Guys,> On 10/02/2020 14:40, L.P.H. van Belle via samba wrote: >> @Rowland. >> >> I now see he only mailed me. >> Here you go..> No, he emailed me as well, but I missed this:> samba-tool domain join domain.com DC -k yes --dns-backend NONE > --server=vm-dc1.domain.com> Why did he do that ? why no dns server ?????This is b/c we used to host AD zone on a separate DNS server(s), not in the AD. I thought to keep that setup b/c it's much easier to administrator the AD zone in bind9, rather than in MS DNS. -- Best regards, Alex Alex
Rowland penny
2020-Feb-10 15:04 UTC
[Samba] FW: samba_kcc issue after joining the domain as a DC
On 10/02/2020 14:52, Alex via samba wrote:> Guys, > >> On 10/02/2020 14:40, L.P.H. van Belle via samba wrote: >>> @Rowland. >>> >>> I now see he only mailed me. >>> Here you go.. >> No, he emailed me as well, but I missed this: >> samba-tool domain join domain.com DC -k yes --dns-backend NONE >> --server=vm-dc1.domain.com >> Why did he do that ? why no dns server ????? > This is b/c we used to host AD zone on a separate DNS server(s), not in the AD. > I thought to keep that setup b/c it's much easier to administrator the AD zone > in bind9, rather than in MS DNS. >No, it isn't and using 'NONE' as the dns backend is not supported by Samba. Run: samba_upgradedns That should fill in your missing dns data. An AD DC is authoritative for the AD dns domain. Rowland
Rowland,>>> samba-tool domain join domain.com DC -k yes --dns-backend NONE >>> --server=vm-dc1.domain.com >>> Why did he do that ? why no dns server ????? >> This is b/c we used to host AD zone on a separate DNS server(s), not in the AD. >> I thought to keep that setup b/c it's much easier to administrator the AD zone >> in bind9, rather than in MS DNS. >> > No, it isn't and using 'NONE' as the dns backend is not supported by Samba.> Run: samba_upgradedns> That should fill in your missing dns data.> An AD DC is authoritative for the AD dns domain.Here is what I got after switching to SAMBA_INTERNAL backend: # samba-tool domain join domain.com DC -k yes --server=vm-dc1.domain.com INFO 2020-02-10 18:34:09,671 pid:26424 /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1116: Adding 1 remote DNS records for VM-DC3.domain.com Using binding ncacn_ip_tcp:vm-dc1.domain.com[,sign] Mapped to DCERPC endpoint 135 added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 netmask=255.255.0.0 added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 netmask=255.255.0.0 resolve_lmhosts: Attempting lmhosts lookup for name vm-dc1.domain.com<0x20> Mapped to DCERPC endpoint 49228 added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 netmask=255.255.0.0 added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 netmask=255.255.0.0 resolve_lmhosts: Attempting lmhosts lookup for name vm-dc1.domain.com<0x20> Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 GSSAPI credentials for administrator at domain.com will expire in 32550 secs gensec_gssapi: NO credentials were delegated GSSAPI Connection will be cryptographically signed INFO 2020-02-10 18:34:10,109 pid:26424 /usr/local/samba/lib64/python3.6/site-packages/samba/join.py #1179: Adding DNS A record VM-DC3.domain.com for IPv4 IP: 172.26.1.83 ldb_wrap open of secrets.ldb Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4733) and from /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py", line 708, in run backend_store_size=backend_store_size) File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line 1561, in join_DC ctx.do_join() File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line 1456, in do_join ctx.join_add_dns_records() File "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py", line 1197, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py", line 1177, in dns_lookup dns_partition=dns_partition) Adding CN=VM-DC3,OU=Domain Controllers,DC=domain,DC=com Adding CN=VM-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com Adding CN=NTDS Settings,CN=VM-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com Adding SPNs to CN=VM-DC3,OU=Domain Controllers,DC=domain,DC=com Setting account password for VM-DC3$ Enabling account Calling bare provision Provision OK for domain DN DC=domain,DC=com Starting replication Missing target object - retrying with DRS_GET_TGT Replicating critical objects from the base DN of the domain Missing target object - retrying with DRS_GET_TGT Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=domain,DC=com Replicating DC=ForestDnsZones,DC=domain,DC=com Committing SAM database --- join_add_dns_records Join failed - cleaning up DNS is now updated as Louis suggested to do. -- Best regards, Alex Alex
L.P.H. van Belle
2020-Feb-10 16:01 UTC
[Samba] FW: samba_kcc issue after joining the domain as a DC
