Rick Hollinbeck
2020-Feb-07 17:57 UTC
[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"
lang="en"><head>
<title></title>
<meta http-equiv="content-type"
content="text/html;charset=utf-8"/>
<meta http-equiv="Content-Style-Type"
content="text/css"/>
</head>
<body>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">I'm
trying to get a Samba 4.11.6 member DC up and running with two Windows 2008 AD
servers</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">Using
samba-tool to join, replication proceeds successfully but I'm getting an
error about the
machine account missing when it goes to add the A record for the new samba
DC.</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">Here's a
part of the -d4 log from the samba-tool
join:</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">....</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">INFO
2020-02-07 17:38:33,160 pid:2801 /usr/lib/python3/dist-packages/samba/join.py
#1179:
Adding DNS A record SAMBA1.office.example.com for IPv4 IP:
192                                                  
.168.0.13</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">ldb_wrap
open of secrets.ldb</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">Could not
find machine account in secrets database: Failed to fetch machine account
password for OFFICE from both secrets.ldb (Could not find entry to match filter:
'(&(flatname=OFFICE)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such
object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from
/var/lib/samba/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">...</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">I'm
wondering if my smb.conf file is set up correctly for joining and using
BIND9_DLZ:</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">Here's
my smb.conf file:</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">--------</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"># Global
parameters</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">[global]</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
log level = 4</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
netbios name = SAMBA1</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
realm = OFFICE.EXAMPLE.COM</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
server role = active directory domain
controller</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc,
dnsupdate</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
workgroup = OFFICE</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">[sysvol]</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
path = /var/lib/samba/sysvol</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
read only = No</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">[netlogon]</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
path =
/var/lib/samba/sysvol/office.example.com/scripts</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">       
read only = No</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style="
font-size:10pt">-------</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt">What could
be causing this error?</span></font></div>
<div align="left"><font face="Arial"
size="2"><span style=" font-size:10pt"><br />
</span></font></div>
<div align="left"> </div>
</body>
</html>
Rowland penny
2020-Feb-07 18:47 UTC
[Samba] Samba 4.11.6 cannot JOIN - 'Could not find machine account'
On 07/02/2020 17:57, Rick Hollinbeck via samba wrote:> I'm trying to get a Samba 4.11.6 member DC up and running with two Windows 2008 AD servers > > > Using samba-tool to join, replication proceeds successfully but I'm getting an error about the machine account missing when it goes to add the A record for the new samba DC. > > > Here's a part of the -d4 log from the samba-tool join: > > > .... > > > INFO 2020-02-07 17:38:33,160 pid:2801 /usr/lib/python3/dist-packages/samba/join.py #1179: Adding DNS A record SAMBA1.office.example.com for IPv4 IP: 192 .168.0.13 > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to fetch machine account password for OFFICE from both secrets.ldb (Could not find entry to match filter: > '(&(flatname=OFFICE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > ... >Where these 2008 DCs upgraded from an earlier version ? (2000, 2003) Also, can we see more of the join output, what you posted is usually the fallout from a failed join and is usually meaningless, I think there will be a line similar to 'join failed', we need to see what is above this.> > > I'm wondering if my smb.conf file is set up correctly for joining and using BIND9_DLZ:Did you create this smb.conf manually ? If so, remove it and try again, you shouldn't have a smb.conf before the join. Rowland