samba - Mar 2018 - Error joining Samba 4.7.4 DC to existing Win2008R2 domain

On Fri, 2 Mar 2018 11:43:37 +0100
Claudio Nicora via samba <samba at lists.samba.org> wrote:
> If I create SRVAD-NEW DNS record manually, under samdom.local zone,
> this is what I see with adsiedit:
> 
> distinguishedName: 
>
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> 
There is a bit of a problem with that, it should be:

DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL

Rowland

This could be the right way...
> There is a bit of a problem with that, it should be:
>
>
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
The SAMDOM.LOCAL zone is set to replicate to the whole forest (maybe 
I've missed that info on DNS config, anyway Domain-only replication is 
ok for me too).
I've changed it to replicate to only Domain DNS and now the DNS record 
is like you wrote.
I've deleted the manually created record, rerun "samba-tool
join"...
same error.

I've then manually recreated the SRVAD-NEW A record, rerun "samba-tool 
join" and it now goes one step forward and stops at CNAME record 
creation (partial log taken with -d9):
==Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Adding DNS CNAME record 
73347556-45cf-4951-9814-81d6daa6a236._msdcs.SAMDOM.LOCAL for 
SRVAD-NEW.SAMDOM.LOCAL
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch 
machine account password for SAMDOM from both secrets.ldb (Could not 
find entry to match filter: 
'(&(flatname=SAMDOM)(objectclass=primaryDomain))' base:
'cn=Primary
Domains': No such object: dsdb_search at 
../source4/dsdb/common/util.c:4636) and from 
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(runtime): uncaught exception - (9601, 
'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
661, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474,
in
join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384,
in
do_join
     ctx.join_add_dns_records()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1138,
in
join_add_dns_records
     None)
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding 
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding CN=NTDS 
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with 
dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Replicating critical objects from the base DN of the domain
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Committing SAM database
Join failed - cleaning up
==
Can't manually create the CNAME record because it changes at each run.

Full new log here (-d3):
==root at srvad-new:~# samba-tool domain join samdom.local DC 
-U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo
eth_lan" --option="bind interfaces only=yes" -d3
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name 
_ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding 
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Adding CN=NTDS 
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with 
dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb 
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at 
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[402/1335] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[804/1335] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[1206/1335] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] 
objects[1553/1335] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectClass on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectVersion on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to name on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to objectCategory on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to schemaInfo on 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 1553 objects (0 linked attributes) for 
CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1282] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1282] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1282] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1282] 
linked_values[0/20]
Replicated 402 objects (0 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1764/1282] 
linked_values[20/20]
Replicated 155 objects (20 linked attributes) for 
CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1338] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1338] linked_values[0/0]
Replicated 400 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[864/1338] linked_values[0/0]
Replicated 65 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[71/71] 
linked_values[0/0]
Replicated 71 objects (0 linked attributes) for 
DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/93] 
linked_values[0/0]
Replicated 94 objects (0 linked attributes) for 
DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] 
linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to whenCreated on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to showInAdvancedViewOnly on 
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to name on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to fSMORoleOwner on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
19f8865f-929c-4aa1-a8fb-bb23c80b9cd0
Discarding older DRS attribute update to systemFlags on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectCategory on CN=RID 
Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to isCriticalSystemObject on 
CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 
a9e55326-e32f-4da3-8baa-8cf29cbafded
Discarding older DRS attribute update to objectClass on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to whenCreated on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to displayName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to nTSecurityDescriptor on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain 
Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to userAccountControl on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to codePage on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to countryCode on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dBCSPwd on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to localPolicyFlags on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to logonHours on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to unicodePwd on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to ntPwdHistory on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to pwdLastSet on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to primaryGroupID on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to supplementalCredentials on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectSid on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to accountExpires on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to lmPwdHistory on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to sAMAccountType on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to dNSHostName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to servicePrincipalName on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to objectCategory on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to isCriticalSystemObject on 
CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes 
on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 
5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name 
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Adding DNS CNAME record 
d1a36726-20df-4acc-9223-1e76612d75bf._msdcs.SAMDOM.LOCAL for 
SRVAD-NEW.SAMDOM.LOCAL
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch 
machine account password for SAMDOM from both secrets.ldb (Could not 
find entry to match filter: 
'(&(flatname=SAMDOM)(objectclass=primaryDomain))' base:
'cn=Primary
Domains': No such object: dsdb_search at 
../source4/dsdb/common/util.c:4636) and from 
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS 
Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Deleted 
CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Deleted 
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
ERROR(runtime): uncaught exception - (9601, 
'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
line 176, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
661, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474,
in
join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384,
in
do_join
     ctx.join_add_dns_records()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1138,
in
join_add_dns_records
     None)

On Fri, 2 Mar 2018 15:15:49 +0100
Claudio Nicora <claudio.nicora at gmail.com> wrote:
> This could be the right way...
> > There is a bit of a problem with that, it should be:
> >
> >
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
> The SAMDOM.LOCAL zone is set to replicate to the whole forest (maybe 
> I've missed that info on DNS config, anyway Domain-only replication
> is ok for me too).
> I've changed it to replicate to only Domain DNS and now the DNS
> record is like you wrote.
> I've deleted the manually created record, rerun "samba-tool
join"...
> same error.
> 
> I've then manually recreated the SRVAD-NEW A record, rerun
> "samba-tool join" and it now goes one step forward and stops at
CNAME
> record creation (partial log taken with -d9):
> ==> Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
> Adding DNS CNAME record 
> 73347556-45cf-4951-9814-81d6daa6a236._msdcs.SAMDOM.LOCAL for 
> SRVAD-NEW.SAMDOM.LOCAL
Is bind9 running during the join ?
How have you set up bind ?

Rowland

On Fri, 2018-03-02 at 13:48 +0000, Rowland Penny via samba
wrote:
> On Fri, 2 Mar 2018 11:43:37 +0100
> Claudio Nicora via samba <samba at lists.samba.org> wrote:
> 
> > If I create SRVAD-NEW DNS record manually, under samdom.local zone,
> > this is what I see with adsiedit:
> > 
> > distinguishedName: 
> >
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
> > 
> 
> There is a bit of a problem with that, it should be:
> 
>
DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Well spotted Rowland!

Yes, I've checked the code (the exact line number is in the backtrace)
and it is hard-coded to assume the new record will be in the
DomainDnsZones.  It should try ForestDnsZones if the first search
throws a WERR_DNS_ERROR_RCODE_NAME_ERROR.

Claudio,

If you dare, you could try and patch the code yourself.

Sorry for all the drama here!

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba