Marcio Demetrio Bacci
2019-Jun-24 14:11 UTC
[Samba] Problem to join Samba 4 DC an existing Windows AD
Hi,
My DCs are Windows Server 2008 (not R2) and I intend to replace then by
Samba 4.
I'm using Samba 4.10.5 on Debian 9.9
when I execute the commands below it seems that errors occur of not receive
replication of the objects from the base of AD or no commit the operation:
root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC
-Uadministrator --realm=empresa.com.br
INFO 2019-06-23 20:53:06,973 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #103: Finding a
writeable DC for domain 'empresa.com.br'
INFO 2019-06-23 20:53:06,981 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #105: Found DC
navegantes.empresa.com.br
Password for [WORKGROUP\administrator]:
INFO 2019-06-23 20:53:18,322 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1519: workgroup
is EMPRESA
INFO 2019-06-23 20:53:18,323 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/join.py #1522: realm is
empresa.com.br
Adding CN=SAMBA4DC,OU=Domain Controllers,DC=empres,DC=com,DC=br
Adding
CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Adding CN=NTDS
Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Adding SPNs to CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
Setting account password for SAMBA4DC$
Enabling account
Calling bare provision
INFO 2019-06-23 20:53:22,325 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2079: Looking up IPv4 addresses
INFO 2019-06-23 20:53:22,325 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2096: Looking up IPv6 addresses
WARNING 2019-06-23 20:53:22,326 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2103: No IPv6 address will be assigned
INFO 2019-06-23 20:53:22,621 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2269: Setting up share.ldb
INFO 2019-06-23 20:53:22,775 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2273: Setting up secrets.ldb
INFO 2019-06-23 20:53:22,884 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2279: Setting up the registry
INFO 2019-06-23 20:53:23,021 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2282: Setting up the privileges database
INFO 2019-06-23 20:53:23,070 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2285: Setting up idmap db
INFO 2019-06-23 20:53:23,143 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2292: Setting up SAM db
INFO 2019-06-23 20:53:23,158 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#882: Setting up sam.ldb partitions and settings
INFO 2019-06-23 20:53:23,161 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#894: Setting up sam.ldb rootDSE
INFO 2019-06-23 20:53:23,166 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#1297: Pre-loading the Samba 4 and AD schema
*Unable to determine the DomainSID, can not enforce uniqueness constraint
on local domainSIDs*
INFO 2019-06-23 20:53:23,200 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2342: A Kerberos configuration suitable for Samba AD has been generated at
/usr/local/samba/private/krb5.conf
INFO 2019-06-23 20:53:23,200 pid:674
/usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py
#2343: Merge the contents of this file with your system krb5.conf or
replace it with this one. Do not create a symlink!
Provision OK for domain DN DC=empres,DC=com,DC=br
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[402/1626] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[804/1626] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[1206/1626] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br]
objects[1521/1626] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[402/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[804/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1206/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1608/1262]
linked_values[0/46]
Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1696/1262]
linked_values[46/46]
dsdb_replicated_objects_convert: Ignoring object outside partition
43911352-587f-417a-a791-3faab1c8944f
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br:
WERR_DS_ADD_REPLICA_INHIBITED
Replicating critical objects from the base DN of the domain
Partition[DC=empresa,DC=com,DC=br] objects[101/546] linked_values[18/257]
Partition[DC=empresa,DC=com,DC=br] objects[402/2392] linked_values[0/257]
Partition[DC=empresa,DC=com,DC=br] objects[806/2392] linked_values[50/257]
*Failed to commit objects: DOS code 0x000021bfJoin failed - cleaning up*
Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br
Deleted CN=NTDS
Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
Deleted
CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
ERROR(runtime): uncaught exception - (8639, "Failed to process
'chunk' of
DRS replicated objects: DOS code 0x000021bf")
File
"/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py",
line 185, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py",
line
699, in run
backend_store=backend_store)
File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py",
line
1535, in join_DC
ctx.do_join()
File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py",
line
1429, in do_join
ctx.join_replicate()
File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py",
line
977, in join_replicate
replica_flags=ctx.domain_replica_flags)
File
"/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
line 356, in replicate
raise e
File
"/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
line 343, in replicate
self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
File
"/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py",
line 237, in process_chunk
schema=schema, req_level=req_level, req=req)
Does anybody have an idea how to solve this problem?
