William Edwards
2019-Jul-09 08:56 UTC
[Samba] Adding new DC causes samba.join.DCJoinException
Hi,
I have a primary DC that I provisioned with this command:
samba-tool domain provision --server-role=dc --use-rfc2307
--dns-backend=SAMBA_INTERNAL --realm={{ samba_default_realm }} --domain={{
samba_default_realm_domain }} --adminpass={{ samba_ldap_adminpw }}
I am now trying to provision a second DC in the same domain with the command:
samba-tool domain join {{ samba_default_realm | lower }} DC -U"{{
samba_default_realm_domain }}\Administrator" --password={{
samba_ldap_adminpw }}
Naturally, the variables ({{ }}) are replaced with actual values.
However, when I run the second command on the new DC, I get:
--
resolve_lmhosts: Attempting lmhosts lookup for name DC1.domain.tld<0x20>
ERROR(<class 'samba.join.DCJoinException'>): uncaught exception -
Can't join, error: Not removing account DC2$ which looks like a Samba DC
account matching the password we already have. ?To override, remove secrets.ldb
and secrets.tdb
? File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
185, in _run
? ? return self.run(*args, **kwargs)
? File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line
699, in run
? ? backend_store=backend_store)
? File "/usr/lib/python3/dist-packages/samba/join.py", line 1535, in
join_DC
? ? ctx.do_join()
? File "/usr/lib/python3/dist-packages/samba/join.py", line 1424, in
do_join
? ? ctx.cleanup_old_join()
? File "/usr/lib/python3/dist-packages/samba/join.py", line 283, in
cleanup_old_join
? ? ctx.cleanup_old_accounts(force=force)
? File "/usr/lib/python3/dist-packages/samba/join.py", line 253, in
cleanup_old_accounts
? ? % ctx.samname)
--
I'm using Samba Version 4.10.5-Debian (from apt.van-belle.nl repo). I read
something about this having to do with the internal DNS backend which I use that
should've been fixed in Samba 4.7.
Any idea why I'm getting this error?
--
Groeten,
William Edwards
Tuxis Internet Engineering
Rowland penny
2019-Jul-09 09:31 UTC
[Samba] Adding new DC causes samba.join.DCJoinException
On 09/07/2019 09:56, William Edwards via samba wrote:> Hi, > > > I have a primary DC that I provisioned with this command:No you haven't, you have an AD DC, a PDC is something else entirely ;-)> > > samba-tool domain provision --server-role=dc --use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm={{ samba_default_realm }} --domain={{ samba_default_realm_domain }} --adminpass={{ samba_ldap_adminpw }} > > > I am now trying to provision a second DC in the same domain with the command:No, you are trying to join another DC to your AD domain ;-)> > > samba-tool domain join {{ samba_default_realm | lower }} DC -U"{{ samba_default_realm_domain }}\Administrator" --password={{ samba_ldap_adminpw }} > > > Naturally, the variables ({{ }}) are replaced with actual values. > > > However, when I run the second command on the new DC, I get: > > > -- > > resolve_lmhosts: Attempting lmhosts lookup for name DC1.domain.tld<0x20> > ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't join, error: Not removing account DC2$ which looks like a Samba DC account matching the password we already have. ?To override, remove secrets.ldb and secrets.tdbDid you have a DC called 'DC2' before ? Or have you tried multiple times to join the DC ? Try doing what it is telling you to do, remove secrets.ldb & secrets.tdb (they are in /var/lib/samba/private by default on Debian) Rowland
Rowland penny
2019-Jul-09 10:06 UTC
[Samba] Adding new DC causes samba.join.DCJoinException
On 09/07/2019 10:42, William Edwards wrote:> I removed the files as follows: > > root at addc1:~# updatedb > root at addc1:~# locate secrets.ldb > /var/lib/samba/private/secrets.ldb > root at addc1:/var/lib/samba/private# systemctl stop samba-ad-dc > root at addc1:/var/lib/samba/private# mv secrets.ldb{,.bak} > root at addc1:/var/lib/samba/private# mv secrets.tdb{,.bak} > > I then attempted to join the domain again and got: > > "Joined domain xxx as a DC" > > Everything still seems to work fine now (although, despite the > warning, the second DC was already a domain member and domain DC > before!). I'm quite confident I found a bug here though. Thanks for > the help.And I am quite confident you haven't, If the computer was a DC with the same name, you cannot join it again without removing the 'old' DC from AD and cleaning up the computer before you run the join command. Rowland> ----- Originele b > ------------------------------------------------------------------------
Rowland penny
2019-Jul-09 10:22 UTC
[Samba] Adding new DC causes samba.join.DCJoinException
On 09/07/2019 11:13, William Edwards wrote:> There was no old DC. >Then why did you post this [quote] Everything still seems to work fine now (although, despite the warning, the second DC was already a domain member and domain DC before!). [/quote] Rowland
Maybe Matching Threads
- Can't join, error: Not removing account DC2$ which looks like a Samba DC account maching...
- samba 4.7.0 replication errors
- SRV-records not replicated with BIND9_DLZ
- Adding new DC causes samba.join.DCJoinException
- Samba4 Domain Member Server "Getent show diferents UID"