE.COM >> >> >> And the Kerberos ticket is opened successfully. >> >> [root at samba-dc-02 ]# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: Administrator at EXAMPLE.COM >> >> Valid starting Expires Service principal >> 04/06/2017 20:42:24 04/07/2017 06:42:24 krbtgt/EXAMPLE.COM at EXAMPLE.COM >> renew until 04/07/2017 20:42:18 >> >> The Samba server itelsf resolves to the AD ip >> >> [root at samba-dc-02 ]# cat /etc/resolv.conf >> # Generated by NetworkManager >> search example.com >> nameserver 10.3.251.19 >> >> >> Anybody have an idea what could be happening? Thanks in advance. >> >> >> >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Erick. ------------------------------------------- IRC : zerick Blog : http://zerick.me About : http://about.me/zerick Linux User ID : 549567