On Wed, 12 Dec 2018 15:43:09 +0100 peter grotz via samba <samba at lists.samba.org> wrote:> I forgot: this is samba 4.9.3 on centos 7Where did you get Samba 4.9.3 from ?> > Thanks > > > Hello, > > I got a problem with adding an new dc to a domain. when I try to join > I get the following:What are the other DC(s) ? Rowland
peter.grotz at grotz.org
2018-Dec-12 15:01 UTC
[Samba] error with joining new DC to domain
Thanks Rowland for your answer.
these are sernet-packages from their subscription.
There are 4 DCs (all with last sernet-rpms) 2 are demoted with probs
(dc-01 and dc-02 both centos6) and 2 are running (dc-10 and dc-11 on
centos 7)
dc-11 has all fsmo. joining with the old dc-01 and dc-02 doesn´t even
work.
dc-01 joins but gives me this:
Deleted
CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan
Adding CN=DC-01,OU=Domain Controllers,DC=obel,DC=lan
Adding
CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan
Adding CN=NTDS
Settings,CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan
Adding SPNs to CN=DC-01,OU=Domain Controllers,DC=obel,DC=lan
Setting account password for DC-01$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint
on local domainSIDs
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Merge the contents of this file with your system krb5.conf or replace it
with this one. Do not create a symlink!
Provision OK for domain DN DC=obel,DC=lan
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[1206/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[1550/1550]
linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=obel,DC=lan] objects[402/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[804/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[1206/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[1608/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[1646/1646]
linked_values[44/44]
Failed to commit objects: DOS code 0x000021bf
Missing target object - retrying with DRS_GET_TGT
Partition[CN=Configuration,DC=obel,DC=lan] objects[2048/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[2450/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[2852/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[3254/1646]
linked_values[0/0]
Partition[CN=Configuration,DC=obel,DC=lan] objects[3292/1646]
linked_values[44/44]
Replicating critical objects from the base DN of the domain
Partition[DC=obel,DC=lan] objects[98/98] linked_values[34/34]
Partition[DC=obel,DC=lan] objects[501/669] linked_values[0/24]
Partition[DC=obel,DC=lan] objects[767/669] linked_values[585/585]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=obel,DC=lan
Partition[DC=DomainDnsZones,DC=obel,DC=lan] objects[229/229]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=obel,DC=lan
Partition[DC=ForestDnsZones,DC=obel,DC=lan] objects[35/35]
linked_values[0/0]
WARNING: Unable to replicate own RID Set, as server dc-10.obel.lan (the
server we joined) is not the RID Master.
NOTE: This is normal and expected, Samba will be able to create users
after it contacts the RID Master at first startup.
Committing SAM database
Adding 1 remote DNS records for DC-01.obel.lan
Adding DNS A record DC-01.obel.lan for IPv4 IP: 192.168.0.101
Adding DNS CNAME record
96ed5e12-99b8-4f8d-b9bf-f58b9c82eaa5._msdcs.obel.lan for DC-01.obel.lan
All other DNS records (like _ldap SRV records) will be created
samba_dnsupdate on first startup
Replicating new DNS records in DC=DomainDnsZones,DC=obel,DC=lan
Partition[DC=DomainDnsZones,DC=obel,DC=lan] objects[2/2]
linked_values[0/0]
Replicating new DNS records in DC=ForestDnsZones,DC=obel,DC=lan
Partition[DC=ForestDnsZones,DC=obel,DC=lan] objects[2/2]
linked_values[0/0]
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain OBEL (SID S-1-5-21-1994583749-1469429152-1855221660) as a
DC
Then he joined but is not really working (now drs replicatin on
samba-tool drs showrepl
demoting dc-01 brings me the following:
[root at dc-01 samba]# samba-tool domain demote --server=dc-10
-Uadministrator
Using dc-10 as partner server for the demotion
