franta
2019-Mar-25 15:20 UTC
[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed
Dne 2019-03-25 16:02, Rowland Penny via samba napsal:> On Mon, 25 Mar 2019 15:12:16 +0100 > franta via samba <samba at lists.samba.org> wrote: > >> Hi team, >> I have Samba (4.9.5) AD DC, and when trying to add second DC, join >> fail: >> >> # samba-tool domain join zamecek.home DC >> -U"SSUPS-ZAMECEK\administrator" --option='idmap_ldb:use rfc2307 >> yes' --dns-backend=BIND9_DLZ Finding a writeable DC for domain >> 'zamecek.home' Found DC dc1.zamecek.home >> Password for [SSUPS-ZAMECEK\administrator]: >> workgroup is SSUPS-ZAMECEK >> realm is zamecek.home >> Adding CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home >> Adding >> CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >> Adding CN=NTDS >> Settings,CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >> Adding SPNs to CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home >> Setting account password for DC2-LYNX$ >> Enabling account >> Adding DNS account CN=dns-DC2-LYNX,CN=Users,DC=zamecek,DC=home with >> dns/ SPN >> Setting account password for dns-DC2-LYNX >> Calling bare provision >> Looking up IPv4 addresses >> Looking up IPv6 addresses >> No IPv6 address will be assigned >> Setting up share.ldb >> Setting up secrets.ldb >> Setting up the registry >> Setting up the privileges database >> Setting up idmap db >> Setting up SAM db >> Setting up sam.ldb partitions and settings >> Setting up sam.ldb rootDSE >> Pre-loading the Samba 4 and AD schema >> Unable to determine the DomainSID, can not enforce uniqueness >> constraint on local domainSIDs >> >> A Kerberos configuration suitable for Samba AD has been generated at >> /var/lib/samba/private/krb5.conf >> Merge the contents of this file with your system krb5.conf or replace >> it with this one. Do not create a symlink! >> Provision OK for domain DN DC=zamecek,DC=home >> Starting replication >> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >> objects[402/1550] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >> objects[804/1550] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >> objects[1206/1550] linked_values[0/0] >> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >> objects[1550/1550] linked_values[0/0] >> Analyze and apply schema objects >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[402/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[804/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[1206/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[1608/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[1628/1628] >> linked_values[42/42] >> Failed to commit objects: DOS code 0x000021bf >> Missing target object - retrying with DRS_GET_TGT >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[2030/1628] >> linked_values[1/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[2432/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[2834/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[3236/1628] >> linked_values[0/1] >> Partition[CN=Configuration,DC=zamecek,DC=home] objects[3256/1628] >> linked_values[41/42] >> Replicating critical objects from the base DN of the domain >> Partition[DC=zamecek,DC=home] objects[98/97] linked_values[141/141] >> Partition[DC=zamecek,DC=home] objects[500/700] linked_values[0/22] >> Partition[DC=zamecek,DC=home] objects[798/700] linked_values[653/653] >> Done with always replicated NC (base, config, schema) >> Replicating DC=DomainDnsZones,DC=zamecek,DC=home >> Partition[DC=DomainDnsZones,DC=zamecek,DC=home] objects[59/59] >> linked_values[0/0] >> Replicating DC=ForestDnsZones,DC=zamecek,DC=home >> Partition[DC=ForestDnsZones,DC=zamecek,DC=home] objects[18/18] >> linked_values[0/0] >> Exop on[CN=RID Manager$,CN=System,DC=zamecek,DC=home] objects[3] >> linked_values[0] >> Committing SAM database >> Join failed - cleaning up >> Deleted CN=RID Set,CN=DC2-LYNX,OU=Domain >> Controllers,DC=zamecek,DC=home Deleted CN=DC2-LYNX,OU=Domain >> Controllers,DC=zamecek,DC=home Deleted >> CN=dns-DC2-LYNX,CN=Users,DC=zamecek,DC=home Deleted CN=NTDS >> Settings,CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >> Deleted >> CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >> ERROR(ldb): uncaught exception - descriptor_modify on >> CN=Administrator,CN=Users,DC=zamecek,DC=home failed: operations error >> at ../source4/dsdb/samdb/ldb_modules/descriptor.c:819 >> File >> "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line >> 177, in _run return self.run(*args, **kwargs) >> File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", >> line 716, in run >> backend_store=backend_store) >> File "/usr/lib64/python2.7/site-packages/samba/join.py", line >> 1501, in join_DC >> ctx.do_join() >> File "/usr/lib64/python2.7/site-packages/samba/join.py", line >> 1399, in do_join >> ctx.join_replicate() >> File "/usr/lib64/python2.7/site-packages/samba/join.py", line >> 1005, in join_replicate >> ctx.local_samdb.transaction_commit() >> >> I have no idea, where is problem and how solve it - can anyone help? >> Both systems runs Fedora 29 x86_64 Linux, Samba is builded with >> Heimdal 7.5.0 Kerberos, tdb 1.3.16, ldb 1.4.6, first DC was >> provisioned with '--use-rfc2307' and BIND9_DLZ (bind-9.11.5) DNS >> backend. Thanks, Franta >> >> > > You should only build Samba with the Heimdal version supplied with > Samba, you do not need to and shouldn't install Heimdal.My mistake in description - I have installed (it seems unnecessarily) only heimdal-libs package (no -devel ones) and samba itself is not linked with it: # ldd /usr/sbin/samba|grep heim libheimbase-samba4.so.1 => /usr/lib64/samba/libheimbase-samba4.so.1 (0x00007f911e8da000) Thus my problem should be something else - but what? TIA, Franta
Tim Beale
2019-Mar-25 21:14 UTC
[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed
Hi, That failure is a little odd. It's replicated all the DB objects, but is failing trying to commit the transaction. It looks like the error is happening trying to get the objectClass for the Administrator user. The weird thing is it should have already successfully passed this check once when it first received the object. You could try the following: 1. If you run 'samba-tool dbcheck' on the DC you're trying to join, does it report any problems? 2. Try dumping the object it's failing on, just to see if there's anything odd with the objectClass attributes. E.g. ldbsearch -H ldap://$SERVER -b 'CN=Administrator,CN=Users,DC=zamecek,DC=home' 3. Try running the command again with an increased --debuglevel. I'm not sure it'll reveal anything more, but might be worth a shot. Thanks, Tim On 26/03/19 4:20 AM, franta via samba wrote:> Dne 2019-03-25 16:02, Rowland Penny via samba napsal: >> On Mon, 25 Mar 2019 15:12:16 +0100 >> franta via samba <samba at lists.samba.org> wrote: >> >>> Hi team, >>> I have Samba (4.9.5) AD DC, and when trying to add second DC, join >>> fail: >>> >>> # samba-tool domain join zamecek.home DC >>> -U"SSUPS-ZAMECEK\administrator" --option='idmap_ldb:use