Regards,
M?rcio Bacci
Rowland penny
2019-Jun-24 14:24 UTC
[Samba] Problem to join Samba 4 DC an existing Windows AD
On 24/06/2019 15:11, Marcio Demetrio Bacci via samba wrote:> Hi, > > My DCs are Windows Server 2008 (not R2) and I intend to replace then by > Samba 4. > > I'm using Samba 4.10.5 on Debian 9.9 > > when I execute the commands below it seems that errors occur of not receive > replication of the objects from the base of AD or no commit the operation: > > root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC > -Uadministrator --realm=empresa.com.br > > INFO 2019-06-23 20:53:06,973 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #103: Finding a > writeable DC for domain 'empresa.com.br' > INFO 2019-06-23 20:53:06,981 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #105: Found DC > navegantes.empresa.com.br > Password for [WORKGROUP\administrator]: > INFO 2019-06-23 20:53:18,322 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1519: workgroup > is EMPRESA > INFO 2019-06-23 20:53:18,323 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1522: realm is > empresa.com.br > Adding CN=SAMBA4DC,OU=Domain Controllers,DC=empres,DC=com,DC=br > Adding > CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > Adding CN=NTDS > Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > Adding SPNs to CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br > Setting account password for SAMBA4DC$ > Enabling account > Calling bare provision > INFO 2019-06-23 20:53:22,325 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2079: Looking up IPv4 addresses > INFO 2019-06-23 20:53:22,325 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2096: Looking up IPv6 addresses > WARNING 2019-06-23 20:53:22,326 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2103: No IPv6 address will be assigned > INFO 2019-06-23 20:53:22,621 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2269: Setting up share.ldb > INFO 2019-06-23 20:53:22,775 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2273: Setting up secrets.ldb > INFO 2019-06-23 20:53:22,884 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2279: Setting up the registry > INFO 2019-06-23 20:53:23,021 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2282: Setting up the privileges database > INFO 2019-06-23 20:53:23,070 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2285: Setting up idmap db > INFO 2019-06-23 20:53:23,143 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2292: Setting up SAM db > INFO 2019-06-23 20:53:23,158 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #882: Setting up sam.ldb partitions and settings > INFO 2019-06-23 20:53:23,161 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #894: Setting up sam.ldb rootDSE > INFO 2019-06-23 20:53:23,166 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #1297: Pre-loading the Samba 4 and AD schema > > *Unable to determine the DomainSID, can not enforce uniqueness constraint > on local domainSIDs* > INFO 2019-06-23 20:53:23,200 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2342: A Kerberos configuration suitable for Samba AD has been generated at > /usr/local/samba/private/krb5.conf > INFO 2019-06-23 20:53:23,200 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2343: Merge the contents of this file with your system krb5.conf or > replace it with this one. Do not create a symlink! > Provision OK for domain DN DC=empres,DC=com,DC=br > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[402/1626] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[804/1626] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[1206/1626] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[1521/1626] linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[402/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[804/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1206/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1608/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1696/1262] > linked_values[46/46] > dsdb_replicated_objects_convert: Ignoring object outside partition > 43911352-587f-417a-a791-3faab1c8944f > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br: > WERR_DS_ADD_REPLICA_INHIBITED > Replicating critical objects from the base DN of the domain > Partition[DC=empresa,DC=com,DC=br] objects[101/546] linked_values[18/257] > Partition[DC=empresa,DC=com,DC=br] objects[402/2392] linked_values[0/257] > Partition[DC=empresa,DC=com,DC=br] objects[806/2392] linked_values[50/257] > > *Failed to commit objects: DOS code 0x000021bfJoin failed - cleaning up* > Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br > Deleted CN=NTDS > Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > Deleted > CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > ERROR(runtime): uncaught exception - (8639, "Failed to process 'chunk' of > DRS replicated objects: DOS code 0x000021bf") > File > "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py", > line 185, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line > 699, in run > backend_store=backend_store) > File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line > 1535, in join_DC > ctx.do_join() > File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line > 1429, in do_join > ctx.join_replicate() > File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line > 977, in join_replicate > replica_flags=ctx.domain_replica_flags) > File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py", > line 356, in replicate > raise e > File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py", > line 343, in replicate > self.process_chunk(level, ctr, schema, req_level, req, first_chunk) > File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py", > line 237, in process_chunk > schema=schema, req_level=req_level, req=req) > > > Does anybody have an idea how to solve this problem? > > Regards, > > M?rcio BacciAre you still compiling Samba yourself ? What function level is the Windows domain running at ? Finally, just because you didn't like the advice you got before, it isn't a reason to open a new thread on the same subject, you should have replied to your original thread. Rowland
L.P.H. van Belle
2019-Jun-24 15:07 UTC
[Samba] Problem to join Samba 4 DC an existing Windows AD
> > ERROR(runtime): uncaught exception - (8639, "Failed to > > process 'chunk' of > > DRS replicated objects: DOS code 0x000021bf")0x000021bf : The replication operation failed because the target object referred by a link value is recycled. Maybe first run : samba-tool domain tombstones expunge Check the DNS if any leftovers and check with RSAT also for leftovers. Then run : samba-tool dbcheck --cross-nc Fix things where needed. THEN join. And use : samba-tool domain join empresa.com.br DC -Uadministrator --realm=EMPRESA.COM.BR DNS domain = empresa.com.br and Kerberos domain = EMPRESA.COM.BR These are NOT the same. Greetz, Louis
L.P.H. van Belle
2019-Jun-25 14:20 UTC
[Samba] Problem to join Samba 4 DC an existing Windows AD
Hai Marcio, Please keep mailing to the list, that helps everybody. ;-) Question, does the Windows AD domain contain MS Exchange also? Ow and my bad.. This : samba-tool domain tombstones expunge You need to purge the tombstones on the windows server, but forget that all. I had a new look and noticed: root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC -Uadministrator --realm=empresa.com.br ( a bit of a strange folder also to be in.. ) And what does the wiki tell me. https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory There are three authentication methods you can us: samba-tool domain join samdom.example.com DC -U"SAMDOM\administrator" samba-tool domain join samdom.example.com DC -k yes samba-tool domain join samdom.example.com DC --krb5-ccache=/tmp/krb5cc_0 And yours, what is the difference.. ? samba-tool domain join empresa.com.br DC -Uadministrator --realm=empresa.com.br I suggest this. Kinit Administrator Then you know kerberos auth also works. Then try : samba-tool domain join empresa.com.br DC -k yes And kdestroy to remove the kerberos ticket. Now, if you keep having problems with it, and your using own compiled setup, Then show the compile parameters, or .. Remove the compiled version and use my repo (http://apt.van-belle.nl) And you can install 4.10.5 also on stretch with apt-get. Greetz, Louis ________________________________ Van: Marcio Demetrio Bacci [mailto:marciobacci at gmail.com] Verzonden: maandag 24 juni 2019 19:11 Aan: L.P.H. van Belle Onderwerp: Re: [Samba] Problem to join Samba 4 DC an existing Windows AD Hi, Follows the results of commands below executed in Samba 4: >Maybe first run : samba-tool domain tombstones expunge samba-tool domain tombstones expunge Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs dsdb_schema_from_db() failed: 32:No such object: dsdb_schema: failed to search attributeSchema and classSchema objects: No such Base DN: CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br dsdb_get_schema: refresh_fn() failed schema_load_init: dsdb_get_schema failed module schema_load initialization failed : Operations error module dsdb_notification initialization failed : Operations error module rootdse initialization failed : Operations error module samba_dsdb initialization failed : Operations error Unable to load modules for tdb:///usr/local/samba/private/sam.ldb: schema_load_init: dsdb_get_schema failed ERROR(ldb): uncaught exception - schema_load_init: dsdb_get_schema failed File "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py", line 185, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line 3913, in run credentials=creds, lp=lp) File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py", line 67, in __init__ options=options) File "/usr/local/samba/lib/python3.5/site-packages/samba/__init__.py", line 115, in __init__ self.connect(url, flags, options) File "/usr/local/samba/lib/python3.5/site-packages/samba/samdb.py", line 82, in connect options=options) >Check the DNS if any leftovers and check with RSAT also for leftovers. There isn't leftovers. >Then run : samba-tool dbcheck --cross-nc samba-tool dbcheck --cross-nc Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs dsdb_schema_from_db() failed: 32:No such object: dsdb_schema: failed to search attributeSchema and classSchema objects: No such Base DN: CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br dsdb_get_schema: refresh_fn() failed schema_load_init: dsdb_get_schema failed module schema_load initialization failed : Operations error module dsdb_notification initialization failed : Operations error module rootdse initialization failed : Operations error module samba_dsdb initialization failed : Operations error Unable to load modules for tdb:///usr/local/samba/private/sam.ldb: schema_load_init: dsdb_get_schema failed ERROR: Failed to connect to DB at None. If this is a really old sam.ldb (before alpha9), then try again with --force-modules >DNS domain = empresa.com.br <http://empresa.com.br/> and Kerberos domain = EMPRESA.COM.BR <http://empresa.com.br/> >These are NOT the same. OK. root at samba4dc:~# cat /etc/krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = EMPRESA.COM.BR cat /etc/resolv.conf domain empresa.com.br search empresa.com.br nameserver 172.30.1.1 # is not the Windows DC nameserver 172.30.1.2 # is not the Windows DC We use bind as authorative DNS. The Windows DC only receves updates of the bind servers. Regards, M?rcio Bacci Em seg, 24 de jun de 2019 ?s 12:09, L.P.H. van Belle via samba <samba at lists.samba.org> escreveu: > > ERROR(runtime): uncaught exception - (8639, "Failed to > > process 'chunk' of > > DRS replicated objects: DOS code 0x000021bf") 0x000021bf : The replication operation failed because the target object referred by a link value is recycled. Maybe first run : samba-tool domain tombstones expunge Check the DNS if any leftovers and check with RSAT also for leftovers. Then run : samba-tool dbcheck --cross-nc Fix things where needed. THEN join. And use : samba-tool domain join empresa.com.br DC -Uadministrator --realm=EMPRESA.COM.BR DNS domain = empresa.com.br and Kerberos domain = EMPRESA.COM.BR These are NOT the same. Greetz, Louis -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Hi M?rcio, I think this is the same problem as seen here: https://lists.samba.org/archive/samba/2018-June/216549.html The problem is due to differences in the replication implementation between Samba and Windows. Normally, Samba uses the GET_TGT mechanism to recover from this situation, but unfortunately that feature is only supported on Windows 2008R2 DCs, not 2008 like you have. Try the suggested work-around on that thread: - Join a DC running Samba v4.7. - After the join, do a 'samba-tool drs replicate --full-sync' on each of the partitions to recover the dropped links. - Upgrade the Samba DC to v4.10 (probably best to do this by joining a second v4.10 Samba DC, then upgrade the first v4.7 DC to v4.10 and rejoin it to the second Samba DC). Cheers, Tim On 25/06/19 2:11 AM, Marcio Demetrio Bacci via samba wrote:> Hi, > > My DCs are Windows Server 2008 (not R2) and I intend to replace then by > Samba 4. > > I'm using Samba 4.10.5 on Debian 9.9 > > when I execute the commands below it seems that errors occur of not receive > replication of the objects from the base of AD or no commit the operation: > > root at samba4dc:/etc/init.d# samba-tool domain join empresa.com.br DC > -Uadministrator --realm=empresa.com.br > > INFO 2019-06-23 20:53:06,973 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #103: Finding a > writeable DC for domain 'empresa.com.br' > INFO 2019-06-23 20:53:06,981 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #105: Found DC > navegantes.empresa.com.br > Password for [WORKGROUP\administrator]: > INFO 2019-06-23 20:53:18,322 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1519: workgroup > is EMPRESA > INFO 2019-06-23 20:53:18,323 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/join.py #1522: realm is > empresa.com.br > Adding CN=SAMBA4DC,OU=Domain Controllers,DC=empres,DC=com,DC=br > Adding > CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > Adding CN=NTDS > Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > Adding SPNs to CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br > Setting