Hai, Ok. I did more digging, this is a link Dennis showed which might help.. https://www.itprotoday.com/windows-78/q-how-can-i-create-domaindnszones-directory-partition Now, if i go throught the mailing list and lookup everything abotu this part.> Could not find machine account in secrets database: Failed to fetch > machine account password for DOM from both secrets.ldb (Could not find > entry to match filter: '(&(flatname=DOM)(objectclass=primaryDomain))' > base: 'cn=Primary Domains': No such object: dsdb_search at > ../source4/dsdb/common/util.c:4705) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFOI cant see/find a clear solution. All problem domains where 2000/2003 related.. @Rowland or @Dennis, you guys any other options here? Im out of options for Alex. So far, Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Alex > via samba > Verzonden: maandag 10 februari 2020 16:44 > Aan: Rowland penny > CC: Alex > Onderwerp: Re: [Samba] FW: samba_kcc issue after joining the > domain as a DC > > Rowland, > > >>> samba-tool domain join domain.com DC -k yes --dns-backend NONE > >>> --server=vm-dc1.domain.com > >>> Why did he do that ? why no dns server ????? > >> This is b/c we used to host AD zone on a separate DNS > server(s), not in the AD. > >> I thought to keep that setup b/c it's much easier to > administrator the AD zone > >> in bind9, rather than in MS DNS. > >> > > No, it isn't and using 'NONE' as the dns backend is not > supported by Samba. > > > Run: samba_upgradedns > > > That should fill in your missing dns data. > > > An AD DC is authoritative for the AD dns domain. > > Here is what I got after switching to SAMBA_INTERNAL backend: > > # samba-tool domain join domain.com DC -k yes > --server=vm-dc1.domain.com > > INFO 2020-02-10 18:34:09,671 pid:26424 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py > #1116: Adding 1 remote DNS records for VM-DC3.domain.com > Using binding ncacn_ip_tcp:vm-dc1.domain.com[,sign] > Mapped to DCERPC endpoint 135 > added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 > netmask=255.255.0.0 > added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 > netmask=255.255.0.0 > resolve_lmhosts: Attempting lmhosts lookup for name > vm-dc1.domain.com<0x20> > Mapped to DCERPC endpoint 49228 > added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 > netmask=255.255.0.0 > added interface eth0 ip=172.26.1.83 bcast=172.26.255.255 > netmask=255.255.0.0 > resolve_lmhosts: Attempting lmhosts lookup for name > vm-dc1.domain.com<0x20> > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gssapi_krb5 > GSSAPI credentials for administrator at domain.com will expire > in 32550 secs > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically signed > INFO 2020-02-10 18:34:10,109 pid:26424 > /usr/local/samba/lib64/python3.6/site-packages/samba/join.py > #1179: Adding DNS A record VM-DC3.domain.com for IPv4 IP: 172.26.1.83 > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to > fetch machine account password for DOMAIN from both > secrets.ldb (Could not find entry to match filter: > '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: > 'cn=Primary Domains': No such object: dsdb_search at > ../../source4/dsdb/common/util.c:4733) and from > /usr/local/samba/private/secrets.tdb: > NT_STATUS_CANT_ACCESS_DOMAIN_INFO > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py", line 186, in _run> return self.run(*args, **kwargs) > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/domain.py", line 708, in run> backend_store_size=backend_store_size) > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py" > , line 1561, in join_DC > ctx.do_join() > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py" > , line 1456, in do_join > ctx.join_add_dns_records() > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/join.py" > , line 1197, in join_add_dns_records > dns_partition=domaindns_zone_dn) > File > "/usr/local/samba/lib64/python3.6/site-packages/samba/samdb.py > ", line 1177, in dns_lookup > dns_partition=dns_partition) > Adding CN=VM-DC3,OU=Domain Controllers,DC=domain,DC=com > Adding > CN=VM-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com> Adding CN=NTDS > Settings,CN=VM-DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com> Adding SPNs to CN=VM-DC3,OU=Domain Controllers,DC=domain,DC=com > Setting account password for VM-DC3$ > Enabling account > Calling bare provision > Provision OK for domain DN DC=domain,DC=com > Starting replication > Missing target object - retrying with DRS_GET_TGT > Replicating critical objects from the base DN of the domain > Missing target object - retrying with DRS_GET_TGT > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=domain,DC=com > Replicating DC=ForestDnsZones,DC=domain,DC=com > Committing SAM database > --- join_add_dns_records > Join failed - cleaning up > > DNS is now updated as Louis suggested to do. > > -- > Best regards, > Alex Alex > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Reasonably Related Threads
- FW: samba_kcc issue after joining the domain as a DC
- FW: samba_kcc issue after joining the domain as a DC
- Replication not working for remote Domain Controller
- FW: samba_kcc issue after joining the domain as a DC
- Can't add DNS records when joining Windows DC (Was Can't find machine account)