rfc2307 >>> yes' --dns-backend=BIND9_DLZ Finding a writeable DC for domain >>> 'zamecek.home' Found DC dc1.zamecek.home >>> Password for [SSUPS-ZAMECEK\administrator]: >>> workgroup is SSUPS-ZAMECEK >>> realm is zamecek.home >>> Adding CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home >>> Adding >>> CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >>> >>> Adding CN=NTDS >>> Settings,CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >>> >>> Adding SPNs to CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home >>> Setting account password for DC2-LYNX$ >>> Enabling account >>> Adding DNS account CN=dns-DC2-LYNX,CN=Users,DC=zamecek,DC=home with >>> dns/ SPN >>> Setting account password for dns-DC2-LYNX >>> Calling bare provision >>> Looking up IPv4 addresses >>> Looking up IPv6 addresses >>> No IPv6 address will be assigned >>> Setting up share.ldb >>> Setting up secrets.ldb >>> Setting up the registry >>> Setting up the privileges database >>> Setting up idmap db >>> Setting up SAM db >>> Setting up sam.ldb partitions and settings >>> Setting up sam.ldb rootDSE >>> Pre-loading the Samba 4 and AD schema >>> Unable to determine the DomainSID, can not enforce uniqueness >>> constraint on local domainSIDs >>> >>> A Kerberos configuration suitable for Samba AD has been generated at >>> /var/lib/samba/private/krb5.conf >>> Merge the contents of this file with your system krb5.conf or replace >>> it with this one. Do not create a symlink! >>> Provision OK for domain DN DC=zamecek,DC=home >>> Starting replication >>> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >>> objects[402/1550] linked_values[0/0] >>> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >>> objects[804/1550] linked_values[0/0] >>> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >>> objects[1206/1550] linked_values[0/0] >>> Schema-DN[CN=Schema,CN=Configuration,DC=zamecek,DC=home] >>> objects[1550/1550] linked_values[0/0] >>> Analyze and apply schema objects >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[402/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[804/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[1206/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[1608/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[1628/1628] >>> linked_values[42/42] >>> Failed to commit objects: DOS code 0x000021bf >>> Missing target object - retrying with DRS_GET_TGT >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[2030/1628] >>> linked_values[1/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[2432/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[2834/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[3236/1628] >>> linked_values[0/1] >>> Partition[CN=Configuration,DC=zamecek,DC=home] objects[3256/1628] >>> linked_values[41/42] >>> Replicating critical objects from the base DN of the domain >>> Partition[DC=zamecek,DC=home] objects[98/97] linked_values[141/141] >>> Partition[DC=zamecek,DC=home] objects[500/700] linked_values[0/22] >>> Partition[DC=zamecek,DC=home] objects[798/700] linked_values[653/653] >>> Done with always replicated NC (base, config, schema) >>> Replicating DC=DomainDnsZones,DC=zamecek,DC=home >>> Partition[DC=DomainDnsZones,DC=zamecek,DC=home] objects[59/59] >>> linked_values[0/0] >>> Replicating DC=ForestDnsZones,DC=zamecek,DC=home >>> Partition[DC=ForestDnsZones,DC=zamecek,DC=home] objects[18/18] >>> linked_values[0/0] >>> Exop on[CN=RID Manager$,CN=System,DC=zamecek,DC=home] objects[3] >>> linked_values[0] >>> Committing