account password for SAMBA4DC$ > Enabling account > Calling bare provision > INFO 2019-06-23 20:53:22,325 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2079: Looking up IPv4 addresses > INFO 2019-06-23 20:53:22,325 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2096: Looking up IPv6 addresses > WARNING 2019-06-23 20:53:22,326 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2103: No IPv6 address will be assigned > INFO 2019-06-23 20:53:22,621 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2269: Setting up share.ldb > INFO 2019-06-23 20:53:22,775 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2273: Setting up secrets.ldb > INFO 2019-06-23 20:53:22,884 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2279: Setting up the registry > INFO 2019-06-23 20:53:23,021 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2282: Setting up the privileges database > INFO 2019-06-23 20:53:23,070 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2285: Setting up idmap db > INFO 2019-06-23 20:53:23,143 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2292: Setting up SAM db > INFO 2019-06-23 20:53:23,158 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #882: Setting up sam.ldb partitions and settings > INFO 2019-06-23 20:53:23,161 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #894: Setting up sam.ldb rootDSE > INFO 2019-06-23 20:53:23,166 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #1297: Pre-loading the Samba 4 and AD schema > > *Unable to determine the DomainSID, can not enforce uniqueness constraint > on local domainSIDs* > INFO 2019-06-23 20:53:23,200 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2342: A Kerberos configuration suitable for Samba AD has been generated at > /usr/local/samba/private/krb5.conf > INFO 2019-06-23 20:53:23,200 pid:674 > /usr/local/samba/lib/python3.5/site-packages/samba/provision/__init__.py > #2343: Merge the contents of this file with your system krb5.conf or > replace it with this one. Do not create a symlink! > Provision OK for domain DN DC=empres,DC=com,DC=br > Starting replication > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[402/1626] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[804/1626] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[1206/1626] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br] > objects[1521/1626] linked_values[0/0] > Analyze and apply schema objects > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[402/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[804/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1206/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1608/1262] > linked_values[0/46] > Partition[CN=Configuration,DC=empresa,DC=com,DC=br] objects[1696/1262] > linked_values[46/46] > dsdb_replicated_objects_convert: Ignoring object outside partition > 43911352-587f-417a-a791-3faab1c8944f > CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br: > WERR_DS_ADD_REPLICA_INHIBITED > Replicating critical objects from the base DN of the domain > Partition[DC=empresa,DC=com,DC=br] objects[101/546] linked_values[18/257] > Partition[DC=empresa,DC=com,DC=br] objects[402/2392] linked_values[0/257] > Partition[DC=empresa,DC=com,DC=br] objects[806/2392] linked_values[50/257] > > *Failed to commit objects: DOS code 0x000021bfJoin failed - cleaning up* > Deleted CN=SAMBA4DC,OU=Domain Controllers,DC=empresa,DC=com,DC=br > Deleted CN=NTDS > Settings,CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > Deleted > CN=SAMBA4DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > ERROR(runtime): uncaught exception - (8639, "Failed to process 'chunk' of > DRS replicated objects: DOS code 0x000021bf") > File > "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/__init__.py", > line 185, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python3.5/site-packages/samba/netcmd/domain.py", line > 699, in run > backend_store=backend_store) > File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line > 1535, in join_DC > ctx.do_join() > File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line > 1429, in do_join > ctx.join_replicate() > File "/usr/local/samba/lib/python3.5/site-packages/samba/join.py", line > 977, in join_replicate > replica_flags=ctx.domain_replica_flags) > File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py", > line 356, in replicate > raise e > File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py", > line 343, in replicate > self.process_chunk(level, ctr, schema, req_level, req, first_chunk) > File "/usr/local/samba/lib/python3.5/site-packages/samba/drs_utils.py", > line 237, in process_chunk > schema=schema, req_level=req_level, req=req) > > > Does anybody have an idea how to solve this problem? > > Regards, > > M?rcio Bacci