On 07/17/2019 02:12 PM, Rowland penny via samba wrote:> On 17/07/2019 19:31, Robert A Wooldridge via samba wrote: >> Active Directory domain, the only DC is a Server 2003 machine. > Is the function level set to its highest level ?Apparently not.? It is set to Windows 2000 level.? It could be set to Server2003 level but it thinks that one of my file servers is a domain controller and it can't change it's level.? That's strange because this file server is not a DC.>>> >>> /etc/resolv.conf >> nameserver 10.10.1.14 >> nameserver 10.10.1.1 >> search edm-inc.com > I take it '10.10.1.14' is the 2003 DCYes>> >>> >>> /etc/krb5.conf >> [libdefaults] >> ??? dns_lookup_realm = false >> ??? dns_lookup_kdc = true >> ??? default_realm = EDM-INC.COM > Try /etc/krb5.conf like the aboveHave tried both.>> >> >> Here's the full error: >> >> Could not find machine account in secrets database: Failed to fetch >> machine account password for EDM from both secrets.ldb (Could not >> find entry to match filter: >> '(&(flatname=EDM)(objectclass=primaryDomain))' base: 'cn=Primary >> Domains': No such object: dsdb_search at >> ../source4/dsdb/common/util.c:4705) and from >> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > > Problem is (so I have been told) neither secrets.tdb or secrets.ldb > will have been created at this point, so this could be a red herring. > > Does the windows DC run a dns serverYes> > What actual command are you running ?samba-tool domain join EDM-INC.COM DC -U"EDM\administrator" --verbose -d3>-- Bob Wooldridge EDM Incorporated
On 18/07/2019 16:06, Robert A Wooldridge via samba wrote:> On 07/17/2019 02:12 PM, Rowland penny via samba wrote: >> On 17/07/2019 19:31, Robert A Wooldridge via samba wrote: >>> Active Directory domain, the only DC is a Server 2003 machine. >> Is the function level set to its highest level ? > Apparently not.? It is set to Windows 2000 level.? It could be set to > Server2003 level but it thinks that one of my file servers is a domain > controller and it can't change it's level.? That's strange because > this file server is not a DC.I think this could be one of your problems, not entirely sure, but I think the minimum function level reliably required is 2003, you may have to remove that fileserver.>> >> What actual command are you running ? > samba-tool domain join EDM-INC.COM DC -U"EDM\administrator" --verbose -d3 >>Nothing wrong there. Rowland
On 07/18/2019 10:20 AM, Rowland penny via samba wrote:> I think this could be one of your problems, not entirely sure, but I > think the minimum function level reliably required is 2003, you may > have to remove that fileserver.No joy.? I was able to demote that file server using: samba-tool domain demote -Uadministrator And then I promoted the DC to Server 2003 level.? But attempting to join the new samba DC failed with the same error: Adding DNS A record ATHENA.edm-inc.com for IPv4 IP: 10.10.1.10 Join failed - cleaning up ldb_wrap open of secrets.ldb Could not find machine account in secrets database: Failed to fetch machine account password for EDM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=EDM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4705) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=RID Set,CN=ATHENA,OU=Domain Controllers,DC=edm-inc,DC=com Deleted CN=ATHENA,OU=Domain Controllers,DC=edm-inc,DC=com Deleted CN=NTDS Settings,CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com Deleted CN=ATHENA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=edm-inc,DC=com ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run ??? return self.run(*args, **kwargs) ? File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 716, in run ??? backend_store=backend_store) ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1501, in join_DC ??? ctx.do_join() ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1406, in do_join ??? ctx.join_add_dns_records() ? File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1143, in join_add_dns_records ??? dns_partition=domaindns_zone_dn) ? File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 1057, in dns_lookup ??? dns_partition=dns_partition) -- Bob Wooldridge EDM Incorporated