Hi:
I tried to use samba 4.8.1/4.8.2 to join windows domain as DC. and
saw warning message like "Unable to determine the DomainSID, can not
enforce uniqueness constraint on local domainSIDs"
I didn't get that message when using samba 4.7.7. is the message
safe to ignore?
the complete join message below:
[root at samba-dc ~]# /usr/local/samba/bin/samba-tool domain join
samdom.example.com DC -U"SAMDOM\administrator"
--dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'samdom.example.com'
Found DC test-dc.samdom.example.com
Password for [SAMDOM\administrator]:
workgroup is SAMDOM
realm is samdom.example.com
Adding CN=SAMBA-DC,OU=Domain Controllers,DC=samdom,DC=example,DC=com
Adding
CN=SAMBA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
Adding CN=NTDS
Settings,CN=SAMBA-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
Adding SPNs to CN=SAMBA-DC,OU=Domain Controllers,DC=samdom,DC=example,DC=com
Setting account password for SAMBA-DC$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness
constraint on local domainSIDs
A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace
it with this one. Do not create a symlink!
Provision OK for domain DN DC=samdom,DC=example,DC=com
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
objects[402/1449] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
objects[804/1449] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
objects[1206/1449] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
objects[1608/1449] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com]
objects[1743/1449] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=samdom,DC=example,DC=com]
objects[402/2989] linked_values[0/24]
Partition[CN=Configuration,DC=samdom,DC=example,DC=com]
objects[804/2989] linked_values[0/24]
Partition[CN=Configuration,DC=samdom,DC=example,DC=com]
objects[1206/2989] linked_values[0/24]
Partition[CN=Configuration,DC=samdom,DC=example,DC=com]
objects[1608/2989] linked_values[0/24]
Partition[CN=Configuration,DC=samdom,DC=example,DC=com]
objects[1764/2989] linked_values[24/24]
Replicating critical objects from the base DN of the domain
Partition[DC=samdom,DC=example,DC=com] objects[105/104] linked_values[23/26]
Partition[DC=samdom,DC=example,DC=com] objects[371/3307] linked_values[26/26]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=samdom,DC=example,DC=com
Partition[DC=DomainDnsZones,DC=samdom,DC=example,DC=com]
objects[40/40] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=samdom,DC=example,DC=com
Partition[DC=ForestDnsZones,DC=samdom,DC=example,DC=com]
objects[18/18] linked_values[0/0]
Exop on[CN=RID Manager$,CN=System,DC=samdom,DC=example,DC=com]
objects[3] linked_values[0]
Committing SAM database
Adding 1 remote DNS records for SAMBA-DC.samdom.example.com
Adding DNS A record SAMBA-DC.samdom.example.com for IPv4 IP: 10.99.1.223
Adding DNS CNAME record
7d374d0b-74d2-49c1-9969-9a0e87090672._msdcs.samdom.example.com for
SAMBA-DC.samdom.example.com
All other DNS records (like _ldap SRV records) will be created
samba_dnsupdate on first startup
Replicating new DNS records in DC=DomainDnsZones,DC=samdom,DC=example,DC=com
Partition[DC=DomainDnsZones,DC=samdom,DC=example,DC=com] objects[1/40]
linked_values[0/0]
Replicating new DNS records in DC=ForestDnsZones,DC=samdom,DC=example,DC=com
Partition[DC=ForestDnsZones,DC=samdom,DC=example,DC=com] objects[1/18]
linked_values[0/0]
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain SAMDOM (SID S-1-5-21-3559909774-3968669603-834676815) as a DC