SAM database >>> Join failed - cleaning up >>> Deleted CN=RID Set,CN=DC2-LYNX,OU=Domain >>> Controllers,DC=zamecek,DC=home Deleted CN=DC2-LYNX,OU=Domain >>> Controllers,DC=zamecek,DC=home Deleted >>> CN=dns-DC2-LYNX,CN=Users,DC=zamecek,DC=home Deleted CN=NTDS >>> Settings,CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >>> >>> Deleted >>> CN=DC2-LYNX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=zamecek,DC=home >>> >>> ERROR(ldb): uncaught exception - descriptor_modify on >>> CN=Administrator,CN=Users,DC=zamecek,DC=home failed: operations error >>> at ../source4/dsdb/samdb/ldb_modules/descriptor.c:819 >>> File >>> "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line >>> 177, in _run return self.run(*args, **kwargs) >>> File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", >>> line 716, in run >>> backend_store=backend_store) >>> File "/usr/lib64/python2.7/site-packages/samba/join.py", line >>> 1501, in join_DC >>> ctx.do_join() >>> File "/usr/lib64/python2.7/site-packages/samba/join.py", line >>> 1399, in do_join >>> ctx.join_replicate() >>> File "/usr/lib64/python2.7/site-packages/samba/join.py", line >>> 1005, in join_replicate >>> ctx.local_samdb.transaction_commit() >>> >>> I have no idea, where is problem and how solve it - can anyone help? >>> Both systems runs Fedora 29 x86_64 Linux, Samba is builded with >>> Heimdal 7.5.0 Kerberos, tdb 1.3.16, ldb 1.4.6, first DC was >>> provisioned with '--use-rfc2307' and BIND9_DLZ (bind-9.11.5) DNS >>> backend. Thanks, Franta >>> >>> >> >> You should only build Samba with the Heimdal version supplied with >> Samba, you do not need to and shouldn't install Heimdal. > > My mistake in description - I have installed (it seems unnecessarily) > only heimdal-libs package (no -devel ones) and samba itself is not > linked with it: > # ldd /usr/sbin/samba|grep heim > libheimbase-samba4.so.1 => > /usr/lib64/samba/libheimbase-samba4.so.1 (0x00007f911e8da000) > > Thus my problem should be something else - but what? > TIA, Franta > >
Franta Hanzlík
2019-Mar-26 04:18 UTC
[Samba] samba 4.9.5 - joining Samba DC to existing Samba AD failed
Hi Tim and Rowland, thanks for Your support! I was thinking about e.g. Python 2.7.15 compatibility (as newer Samba versions require Python3), but You are right, here in DB can be problem - first Samba AD DC was created by migrating Samba3 NT4 domain to Samba4 AD cca week ago (using 'samba-tool domain classicupgrade ...', according to Samba Wiki): On Tue, 26 Mar 2019 10:14:02 +1300 Tim Beale <timbeale at catalyst.net.nz> wrote:> Hi, > > That failure is a little odd. It's replicated all the DB objects, but is > failing trying to commit the transaction. It looks like the error is > happening trying to get the objectClass for the Administrator user. The > weird thing is it should have already successfully passed this check > once when it first received the object. > > You could try the following: > > 1. If you run 'samba-tool dbcheck' on the DC you're trying to join, does > it report any problems?