Ming Li
2018-Oct-16 18:16 UTC
[Samba] Samba 4.3.11 join an exiting windows AD failed with timeout
Hello,
I built a DNS and AD in windows 2012 as PDC, and would like to setup a BDC in
linux. I followed this link
https://www.server-world.info/en/note?os=Ubuntu_18.04&p=samba&f=7 . But
got below error. Any ides would be appreciated.
$ samba-tool domain join xxx.com DC -U "xxx\administrator"
--dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'xxx.com'
Found DC DCPR1.xxx.com
Password for [XXX\administrator]:
workgroup is XXX
realm is xxx.com
checking sAMAccountName
Adding CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com
Adding
CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com
Adding CN=NTDS
Settings,CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com
Join failed - cleaning up
checking sAMAccountName
Deleted CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com
Deleted
CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com
ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The
specified I/O operation on %hs was not completed before the time-out period
expired.')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
621, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1170, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1073, in
do_join
ctx.join_add_objects()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 562, in
join_add_objects
ctx.join_add_ntdsdsa()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 495, in
join_add_ntdsdsa
ctx.DsAddEntry([rec])
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 432, in
DsAddEntry
(level, ctr) = ctx.drsuapi.DsAddEntry(ctx.drsuapi_handle, 2, req2)
Thanks,
Ming.
Disclaimer:
This e-mail and any attachments thereto are intended for use solely by the
addressee(s) named herein, and the contents may contain legally privileged
and/or confidential information. This e-mail messages should not be shown to or
forwarded to anyone without the explicit, prior consent of the sender. If you
are not the intended recipient of this e-mail, you are hereby notified that any
dissemination, distribution, copying, or other use of this e-mail and/or any of
the attachments hereto, in whole or in part, is strictly prohibited. If you have
received this e-mail in error, please notify the undersigned immediately by
telephone and permanently delete the original and all copies of this e-mail, the
attachments thereto, and any printouts, in whole or in part, thereof.
Codeword:@#$AZDie934jSdi9#$iodusk#@!@
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
Andrew Bartlett
2018-Oct-16 18:45 UTC
[Samba] Samba 4.3.11 join an exiting windows AD failed with timeout
On Tue, 2018-10-16 at 18:16 +0000, Ming Li via samba wrote:> Hello, > > I built a DNS and AD in windows 2012 as PDC, and would like to setup a BDC in linux. I followed this link https://www.server-world.info/en/note?os=Ubuntu_18.04&p=samba&f=7 . But got below error. Any ides would be appreciated. > > $ samba-tool domain join xxx.com DC -U "xxx\administrator" --dns-backend=SAMBA_INTERNAL > > Finding a writeable DC for domain 'xxx.com' > Found DC DCPR1.xxx.com > Password for [XXX\administrator]: > workgroup is XXX > realm is xxx.com > checking sAMAccountName > Adding CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com > Adding CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com > Adding CN=NTDS Settings,CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com > Join failed - cleaning up > checking sAMAccountName > Deleted CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com > Deleted CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com > ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 621, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1170, in join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1073, in do_join > ctx.join_add_objects() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 562, in join_add_objects > ctx.join_add_ntdsdsa() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 495, in join_add_ntdsdsa > ctx.DsAddEntry([rec]) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 432, in DsAddEntry > (level, ctr) = ctx.drsuapi.DsAddEntry(ctx.drsuapi_handle, 2, req2)I would check you have firewall access to the high DCE/RPC port uses for DRSUAPI, and that your windows server is happy in general. Is there a specific reason you are adding this additional DC? I suspect the domain isn't working correctly already. Finally, I would note that long-term windows/samba domains are supported, but rare. I would encourage a full migration if you intend this to be in production long-term. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Ming Li
2018-Oct-16 21:27 UTC
[Samba] Samba 4.3.11 join an exiting windows AD failed with timeout
Thanks. It is an internal network. We opened up firewall. And windows DC is working well. We have two windows DCs now one PDC, anther BDC. We are moving to linux. So would like to add this linux as BDC, and demote the currently windows BDC. And have a test. If all good, we will migrate it totally. But now cannot make it works. Any other place should I check to make it work? Thanks, Ming. -----Original Message----- From: Andrew Bartlett <abartlet at samba.org> Sent: Tuesday, October 16, 2018 1:46 PM To: Ming Li <Ming.Li at mtusa.com>; samba at lists.samba.org Subject: Re: [Samba] Samba 4.3.11 join an exiting windows AD failed with timeout On Tue, 2018-10-16 at 18:16 +0000, Ming Li via samba wrote:> Hello, > > I built a DNS and AD in windows 2012 as PDC, and would like to setup a BDC in linux. I followed this link https://www.server-world.info/en/note?os=Ubuntu_18.04&p=samba&f=7 . But got below error. Any ides would be appreciated. > > $ samba-tool domain join xxx.com DC -U "xxx\administrator" > --dns-backend=SAMBA_INTERNAL > > Finding a writeable DC for domain 'xxx.com' > Found DC DCPR1.xxx.com > Password for [XXX\administrator]: > workgroup is XXX > realm is xxx.com > checking sAMAccountName > Adding CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com Adding > CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu > ration,DC=xxx,DC=com Adding CN=NTDS > Settings,CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,C > N=Configuration,DC=xxx,DC=com > Join failed - cleaning up > checking sAMAccountName > Deleted CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com Deleted > CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configu > ration,DC=xxx,DC=com > ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.') > File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run > return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 621, in run > machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1170, in join_DC > ctx.do_join() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1073, in do_join > ctx.join_add_objects() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 562, in join_add_objects > ctx.join_add_ntdsdsa() > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 495, in join_add_ntdsdsa > ctx.DsAddEntry([rec]) > File "/usr/lib/python2.7/dist-packages/samba/join.py", line 432, in DsAddEntry > (level, ctr) = ctx.drsuapi.DsAddEntry(ctx.drsuapi_handle, 2, req2)I would check you have firewall access to the high DCE/RPC port uses for DRSUAPI, and that your windows server is happy in general. Is there a specific reason you are adding this additional DC? I suspect the domain isn't working correctly already. Finally, I would note that long-term windows/samba domains are supported, but rare. I would encourage a full migration if you intend this to be in production long-term. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba Disclaimer: This e-mail and any attachments thereto are intended for use solely by the addressee(s) named herein, and the contents may contain legally privileged and/or confidential information. This e-mail messages should not be shown to or forwarded to anyone without the explicit, prior consent of the sender. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or other use of this e-mail and/or any of the attachments hereto, in whole or in part, is strictly prohibited. If you have received this e-mail in error, please notify the undersigned immediately by telephone and permanently delete the original and all copies of this e-mail, the attachments thereto, and any printouts, in whole or in part, thereof. Codeword:@#$AZDie934jSdi9#$iodusk#@!@ --- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus