No I'm join samba to Windows DC(srv-dc01), he not server RODC>> If they do, try pre-creating the new DC in AD.in Windows manager console AD may create only RODC, it does not suit me run samba-tool domain join example.ru DC --server=srv-dc01.example.ru --username=vas.lah --password=password --realm=EXAMPLE.RU --site=SITE2 Failed to fetch machine account password for EXAMPLE from both secrets.ldb (Could not find entry to match filter: '(&(f$atname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private$secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFODeleted CN=RID Set,CN=SRV-SITE2- DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=SRV-SITE2- DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=NTDS Settings,CN=SRV-SITE2- DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruDelet ed CN=SRV-SITE2- DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruERROR (runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib64/python2.7/site- packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site- packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib64/python2.7/site- packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib64/python2.7/site- packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) В Пн, 19/02/2018 в 11:43 +0000, Rowland Penny via samba пишет:> On Mon, 19 Feb 2018 16:28:37 +0500 > > > Yes, DNS runnig on Windows Server 2008R2(srv-dc01.example.ru) > > DNS integrated to AD > > in the domain management snap-in is created RODC, > > I think what you are trying to say is, you are trying to join the > Samba > machine (as a DC) to a windows RODC. I don't think this will work, > an RODC contains all the AD records except the passwords, but they > are > read-only. > > > is it possible to translate it into a normal DC? > > No, I am fairly sure you would have to demote it, then promote it as > a > a DC, If you can do this, then why not just point the Samba machine > at > a normal DC instead ? > > Rowland >
On Mon, 19 Feb 2018 16:59:07 +0500 "denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:> run samba-tool domain join example.ru DC --server=srv-dc01.example.ru > --username=vas.lah --password=password --realm=EXAMPLE.RU --site=SITE2 > > Failed to fetch machine account password for EXAMPLE from both > secrets.ldb (Could not find entry to match filter: > '(&(f$atname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4636) and from > /var/lib/samba/private$secrets.tdb: > NT_STATUS_CANT_ACCESS_DOMAIN_INFODeleted CN=RID Set,CN=SRV-SITE2- > DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=SRV-SITE2- > DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=NTDS > Settings,CN=SRV-SITE2- > DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruDelet > ed CN=SRV-SITE2- > DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruERROR > (runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib64/python2.7/site- > packages/samba/netcmd/__init__.py", line 176, in _run return > self.run(*args, **kwargs) File "/usr/lib64/python2.7/site- > packages/samba/netcmd/domain.py", line 661, in > run machinepass=machinepass, use_ntvfs=use_ntvfs, > dns_backend=dns_backend) File "/usr/lib64/python2.7/site- > packages/samba/join.py", line 1474, in join_DC ctx.do_join() File > "/usr/lib64/python2.7/site-packages/samba/join.py", line 1384, in > do_join ctx.join_add_dns_records() File > "/usr/lib64/python2.7/site- packages/samba/join.py", line 1116, in > join_add_dns_records dns_partition=domaindns_zone_dn) File > "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 939, in > dns_lookup dns_partition=dns_partition) >Is this the entire output after you run the samba-tool command ? If not can you post the entire output, you can send it to me offlist if you want. The problem does seem to be missing dns records. Rowland
the first letter sent a journal как можно ========== log messages join DC===========....more than a thousand lines of messages ..... Replicated 3 objects (0 linked attributes) for DC=example,DC=ruCommitting SAM databaseDiscarding older DRS linked attribute update to member on . .......... ....more than a thousand lines of messages ...... Applying linked attribute change:dn: <GUID=9922ff18-fa1f-4781-a126- de32d26c61b7>;<SID=S-1-5-21-1715567821-920026266-839522115- 4194>;CN=12312,OU=fsdf,OU=Office,DC=example,DC=ruchangetype: modifyadd: memberOfmemberOf: <GUID=272c834e-48ce-4002-8c95-c41781605d42>;<SID=S-1- 5-21-1715567821 -920026266-839522115- 1109>;CN=Commerce,OU=Security_Groups,OU=Services Account s,DC=example,DC=ru ...... ....more than a thousand lines of messages .......... added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0Adding 1 remote DNS records for SRV-SITE2- DC1.example.ruUsing binding ncacn_ip_tcp:srv- dc01.example.ru[,sign]Mapped to DCERPC endpoint 135added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0resolve_lmhosts: Attempting lmhosts lookup for name srv- dc01.example.ru<0x20>getlmhostsent: lmhost entry: 127.0.0.1 localhost Mapped to DCERPC endpoint 52781added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0added interface eth0 ip=10.2.1.15 bcast=10.2.7.255 netmask=255.255.248.0resolve_lmhosts: Attempting lmhosts lookup for name srv- dc01.example.ru<0x20>getlmhostsent: lmhost entry: 127.0.0.1 localhost Starting GENSEC mechanism spnegoStarting GENSEC submechanism gssapi_krb5GSSAPI credentials for vas.lah at EXAMPLE.RU will expire in 35645 secsgensec_gssapi: NO credentials were delegatedGSSAPI Connection will be cryptographically signedAdding DNS A record SRV-SITE2- DC1.example.ru for IPv4 IP: 10.2.1.15Join failed - cleaning upldb_wrap open of secrets.ldbCould not find machine account in secrets database: Failed to fetch machine account password for EXAMPLE from both secrets.ldb (Could not find entry to match filter: '(&(f$atname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private$secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFODeleted CN=RID Set,CN=SRV-SITE2- DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=SRV-SITE2- DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=NTDS Settings,CN=SRV-SITE2- DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruDelet ed CN=SRV-SITE2- DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruERROR (runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib64/python2.7/site- packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site- packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib64/python2.7/site- packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib64/python2.7/site- packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) В Пн, 19/02/2018 в 12:25 +0000, Rowland Penny via samba пишет:> Is this the entire output after you run the samba-tool command ? > > If not can you post the entire output, you can send it to me offlist > if > you want. > > The problem does seem to be missing dns records. > > Rowland