On Mon, 25 Mar 2019 14:28:52 +0000
Piers Kittel via samba <samba at lists.samba.org> wrote:
> Hi all,
>
> So we have a single AD-DC master, and I'm trying to join a fresh new
> DC (DOMAIN-ad.DOMAIN.intranet, 192.168.0.11) to the master
> (ad.DOMAIN.intranet, 192.168.0.17), and I'm using the HOWTO here:
>
wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
> and I've hit a problem in the section "Built-in User & Group
ID
> Mappings" - when doing the following after copying over the idmap.ldb
> manually (note, ntacls.py was modified to output the file the script
> is trying to open):
>
> samba-tool ntacl sysvolreset
>
> I get:
>
> root at DOMAIN-ad:/var/lib/samba/private# samba-tool ntacl sysvolreset
> >>>>>>>>>>> /var/lib/samba/sysvol
> >>>>>>>>>>>
/var/lib/samba/sysvol/DOMAIN.intranet/scripts
> >>>>>>>>>>>
/var/lib/samba/sysvol/DOMAIN.intranet
> >>>>>>>>>>>
/var/lib/samba/sysvol/DOMAIN.intranet/Policies
> open: error=2 (No such file or directory)
> ERROR(runtime): uncaught exception - (-1073741823, 'Undetermined
> error') File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run return self.run(*args, **kwargs)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py",
> line 239, in run
> lp, use_ntvfs=use_ntvfs)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line
> 1609, in setsysvolacl set_gpos_acl(sysvol, dnsdomain, domainsid,
> domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
> File
> "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py",
line
> 1502, in set_gpos_acl use_ntvfs=use_ntvfs, skip_invalid_chown=True,
> passdb=passdb, service=SYSVOL_SERVICE)
> File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line
163,
> in setntacl
> smbd.set_nt_acl(file, security.SECINFO_OWNER |
> security.SECINFO_GROUP | security.SECINFO_DACL |
> security.SECINFO_SACL, sd, service=service)
>
> So I try to check the replication status but as the samba service
> isn't currently running (as per HOWTO) it unsurprisingly fails:
>
> root at DOMAIN-ad:/var/lib/samba/sysvol/DOMAIN.intranet# samba-tool drs
> showrepl
> Failed to connect host 192.168.0.11 on port 135 -
> NT_STATUS_CONNECTION_REFUSED
> Failed to connect host 192.168.0.11 (DOMAIN-ad.DOMAIN.intranet) on
> port 135 - NT_STATUS_CONNECTION_REFUSED.
> ERROR(<class 'samba.drs_utils.drsException'>): DRS connection
to
> DOMAIN-ad.DOMAIN.intranet failed - drsException: DRS connection to
> DOMAIN-ad.DOMAIN.intranet failed: (-1073741258, 'The connection was
> refused')
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py",
line
> 41, in drsuapi_connect
> (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions)
> = drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
> File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py",
line
> 54, in drsuapi_connect
> raise drsException("DRS connection to %s failed: %s" %
(server,
> e))
>
> How do I fix this issue please? Both servers are running the exact
> same version of Debian 9, Samba updated to version 4.5.16-Debian.
>
> Many thanks for your time!
>
> With kind regards - Piers
>
Did you sync Sysvol first ?
Rowland