[root at dc1 samba]# samba-tool dbcheck Checking 701 objects NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:2df6a1a3-2a54-4385-ae71-5d95b1348310,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:d77e5f7f-cf78-40da-a895-466ea39cf88a,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Not fixing old string component NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:cdc01d0b-5e0f-4503-ac61-5ef9356095de,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Not fixing old string component Not fixing nTSecurityDescriptor on CN=Administrator,CN=Users,DC=zamecek,DC=home NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:c17ec05e-f0af-4ef7-83c4-bf1c5e336b13,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Not fixing old string component ERROR(<type 'exceptions.TypeError'>): uncaught exception - 'ldb.Dn' object is not iterable File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 157, in run controls=controls, attrs=attrs) File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 222, in check_database error_count += self.check_object(object.dn, attrs=attrs) File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 2245, in check_object for val in obj[attrname]: [root at dc1 samba]# samba-tool dbcheck --fix Checking 701 objects NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:2df6a1a3-2a54-4385-ae71-5d95b1348310,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Change DN to <GUID=3e5b10ad-ad6b-435d-9ca1-51b4ec7e4ee0>;<SID=S-1-5-21-9998-9997-9996-118736>;CN=DC2-LYNX\0ADEL:3e5b10ad-ad6b-435d-9ca1-51b4ec7e4ee0,CN=Deleted Objects,DC=zamecek,DC=home? [y/N/all/none] y Fixed old DN string on attribute lastKnownParent NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:d77e5f7f-cf78-40da-a895-466ea39cf88a,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Change DN to <GUID=67c06c38-e2c9-4c7e-b243-0a99f17f15d2>;<SID=S-1-5-21-9998-9997-9996-118731>;CN=DC2-LYNX\0ADEL:67c06c38-e2c9-4c7e-b243-0a99f17f15d2,CN=Deleted Objects,DC=zamecek,DC=home? [y/N/all/none] y Fixed old DN string on attribute lastKnownParent NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:cdc01d0b-5e0f-4503-ac61-5ef9356095de,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Change DN to <GUID=149c75f7-7fe5-4171-b4c9-7b904a6499f2>;<SID=S-1-5-21-9998-9997-9996-118734>;CN=DC2-LYNX\0ADEL:149c75f7-7fe5-4171-b4c9-7b904a6499f2,CN=Deleted Objects,DC=zamecek,DC=home? [y/N/all/none] y Fixed old DN string on attribute lastKnownParent Fix nTSecurityDescriptor on CN=Administrator,CN=Users,DC=zamecek,DC=home? [y/N/all/none] y Failed to fix attribute nTSecurityDescriptor : (1, 'operations error at ../source4/dsdb/samdb/ldb_modules/descriptor.c:819') NOTE: old (due to rename or delete) DN string component for lastKnownParent in object CN=RID Set\0ADEL:c17ec05e-f0af-4ef7-83c4-bf1c5e336b13,CN=Deleted Objects,DC=zamecek,DC=home - CN=DC2-LYNX,OU=Domain Controllers,DC=zamecek,DC=home Change DN to <GUID=90c946a1-0cdc-42fc-a666-71df394d0ea2>;<SID=S-1-5-21-9998-9997-9996-118735>;CN=DC2-LYNX\0ADEL:90c946a1-0cdc-42fc-a666-71df394d0ea2,CN=Deleted Objects,DC=zamecek,DC=home? [y/N/all/none] y Fixed old DN string on attribute lastKnownParent ERROR(<type 'exceptions.TypeError'>): uncaught exception - 'ldb.Dn' object is not iterable File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 157, in run controls=controls, attrs=attrs) File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 222, in check_database error_count += self.check_object(object.dn, attrs=attrs) File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 2245, in check_object for val in obj[attrname]: and second run show only problem with nTSecurityDescriptor : [root at dc1 samba]# samba-tool dbcheck Checking 701 objects Not fixing nTSecurityDescriptor on CN=Administrator,CN=Users,DC=zamecek,DC=home ERROR(<type 'exceptions.TypeError'>): uncaught exception - 'ldb.Dn' object is not iterable File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/dbcheck.py", line 