Hai, If updated the script a bit, can you run it again? wget https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Alexander Harm via samba > Verzonden: vrijdag 16 augustus 2019 9:14 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Failing to join existing AD as DC > > Still the same error. > > I wiped the machine afterwards, re-installed everything from > scratch. But again, join fails. > > > > > On 15. August 2019 at 18:57:40, Rowland penny via samba > (samba at lists.samba.org) wrote: > > On 15/08/2019 17:42, Alexander Harm via samba wrote: > > Here you go: > > > > Collected config ?--- 2019-08-15-18:38 ----------- > > > > Hostname: ka-h9-dc01 > > DNS Domain: samdom.example.com > > FQDN: ka-h9-dc01.samdom.example.com > > ipaddress: 10.0.1.250 > > > > ----------- > > ? ? ? ?Checking file: /etc/hosts > > > > 127.0.0.1 localhost > > 127.0.1.1 ka-h9-dc01.samdom.example.com > ka-h9-dc01.example.com ka-h9-dc01 > Remove the '127.0.1.1' line. > > 10.0.1.250 ka-h9-dc01.samdom.example.com > ka-h9-dc01.example.com ka-h9-dc01 > > Change the '10.0.1.250' line to > > 10.0.1.250 ka-h9-dc01.samdom.example.com ka-h9-dc01 > > > > > # The following lines are desirable for IPv6 capable hosts > > ::1 ? ? localhost ip6-localhost ip6-loopback > > ff02::1 ip6-allnodes > > ff02::2 ip6-allrouters > > > > ----------- > > > > ? ? ? ?Checking file: /etc/resolv.conf > > > > domain samdom.example.com > > search samdom.example.com > > nameserver 10.88.80.88 > You don't really need the 'domain' line and I take it that > '10.88.80.88' > is the IP of the existing AD DC > > Fix the above & remove the smb.conf and then try again. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
I note from an earlier post that the OP has the new DC on IP address 10.0.1.250/24. The Windows DC is on 10.88.80.88 which is not on the same subnet, so presumably he has appropriate routes set to connect to the Windows DC? Just my 2d. HTH Roy> -----Original Message----- > From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of L.P.H. > van Belle via samba > Sent: 16 August 2019 09:53 > To: samba at lists.samba.org > Subject: Re: [Samba] Failing to join existing AD as DC > > Hai, > > If updated the script a bit, can you run it again? > > wget https://raw.githubusercontent.com/thctlo/samba4/master/samba- > collect-debug-info.sh > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Alexander Harm via samba > > Verzonden: vrijdag 16 augustus 2019 9:14 > > Aan: samba at lists.samba.org > > Onderwerp: Re: [Samba] Failing to join existing AD as DC > > > > Still the same error. > > > > I wiped the machine afterwards, re-installed everything from > > scratch. But again, join fails. > > > > > > > > > > On 15. August 2019 at 18:57:40, Rowland penny via samba > > (samba at lists.samba.org) wrote: > > > > On 15/08/2019 17:42, Alexander Harm via samba wrote: > > > Here you go: > > > > > > Collected config --- 2019-08-15-18:38 ----------- > > > > > > Hostname: ka-h9-dc01 > > > DNS Domain: samdom.example.com > > > FQDN: ka-h9-dc01.samdom.example.com > > > ipaddress: 10.0.1.250 > > > > > > ----------- > > > Checking file: /etc/hosts > > > > > > 127.0.0.1 localhost > > > 127.0.1.1 ka-h9-dc01.samdom.example.com > > ka-h9-dc01.example.com ka-h9-dc01 > > Remove the '127.0.1.1' line. > > > 10.0.1.250 ka-h9-dc01.samdom.example.com > > ka-h9-dc01.example.com ka-h9-dc01 > > > > Change the '10.0.1.250' line to > > > > 10.0.1.250 ka-h9-dc01.samdom.example.com ka-h9-dc01 > > > > > > > > # The following lines are desirable for IPv6 capable hosts > > > ::1 localhost ip6-localhost ip6-loopback > > > ff02::1 ip6-allnodes > > > ff02::2 ip6-allrouters > > > > > > ----------- > > > > > > Checking file: /etc/resolv.conf > > > > > > domain samdom.example.com > > > search samdom.example.com > > > nameserver 10.88.80.88 > > You don't really need the 'domain' line and I take it that > > '10.88.80.88' > > is the IP of the existing AD DC > > > > Fix the above & remove the smb.conf and then try again. > > > > Rowland > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Good point Roy, So we can add the question.> I tried joining the same AD before and succeeded,Your other DC, is that in the same subnet? And is the windows firewall allowing the other subnet? telnet the DNS port from the samba server to the windows server. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roy > Eastwood via samba > Verzonden: vrijdag 16 augustus 2019 11:05 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Failing to join existing AD as DC > > I note from an earlier post that the OP has the new DC on IP > address 10.0.1.250/24. The Windows DC is on 10.88.80.88 > which is not on the same subnet, so presumably he has > appropriate routes set to connect to the Windows DC? > > Just my 2d. > > HTH > > Roy > > > -----Original Message----- > > From: samba [mailto:samba-bounces at lists.samba.org] On > Behalf Of L.P.H. > > van Belle via samba > > Sent: 16 August 2019 09:53 > > To: samba at lists.samba.org > > Subject: Re: [Samba] Failing to join existing AD as DC > > > > Hai, > > > > If updated the script a bit, can you run it again? > > > > wget https://raw.githubusercontent.com/thctlo/samba4/master/samba- > > collect-debug-info.sh > > > > > > Greetz, > > > > Louis > > > > > > > -----Oorspronkelijk bericht----- > > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > > Alexander Harm via samba > > > Verzonden: vrijdag 16 augustus 2019 9:14 > > > Aan: samba at lists.samba.org > > > Onderwerp: Re: [Samba] Failing to join existing AD as DC > > > > > > Still the same error. > > > > > > I wiped the machine afterwards, re-installed everything from > > > scratch. But again, join fails. > > > > > > > > > > > > > > > On 15. August 2019 at 18:57:40, Rowland penny via samba > > > (samba at lists.samba.org) wrote: > > > > > > On 15/08/2019 17:42, Alexander Harm via samba wrote: > > > > Here you go: > > > > > > > > Collected config --- 2019-08-15-18:38 ----------- > > > > > > > > Hostname: ka-h9-dc01 > > > > DNS Domain: samdom.example.com > > > > FQDN: ka-h9-dc01.samdom.example.com > > > > ipaddress: 10.0.1.250 > > > > > > > > ----------- > > > > Checking file: /etc/hosts > > > > > > > > 127.0.0.1 localhost > > > > 127.0.1.1 ka-h9-dc01.samdom.example.com > > > ka-h9-dc01.example.com ka-h9-dc01 > > > Remove the '127.0.1.1' line. > > > > 10.0.1.250 ka-h9-dc01.samdom.example.com > > > ka-h9-dc01.example.com ka-h9-dc01 > > > > > > Change the '10.0.1.250' line to > > > > > > 10.0.1.250 ka-h9-dc01.samdom.example.com ka-h9-dc01 > > > > > > > > > > > # The following lines are desirable for IPv6 capable hosts > > > > ::1 localhost ip6-localhost ip6-loopback > > > > ff02::1 ip6-allnodes > > > > ff02::2 ip6-allrouters > > > > > > > > ----------- > > > > > > > > Checking file: /etc/resolv.conf > > > > > > > > domain samdom.example.com > > > > search samdom.example.com > > > > nameserver 10.88.80.88 > > > You don't really need the 'domain' line and I take it that > > > '10.88.80.88' > > > is the IP of the existing AD DC > > > > > > Fix the above & remove the smb.conf and then try again. > > > > > > Rowland > > > > > > > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Fri, 2019-08-16 at 11:18 +0200, L.P.H. van Belle via samba wrote:> Good point Roy, > > So we can add the question. > > I tried joining the same AD before and succeeded, > > Your other DC, is that in the same subnet? > > And is the windows firewall allowing the other subnet? > telnet the DNS port from the samba server to the windows server. >I'm quite confused, why are you folks chasing down routing issues for an operations error on a valid LDAP connection? This seems a very odd and increasingly tortured set of diagnostics. Alexander, I think the invalid credentials bit is a red herring, during the cleanup, the main backtrace shown looks like it doesn't like one of the objects being modified over LDAP. Examination of the source code shows that the only way a modify occurs is if we are in 'promote_existing' mode, so perhaps ensure any accounts of the same name are first deleted, or choose an unused name for the DC. I hope this helps, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
Because it shows its needed to.. You can not chase a problem if you dont know if the base is correct. If the base if incorrect you can and will inherrit other problems which makes debugging a hell. I dont make "assumptions" because.. One of my previous bosses always states: Assumptions are the mother of all f.ckups. And he is right on that one. That simple, sorry to say it like that but it is what it is. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Andrew Bartlett [mailto:abartlet at samba.org] > Verzonden: vrijdag 16 augustus 2019 12:11 > Aan: L.P.H. van Belle; samba at lists.samba.org; Alexander Harm > Onderwerp: Re: [Samba] Failing to join existing AD as DC > > On Fri, 2019-08-16 at 11:18 +0200, L.P.H. van Belle via samba wrote: > > Good point Roy, > > > > So we can add the question. > > > I tried joining the same AD before and succeeded, > > > > Your other DC, is that in the same subnet? > > > > And is the windows firewall allowing the other subnet? > > telnet the DNS port from the samba server to the windows server. > > > > I'm quite confused, why are you folks chasing down routing issues for > an operations error on a valid LDAP connection? > > This seems a very odd and increasingly tortured set of diagnostics. > > Alexander, > > I think the invalid credentials bit is a red herring, during the > cleanup, the main backtrace shown looks like it doesn't like > one of the > objects being modified over LDAP. > > Examination of the source code shows that the only way a modify occurs > is if we are in 'promote_existing' mode, so perhaps ensure > any accounts > of the same name are first deleted, or choose an unused name for the > DC. > > I hope this helps, > > Andrew Bartlett > -- > Andrew Bartlett https://samba.org/~abartlet/ > Authentication Developer, Samba Team https://samba.org > Samba Developer, Catalyst IT > https://catalyst.net.nz/services/samba > > > >