Claudio Nicora
2018-Mar-02 09:16 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
> Garming asked you to see if you could locate> where the records got put the records by hand Sorry, I can't understand what you mean with "if you could locate where the records got put"... Are you're asking me to create the DNS record by hand with RSAT on SRVAD_OLD, then run samba-tool join again? If so, yes I've tried to create the record manually and re-run samba-tool with the same error. Sorry for the misunderstand>> I'm still focusing on log lines after the failure: >> >> --- no SRVAD-OLD address in /etc/hosts --- >> Join failed - cleaning up >> ldb_wrap open of secrets.ldb >> Could not find machine account in secrets database: Failed to fetch >> machine account password for SAMDOM from both secrets.ldb (Could not >> find entry to match filter: >> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary >> Domains': No such object: dsdb_search at >> ../source4/dsdb/common/util.c:4636) and from >> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO >> --- > This isn't it. The things after the failure are not the issue, they > are happening in the unwind. > > You can see the real failure in the backtrace, where it fails to find > the records using our DNS client library for LDAP (yes, a very strange > thing). > > As Garming said, the issue is that Samba can't find the DNS records on > your AD DC over LDAP, having just added them via RPC. > > This code is a bit tricky, and I thought I had it right, but clearly > that isn't the case. Garming asked you to see if you could locate > where the records got put the records by hand. > > Thanks, > > Andrew Bartlett >
Claudio Nicora
2018-Mar-02 10:43 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
If I create SRVAD-NEW DNS record manually, under samdom.local zone, this is what I see with adsiedit: distinguishedName: DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL In "Active Directory Users and Computers" under "Domain Controllers" I see this object (that disappears after failure): distinguishedName: CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL> > Garming asked you to see if you could locate > > where the records got put the records by hand > > Sorry, I can't understand what you mean with "if you could locate > where the records got put"... > Are you're asking me to create the DNS record by hand with RSAT on > SRVAD_OLD, then run samba-tool join again? > If so, yes I've tried to create the record manually and re-run > samba-tool with the same error. > > Sorry for the misunderstand > >>> I'm still focusing on log lines after the failure: >>> >>> --- no SRVAD-OLD address in /etc/hosts --- >>> Join failed - cleaning up >>> ldb_wrap open of secrets.ldb >>> Could not find machine account in secrets database: Failed to fetch >>> machine account password for SAMDOM from both secrets.ldb (Could not >>> find entry to match filter: >>> '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary >>> Domains': No such object: dsdb_search at >>> ../source4/dsdb/common/util.c:4636) and from >>> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO >>> --- >> This isn't it. The things after the failure are not the issue, they >> are happening in the unwind. >> >> You can see the real failure in the backtrace, where it fails to find >> the records using our DNS client library for LDAP (yes, a very strange >> thing). >> >> As Garming said, the issue is that Samba can't find the DNS records on >> your AD DC over LDAP, having just added them via RPC. >> >> This code is a bit tricky, and I thought I had it right, but clearly >> that isn't the case. Garming asked you to see if you could locate >> where the records got put the records by hand. >> >> Thanks, >> >> Andrew Bartlett >> >
Rowland Penny
2018-Mar-02 13:48 UTC
[Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain
On Fri, 2 Mar 2018 11:43:37 +0100 Claudio Nicora via samba <samba at lists.samba.org> wrote:> If I create SRVAD-NEW DNS record manually, under samdom.local zone, > this is what I see with adsiedit: > > distinguishedName: > DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL >There is a bit of a problem with that, it should be: DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL Rowland
Possibly Parallel Threads
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain
- Error joining Samba 4.7.4 DC to existing Win2008R2 domain