157, in run controls=controls, attrs=attrs) File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 222, in check_database error_count += self.check_object(object.dn, attrs=attrs) File "/usr/lib64/python2.7/site-packages/samba/dbchecker.py", line 2245, in check_object for val in obj[attrname]: (similarly ends 'samba-tool dbcheck --cross-ncs')> 2. Try dumping the object it's failing on, just to see if there's > anything odd with the objectClass attributes. E.g. > ldbsearch -H ldap://$SERVER -b > 'CN=Administrator,CN=Users,DC=zamecek,DC=home'[root at dc1 samba]# ldbsearch -H /var/lib/samba/private/sam.ldb.d/DC=ZAMECEK,DC=HOME.ldb '(CN=Administrator)' # record 1 dn: CN=Administrator,CN=Users,DC=zamecek,DC=home objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: posixAccount cn: Administrator description: Built-in account for administering the computer/domain instanceType: 4 whenCreated: 20190227200715.0Z uSNCreated: 3626 nTSecurityDescriptor:: AQAXjBQAAAAwAAAATAAAAMQAAAABBQAAAAAABRUAAAAOJwAADScAAAw nAAAAAgAAAQUAAAAAAAUVAAAADicAAA0nAAAMJwAAAAIAAAQAeAACAAAAB1o4ACAAAAADAAAAvjsO 8/Cf0RG2AwAA+ANnwaV6lr/mDdARooUAqgAwSeIBAQAAAAAAAQAAAAAHWjgAIAAAAAMAAAC/Ow7z8 J/REbYDAAD4A2fBpXqWv+YN0BGihQCqADBJ4gEBAAAAAAABAAAAAAQA1AcsAAAAAAAkAP8BDwABBQ AAAAAABRUAAAAOJwAADScAAAwnAAAAAgAAAAAUAP8BDwABAQAAAAAABRIAAAAAABgA/wEPAAECAAA AAAAFIAAAACQCAAAAABQAlAACAAEBAAAAAAAFCgAAAAUAKAAAAQAAAQAAAFMacqsvHtARmBkAqgBA UpsBAQAAAAAABQoAAAAFACgAAAEAAAEAAABUGnKrLx7QEZgZAKoAQFKbAQEAAAAAAAUKAAAABQAoA AABAAABAAAAVhpyqy8e0BGYGQCqAEBSmwEBAAAAAAAFCgAAAAUAKAAwAAAAAQAAAIa4tXdKlNERrr 0AAPgDZ8EBAQAAAAAABQoAAAAFACgAMAAAAAEAAACylVfkVZTREa69AAD4A2fBAQEAAAAAAAUKAAA ABQAoADAAAAABAAAAs5VX5FWU0RGuvQAA+ANnwQEBAAAAAAAFCgAAAAUAOAAQAAAAAQAAAPiIcAPh CtIRtCIAoMlo+TkBBQAAAAAABRUAAAAOJwAADScAAAwnAAApAgAABQA4ABAAAAABAAAAAEIWTMAg0 BGnaACqAG4FKQEFAAAAAAAFFQAAAA4nAAANJwAADCcAACkCAAAFADgAEAAAAAEAAABAwgq8qXnQEZ AgAMBPwtTPAQUAAAAAAAUVAAAADicAAA0nAAAMJwAAKQIAAAAAFAAAAAIAAQEAAAAAAAULAAAABQA oABAAAAABAAAAQi+6WaJ50BGQIADAT8LTzwEBAAAAAAAFCwAAAAUAKAAQAAAAAQAAAIa4tXdKlNER rr0AAPgDZ8EBAQAAAAAABQsAAAAFACgAEAAAAAEAAACzlVfkVZTREa69AAD4A2fBAQEAAAAAAAULA AAABQAoABAAAAABAAAAVAGN5Pi80RGHAgDAT7lgUAEBAAAAAAAFCwAAAAUAKAAAAQAAAQAAAFMacq svHtARmBkAqgBAUpsBAQAAAAAAAQAAAAAFADgAEAAAAAEAAAAQICBfpXnQEZAgAMBPwtTPAQUAAAA AAAUVAAAADicAAA0nAAAMJwAAKQIAAAUAOAAwAAAAAQAAAH96lr/mDdARooUAqgAwSeIBBQAAAAAA BRUAAAAOJwAADScAAAwnAAAFAgAABQAsABAAAAABAAAAHbGpRq5gWkC36P+KWNRW0gECAAAAAAAFI AAAADACAAAFACwAMAAAAAEAAAAcmrZtIpTREa69AAD4A2fBAQIAAAAAAAUgAAAAMQIAAAUALAAwAA AAAQAAAGK8BVjJvShEpeKFag9MGF4BAgAAAAAABSAAAAAxAgAABRo8ABAAAAADAAAAAEIWTMAg0BG naACqAG4FKRTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAADAAAAAEIWTMAg 0BGnaACqAG4FKbp6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAAAADAAAAECAgX 6V50BGQIADAT8LUzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAADAAAAEC AgX6V50BGQIADAT8LUz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAAAADAAA AQMIKvKl50BGQIADAT8LUzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8ABAAAAAD AAAAQMIKvKl50BGQIADAT8LUz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo8ABAAA AADAAAAQi+6WaJ50BGQIADAT8LTzxTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAABRI8AB AAAAADAAAAQi+6WaJ50BGQIADAT8LTz7p6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqAgAABRo 8ABAAAAADAAAA+IhwA+EK0hG0IgCgyWj5ORTMKEg3FLxFmwetbwFeXygBAgAAAAAABSAAAAAqAgAA BRI8ABAAAAADAAAA+IhwA+EK0hG0IgCgyWj5Obp6lr/mDdARooUAqgAwSeIBAgAAAAAABSAAAAAqA gAABRo4ABAAAAADAAAAbZ7Gt8cs0hGFTgCgyYP2CIZ6lr/mDdARooUAqgAwSeIBAQAAAAAABQkAAA