Password for [OBEL\administrator]:
Deactivating inbound replication
Asking partner server dc-10 to synchronize from us
Error while replicating out last local changes from
'CN=Schema,CN=Configuration,DC=obel,DC=lan' for demotion, re-enabling
inbound replication
ERROR(<class 'samba.WERRORError'>): Error while sending a
DsReplicaSync
for partition 'CN=Schema,CN=Configuration,DC=obel,DC=lan' - (2,
'WERR_FILE_NOT_FOUND')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line
855, in run
drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
[root at dc-01 samba]# samba-tool domain demote --server=dc-10
-Uadministrator
Using dc-10 as partner server for the demotion
Password for [OBEL\administrator]:
Deactivating inbound replication
Asking partner server dc-10 to synchronize from us
Error while replicating out last local changes from
'CN=Schema,CN=Configuration,DC=obel,DC=lan' for demotion, re-enabling
inbound replication
ERROR(<class 'samba.WERRORError'>): Error while sending a
DsReplicaSync
for partition 'CN=Schema,CN=Configuration,DC=obel,DC=lan' - (2,
'WERR_FILE_NOT_FOUND')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line
855, in run
drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)
Peter
Am 12.12.2018 15:53, schrieb Rowland Penny via samba:
> On Wed, 12 Dec 2018 15:43:09 +0100
> peter grotz via samba <samba at lists.samba.org> wrote:
>
>> I forgot: this is samba 4.9.3 on centos 7
>
> Where did you get Samba 4.9.3 from ?
>
>> Thanks
>>
>> Hello,
>>
>> I got a problem with adding an new dc to a domain. when I try to join
>> I get the following:
>
> What are the other DC(s) ?
>
> Rowland
On Wed, 12 Dec 2018 16:01:52 +0100 "peter.grotz--- via samba" <samba at lists.samba.org> wrote:> Thanks Rowland for your answer. > > these are sernet-packages from their subscription. > > There are 4 DCs (all with last sernet-rpms) 2 are demoted with probs > (dc-01 and dc-02 both centos6) and 2 are running (dc-10 and dc-11 on > centos 7) > > dc-11 has all fsmo. joining with the old dc-01 and dc-02 doesn´t even > work. > > dc-01 joins but gives me this: > > Deleted > CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan > Adding CN=DC-01,OU=Domain Controllers,DC=obel,DC=lan > Adding > CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan > Adding CN=NTDS > Settings,CN=DC-01,CN=Servers,CN=Obel-und-Partner,CN=Sites,CN=Configuration,DC=obel,DC=lan > Adding SPNs to CN=DC-01,OU=Domain Controllers,DC=obel,DC=lan > Setting account password for DC-01$ > Enabling account > Calling bare provision > Looking up IPv4 addresses > Looking up IPv6 addresses > No IPv6 address will be assigned > Setting up share.ldb > Setting up secrets.ldb > Setting up the registry > Setting up the privileges database > Setting up idmap db > Setting up SAM db > Setting up sam.ldb partitions and settings > Setting up sam.ldb rootDSE > Pre-loading the Samba 4 and AD schema > Unable to determine the DomainSID, can not enforce uniqueness > constraint on local domainSIDs > > A Kerberos configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > Merge the contents of this file with your system krb5.conf or replace > it with this one. Do not create a symlink! > Provision OK for domain DN DC=obel,DC=lan > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[402/1550] > linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] objects[804/1550] > linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] > objects[1206/1550] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=obel,DC=lan] > objects[1550/1550] linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=obel,DC=lan] objects[402/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[804/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[1206/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[1608/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[1646/1646] > linked_values[44/44] > Failed to commit objects: DOS code 0x000021bf > Missing target object - retrying with DRS_GET_TGT > Partition[CN=Configuration,DC=obel,DC=lan] objects[2048/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[2450/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[2852/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[3254/1646] > linked_values[0/0] > Partition[CN=Configuration,DC=obel,DC=lan] objects[3292/1646] > linked_values[44/44] > Replicating critical objects from the base DN of the domain > Partition[DC=obel,DC=lan] objects[98/98] linked_values[34/34] > Partition[DC=obel,DC=lan] objects[501/669] linked_values[0/24] > Partition[DC=obel,DC=lan] objects[767/669] linked_values[585/585] > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=obel,DC=lan > Partition[DC=DomainDnsZones,DC=obel,DC=lan] objects[229/229] > linked_values[0/0] > Replicating DC=ForestDnsZones,DC=obel,DC=lan > Partition[DC=ForestDnsZones,DC=obel,DC=lan] objects[35/35] > linked_values[0/0] > WARNING: Unable to replicate own RID Set, as server dc-10.obel.lan > (the server we joined) is not the RID Master. > NOTE: This is normal and expected, Samba will be able to create users > after it contacts the RID Master at first startup. > Committing SAM database > Adding 1 remote DNS records for DC-01.obel.lan > Adding DNS A record DC-01.obel.lan for IPv4 IP: 192.168.0.101 > Adding DNS CNAME record > 96ed5e12-99b8-4f8d-b9bf-f58b9c82eaa5._msdcs.obel.lan for > DC-01.obel.lan All other DNS records (like _ldap SRV records) will be > created samba_dnsupdate on first startup > Replicating new DNS records in DC=DomainDnsZones,DC=obel,DC=lan > Partition[DC=DomainDnsZones,DC=obel,DC=lan] objects[2/2] > linked_values[0/0] > Replicating new DNS records in DC=ForestDnsZones,DC=obel,DC=lan > Partition[DC=ForestDnsZones,DC=obel,DC=lan] objects[2/2] > linked_values[0/0] > Sending DsReplicaUpdateRefs for all the replicated partitions > Setting isSynchronized and dsServiceName > Setting up secrets database > Joined domain OBEL (SID S-1-5-21-1994583749-1469429152-1855221660) as > a DC > > Then he joined but is not really working (now drs replicatin on > samba-tool drs showrepl > > demoting dc-01 brings me the following: > > [root at dc-01 samba]# samba-tool domain demote --server=dc-10 > -Uadministrator > Using dc-10 as partner server for the demotion > Password for [OBEL\administrator]: > Deactivating inbound replication > Asking partner server dc-10 to synchronize from us > Error while replicating out last local changes from > 'CN=Schema,CN=Configuration,DC=obel,DC=lan' for demotion, re-enabling > inbound replication > ERROR(<class 'samba.WERRORError'>): Error while sending a > DsReplicaSync for partition > 'CN=Schema,CN=Configuration,DC=obel,DC=lan' - (2, > 'WERR_FILE_NOT_FOUND') File > "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line > 855, in run drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) > [root at dc-01 samba]# samba-tool domain demote --server=dc-10 > -Uadministrator > Using dc-10 as partner server for the demotion > Password for [OBEL\administrator]: > Deactivating inbound replication > Asking partner server dc-10 to synchronize from us > Error while replicating out last local changes from > 'CN=Schema,CN=Configuration,DC=obel,DC=lan' for demotion, re-enabling > inbound replication > ERROR(<class 'samba.WERRORError'>): Error while sending a > DsReplicaSync for partition > 'CN=Schema,CN=Configuration,DC=obel,DC=lan' - (2, > 'WERR_FILE_NOT_FOUND') File > "/usr/lib64/python2.6/site-packages/samba/netcmd/domain.py", line > 855, in run drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1) > > Peter > > Am 12.12.2018 15:53, schrieb Rowland Penny via samba: > > > On Wed, 12 Dec 2018 15:43:09 +0100 > > peter grotz via samba <samba at lists.samba.org> wrote: > > > >> I forgot: this is samba 4.9.3 on centos 7 > > > > Where did you get Samba 4.9.3 from ? > > > >> Thanks > >> > >> Hello, > >> > >> I got a problem with adding an new dc to a domain. when I try to > >> join I get the following: > > > > What are the other DC(s) ? > > > > RowlandThere was a similar thread here: https://lists.samba.org/archive/samba/2018-June/216543.html Rowland