Am 30.01.19 um 11:37 schrieb Rowland Penny via samba:> You will have to sync sysvol AFTER the join > The join will create the kerberos ticket (unless you are actually > referring to /etc/krb5.conf) and smb.conf. > /etc/resolv.conf needs to point to DC1 before the join and itself after > the join.phew! I didn't have that on the radar, good that I asked ... No problem to temporarily disable the rsync-job and rm the kerberos ticket (quick reboot of DC2 during lunch ;-)). thanks!>> I hesitate to join the DC2 during work hours ;-) from experience. > > Wise decision ;-)At least this was done correctly ;-)>> And I think it's better to ask you *before* I crash my network ;-) > > Oh definitely, better to ask before, it is easier to fix ;-)great, thanks so far.
Am 30.01.19 um 12:09 schrieb Stefan G. Weichinger via samba:> Am 30.01.19 um 11:37 schrieb Rowland Penny via samba: > >> You will have to sync sysvol AFTER the join >> The join will create the kerberos ticket (unless you are actually >> referring to /etc/krb5.conf) and smb.conf. >> /etc/resolv.conf needs to point to DC1 before the join and itself after >> the join. > > phew! I didn't have that on the radar, good that I asked ... > > No problem to temporarily disable the rsync-job and rm the kerberos > ticket (quick reboot of DC2 during lunch ;-)). > > thanks! > >>> I hesitate to join the DC2 during work hours ;-) from experience. >> >> Wise decision ;-) > > At least this was done correctly ;-) > >>> And I think it's better to ask you *before* I crash my network ;-) >> >> Oh definitely, better to ask before, it is easier to fix ;-) > > great, thanks so far.Are we surprised that I face difficulties at the join? no ... ;-) clean /etc/samba, no krb5.conf # samba-tool domain join mydomain.at -U"BUERO\Administrator" --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 = yes' Password for [BUERO\Administrator]: ERROR(runtime): uncaught exception - (-1073741606, 'provision_store_self_join failed with NT_STATUS_CANT_ACCESS_DOMAIN_INFO') File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 697, in run machinepass=machinepass) - the smb.conf on DC(1) says: [global] workgroup = BUERO realm = MYDOMAIN.AT netbios name = DC that comes from old NT4 times I wonder if I use wrong realm/domain name or if I miss some package on DC2 dsdb-modules are installed already (were missing at first)
Am 01.02.19 um 22:27 schrieb Stefan G. Weichinger via samba:> [..] domain join mydomain.at -U"BUERO\Administrator" ....DC name missing here ... works now (copying krb5.conf now and that idmap.ldb)
On Fri, 1 Feb 2019 22:27:29 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 30.01.19 um 12:09 schrieb Stefan G. Weichinger via samba: > > Am 30.01.19 um 11:37 schrieb Rowland Penny via samba: > > > >> You will have to sync sysvol AFTER the join > >> The join will create the kerberos ticket (unless you are actually > >> referring to /etc/krb5.conf) and smb.conf. > >> /etc/resolv.conf needs to point to DC1 before the join and itself > >> after the join. > > > > phew! I didn't have that on the radar, good that I asked ... > > > > No problem to temporarily disable the rsync-job and rm the kerberos > > ticket (quick reboot of DC2 during lunch ;-)). > > > > thanks! > > > >>> I hesitate to join the DC2 during work hours ;-) from experience. > >> > >> Wise decision ;-) > > > > At least this was done correctly ;-) > > > >>> And I think it's better to ask you *before* I crash my network ;-) > >> > >> Oh definitely, better to ask before, it is easier to fix ;-) > > > > great, thanks so far. > > > Are we surprised that I face difficulties at the join? no ... > > ;-) > > clean /etc/samba, no krb5.conf > > > # samba-tool domain join mydomain.at -U"BUERO\Administrator" > --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307 = yes' > Password for [BUERO\Administrator]: > ERROR(runtime): uncaught exception - (-1073741606, > 'provision_store_self_join failed with > NT_STATUS_CANT_ACCESS_DOMAIN_INFO') File > "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line > 176, in _run return self.run(*args, **kwargs) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 697, in run > machinepass=machinepass) > > > - > > the smb.conf on DC(1) says: > > [global] > workgroup = BUERO > realm = MYDOMAIN.AT > netbios name = DC > > > that comes from old NT4 times > > I wonder if I use wrong realm/domain name or if I miss some package > on DC2 > > dsdb-modules are installed already (were missing at first) > >I would have run the command as this: samba-tool domain join mydomain.at DC --option='idmap_ldb:use rfc2307 yes' -UAdministrator Notice the very big addition (well it is not that big, only two letters) Also you need the krb5.conf before the join (I did say 'unless you are actually referring to /etc/krb5.conf') Rowland