AFGjgAEAAAAAMAAABtnsa3xyzSEYVOAKDJg/YInHqWv+YN0BGihQCqADBJ4gEBAAAAAAAFCQAAAAU SOAAQAAAAAwAAAG2exrfHLNIRhU4AoMmD9gi6epa/5g3QEaKFAKoAMEniAQEAAAAAAAUJAAAABRos AJQAAgACAAAAFMwoSDcUvEWbB61vAV5fKAECAAAAAAAFIAAAACoCAAAFGiwAlAACAAIAAACcepa/5 g3QEaKFAKoAMEniAQIAAAAAAAUgAAAAKgIAAAUSLACUAAIAAgAAALp6lr/mDdARooUAqgAwSeIBAg AAAAAABSAAAAAqAgAABRIoADABAAABAAAA3kfmkW/ZcEuVV9Y/9PPM2AEBAAAAAAAFCgAAAAASJAD /AQ8AAQUAAAAAAAUVAAAADicAAA0nAAAMJwAABwIAAAASGAAEAAAAAQIAAAAAAAUgAAAAKgIAAAAS GAC9AQ8AAQIAAAAAAAUgAAAAIAIAAA=name: Administrator objectGUID:: oADwF9LfoUapbT5rVUONkg=userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAADicAAA0nAAAMJwAA9AEAAA=adminCount: 1 accountExpires: 9223372036854775807 sAMAccountName: Administrator sAMAccountType: 805306368 objectCategory: <GUID=238cd868-9d8d-43e2-9855-f70001c12772>;CN=Person,CN=Schem a,CN=Configuration,DC=zamecek,DC=home isCriticalSystemObject: TRUE unicodePwd:: DAAAABQU67uf0vSlOUuHTO2tXMoBAAAAAQAAAAAAAADsad+EY3+rJCG0Qgvh/+Tny shRHrIeCHs8ce1WDwjAtu0gvEwsupplementalCredentials:: DAAAAC9u7UdTAwrU7/KwHu2tXMoBAAAAAQAAAAAAAABQYmR8KCx3 cvXG/18LG9t1uowaHwRKkPbySXbg/5Fsx216DTo6PQqgmUIfm9E59tmCisu/GZ9y7H5LM8r2BlCB0 aXvDCS9IUf8invF4R/F6NXbfyjIxwB+7NJw8aYfqNahYh4NiOxLzfMGBMIQ3cWjZn2aEq1vlE1XSr 2U04k/ZD1tmLWthEvNC9rfKK6ErLh4Ojm5sVBeY49YJIQ6ajoo6t2qTTPl6Qsx5XZj+5jnqXpvh2A AeJo76JPb2YBlKqnW7hEK93PY6sHAeRkHwIIyAFa++0awHltLliO4pXkTVepKzcmv1nXrnpC75Wkx SDoHR5MO9k+WDTz9owvVDc3ogDwtMEF3TgwyaPRNdiH95TCGa+1xGM/iI1yo08XeZglRFCGn3WBLx jAtNJoo9UDYroQuyh+1z/nTBNoMX7bLG5vug9WiJpbA8VMc0Clj/7xMUuz3pmBShfmfzGkRtAtjOZ cBVJnbIfA/qnJ8Kv/XKzNK8D43T1a+a0ZSQUmqvE1WWuG9MnsK/MouDSTCFZU51/1CrMRkqaY74sn H8iZvn0P8rDQttpyRcpfKwvOUlmnyODIMgzfgMScZI2thdlnR4Wp3ssGzB+lI5g+jW+aJYuNLFn/4 97JRQ3P/twLqnPEL3eee8Voa1zofGVBxJ+tHoNQSU/qpZrh8crQUtCQaGu0mQpzwXTMGyTpR/wRUo WZZo8tyFFKhEh+/jWNtvMw2O+Og+8Lm8pNgHPUjHVjJ7O5OSvL6Aq4w+ICDnpXi8loOp+9SHlM5PC swlCUf955D/z7looXZ476SNAFIJ+nbpv3Npd3Se0qPzbNr5Z37XcIqg5gN0S0mPI/HIYtw2WQkC7A nhh+839aOyDGaVy2dDNavMNErwV4D4VoWePCLfxzRgmJWrHlfC2+RaYPWNOsc3hQnsaXzNR7mpIJ+ 60CYftkM9rxe5QMl5N1XOWK9rSszOzZeIXgIZzq7ehQ/sYhcyDAC+aJKMOFpe0F9f6OApJ6qWFscI 3sV/w7ihgKK/54+Xf2V8ccNVGGKDgBY37w+jpLXbVlw9tSPcRXnituQyW3gU5CRXBzhVFupsLvGPT 2U8xzkfhFalrKIo4fjJYqB9iKm0UWNQn8OKOCdRccoBNmnbGEwdBJ9MwgL177pvMVo+9QFdsKgRCy Q4rxtd/NbApds3uOr2zrPQchXQTxLveeXyP1u0Kuq+STqCyb3KoXPq70/HDPVmoAzJN3K9F3u+vql on9GBP+busd9dZCB30F8/1ENQ2+TbhmDQW2gRz6xji8OuuwQBwKTJNJ9b8RzaordwAyknSfSq1BFg Kp6RT0XzcgTS2QEOG4n8WjwfKt+JEv62hlU78bRhQjMhXeuGOUuLNa1lLQRAu6rC6+rj6jGwEq1+m dDT8tGK5xuasWkwFJrAWEdqF5HJpIFqR5XQUNXiSzoOShFEjHhy1pEZeOVTOOxdPbIVkEGdNlsxWD h48m7rcw8VwCiNLRmBs34dsH9P0d6KVgO3mg3c5p8Vckoy0ejUxVa1yOt+7OcFPGP0c2cjXM6jUCK VagZFcbMqW0JqytUi/PwzSFIibH+K9Gxkeu8OsagtWPitZGa10z894Niazr8w+efv6ZfegAdEwMJ7 zJ+A15zUYQEkGRMTAX8ASur6Fop5Pnez4H3ChHpZaXpefEErEv04sQoCGA0Od3Z3OqYLpXjh0a2/N y9qrIBDXbdx2zqRy2mUltPoSqk9RKEvKPsWHK4LHD0QqpNXpXX3Ioz/lVUjVMdnvjh6xeg3UueXa7 klIeOltZI+jLAsiczE+ncDyRH7fnRefjwPVy1pGEBJ6DQ6ojSWqBuudrngNQwA049K9n1h+lSjqYd dV8wSdif42XcvzXAhOrzxVrO94TwQjTTAVS97FG7oY+M4R62V/fuATsOXw9zcuQYRLqSoLD93/JGq 0YQHIIku8NQsAMHdLuqCGhd382y5GM8frdWaStRKOi64VtDHmeIuuWZBO6MeiMCPrjlNdreZN9nL3 TSJDWJUsNZJtIPLU0W9IQegm6Ux4MpnBiuH/+XZ5wcTurf30DItcv27Gfz+nrIB7DHh6GbIUATfTy B6jNGZIcqEgm720p4raoZwZrLUb7juRB+RRINLzGfWDHO0RaZad9CSZ8P1lR2DiuBM/Sj87PMQllW 6HMCa8IzC+z+KboOCcSRxU8k67BKNApqKw=pwdLastSet: 131960948110000000 memberOf: <GUID=399b9635-766b-440e-a809-0da8167cb99e>;<SID=S-1-5-21-9998-9997- 9996-512>;CN=Domain Admins,OU=System_Groups,DC=zamecek,DC=home memberOf: <GUID=d5fb0b44-67ab-4315-aa52-d4349c055f71>;<SID=S-1-5-21-9998-9997- 9996-518>;CN=Schema Admins,OU=System_Groups,DC=zamecek,DC=home memberOf: <GUID=7d21a3e5-30ac-46b0-92f4-d08be381dcf9>;<SID=S-1-5-21-9998-9997- 9996-519>;CN=Enterprise Admins,OU=System_Groups,DC=zamecek,DC=home memberOf: <GUID=4525698e-ee4b-44aa-af2a-6c0c96fa0983>;<SID=S-1-5-21-9998-9997- 9996-520>;CN=Group Policy Creator Owners,OU=System_Groups,DC=zamecek,DC=home memberOf: <GUID=378c3027-8902-4d85-a053-9207a2583ee7>;<SID=S-1-5-32-544>;CN=Ad ministrators,CN=Builtin,DC=zamecek,DC=home gidNumber: 1103 uidNumber: 0 loginShell: /bin/bash unixHomeDirectory: /root lastLogonTimestamp: 131976602069696270 replPropertyMetaData:: AQAAAAAAAAAeAAAAAAAAAAAAAAABAAAA836HEgMAAACXgSzMRECdTKJ 4COKShXaDKg4AAAAAAAAqDgAAAAAAAAMAAAABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4A AAAAAAAqDgAAAAAAAA0AAAABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAA AAAAAEAAgABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAAIAAgABAA AA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAABkBAgABAAAA836HEgMAAAC XgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAAEACQABAAAA836HEgMAAACXgSzMRECdTKJ4 COKShXaDKg4AAAAAAAAqDgAAAAAAAAgACQABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AA AAAAAAqDgAAAAAAABAACQABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAA AAABkACQABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAADcACQAGAAA AW22MEgMAAACXgSzMRECdTKJ4COKShXaDACYAAAAAAAAAJgAAAAAAAEAACQABAAAA836HEgMAAACX gSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAFoACQAGAAAAW22MEgMAAACXgSzMRECdTKJ4C OKShXaDACYAAAAAAAAAJgAAAAAAAF4ACQAGAAAAW22MEgMAAACXgSzMRECdTKJ4COKShXaDACYAAA AAAAAAJgAAAAAAAGAACQAGAAAAW22MEgMAAACXgSzMRECdTKJ4COKShXaDACYAAAAAAAAAJgAAAAA AAGIACQABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAH0ACQAGAAAA W22MEgMAAACXgSzMRECdTKJ4COKShXaDACYAAAAAAAAAJgAAAAAAAJIACQABAAAA836HEgMAAACXg SzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAJYACQABAAAA836HEgMAAACXgSzMRECdTKJ4CO KShXaDKg4AAAAAAAAqDgAAAAAAAJ8ACQABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAA AAAAqDgAAAAAAAKAACQAGAAAAW22MEgMAAACXgSzMRECdTKJ4COKShXaDACYAAAAAAAAAJgAAAAAA AN0ACQABAAAA836HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAC4BCQABAAAA8 36HEgMAAACXgSzMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAA4DCQABAAAA836HEgMAAACXgS zMRECdTKJ4COKShXaDKg4AAAAAAAAqDgAAAAAAAGQDCQABAAAA836HEgMAAACXgSzMRECdTKJ4COK ShXaDKg4AAAAAAAAqDgAAAAAAAKAGCQADAAAALlCkEgMAAACXgSzMRECdTKJ4COKShXaDsCYAAAAA AACwJgAAAAAAAAAAJQABAAAARDebEgMAAACXgSzMRECdTKJ4COKShXaDjCYAAAAAAACMJgAAAAAAA AEAJQABAAAAPjebEgMAAACXgSzMRECdTKJ4COKShXaDiyYAAAAAAACLJgAAAAAAAAMAJQABAAAAOz ebEgMAAACXgSzMRECdTKJ4COKShXaDiiYAAAAAAACKJgAAAAAAAAQAJQABAAAARTebEgMAAACXgSz MRECdTKJ4COKShXaDjSYAAAAAAACNJgAAAAAAAA=whenChanged: 20190321164326.0Z uSNChanged: 9904 lastLogon: 131979773829025460 logonCount: 609 distinguishedName: CN=Administrator,CN=Users,DC=zamecek,DC=home # returned 1 records # 1 entries # 0 referrals Thus it seems as there is any problem with Administrator nTSecurityDescriptor - but what and how correct it?> 3. Try running the command again with an increased --debuglevel. I'm not > sure it'll reveal anything more, but might be worth a shot. > > Thanks, > Tim > [...]
Possibly Parallel Threads
- samba 4.9.5 - joining Samba DC to existing Samba AD failed
- samba 4.9.5 - joining Samba DC to existing Samba AD failed
- samba 4.9.5 - joining Samba DC to existing Samba AD failed
- samba 4.9.5 - joining Samba DC to existing Samba AD failed
- samba 4.9.5 - joining Samba DC to existing Samba AD failed