Hi all, again, I ask for your help. I have a domain with 2DC's running samba 4.10.6. The disk on the DC holding the FSMO's failed. I recovered most of it from backups, and reinstalled samba hopping to rejoin it to the domain. However, when I try # kinit administrator #samba-tool domain join eurohidra.local DC -Uadministrator I get #Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not find entry to match filter: '(&(flatname=EUROHIDRA)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4712 and failed to open /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO Adding CN=EHSERVER,OU=Domain Controllers,DC=eurohidra,DC=local Join failed - cleaning up Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not find entry to match filter: '(&(flatname=EUROHIDRA)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4712 and failed to open /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - <Entry CN=EHSERVER,OU=Domain Controllers,DC=eurohidra,DC=local already exists> <> File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 185, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain.py", line 700, in run backend_store=backend_store) File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py", line 1535, in join_DC ctx.do_join() File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py", line 1427, in do_join ctx.join_add_objects() File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py", line 641, in join_add_objects ctx.samdb.add(rec, controls=controls) I changed the dns server on resolv.conf to point to the 2nd DC. I do have a recent samba backup, but would prefer no to go that way since I have a running DC. Any ideas? Best regards Carlos
If you lost your fsmo with the dead DC you have to "seize" the roles: https://wiki.samba.org/index.php/Transferring_and_Seizing_FSMO_Roles#Difference_of_Transferring_and_Seizing_FSMO_Roles Am 20.02.20 um 00:46 schrieb Carlos Jesus via samba:> Hi all, again, I ask for your help. > I have a domain with 2DC's running samba 4.10.6. The disk on the DC holding > the FSMO's failed. I recovered most of it from backups, and reinstalled > samba hopping to rejoin it to the domain. > However, when I try > # kinit administrator > #samba-tool domain join eurohidra.local DC -Uadministrator > I get > #Could not find machine account in secrets database: Failed to fetch > machine account password from secrets.ldb: Could not find entry to match > filter: '(&(flatname=EUROHIDRA)(objectclass=primaryDomain))' base: > 'cn=Primary Domains': No such object: dsdb_search at > ../../source4/dsdb/common/util.c:4712 and failed to open > /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > Adding CN=EHSERVER,OU=Domain Controllers,DC=eurohidra,DC=local > Join failed - cleaning up > Could not find machine account in secrets database: Failed to fetch machine > account password from secrets.ldb: Could not find entry to match filter: > '(&(flatname=EUROHIDRA)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../../source4/dsdb/common/util.c:4712 and failed to open > /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS - > <Entry CN=EHSERVER,OU=Domain Controllers,DC=eurohidra,DC=local already > exists> <> > File > "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/__init__.py", > line 185, in _run > return self.run(*args, **kwargs) > File > "/usr/local/samba/lib/python3.7/site-packages/samba/netcmd/domain.py", line > 700, in run > backend_store=backend_store) > File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py", line > 1535, in join_DC > ctx.do_join() > File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py", line > 1427, in do_join > ctx.join_add_objects() > File "/usr/local/samba/lib/python3.7/site-packages/samba/join.py", line > 641, in join_add_objects > ctx.samdb.add(rec, controls=controls) > > I changed the dns server on resolv.conf to point to the 2nd DC. > I do have a recent samba backup, but would prefer no to go that way since I > have a running DC. > Any ideas? > > Best regards > Carlos >-- Stefan Kania Landweg 13 25693 St. Michaelisdonn Signieren jeder E-Mail hilft Spam zu reduzieren und sch?tzt Ihre Privatsph?re. Ein kostenfreies Zertifikat erhalten Sie unter https://www.dgn.de/dgncert/index.html
On 19/02/2020 23:46, Carlos Jesus via samba wrote:> Hi all, again, I ask for your help. > I have a domain with 2DC's running samba 4.10.6. The disk on the DC holding > the FSMO's failed. I recovered most of it from backups, and reinstalled > samba hopping to rejoin it to the domain.You shouldn't have tried to restore in this way, you should have seized the FSMO roles to the second DC, demoted the first DC: samba-tool domain demote --remove-other-dead-server=REMOVE_OTHER_DEAD_SERVER Then repaired the dead DC and joined it as a new DC, preferably with a new name. Rowland
On 20/02/2020 10:32, Carlos Jesus wrote:> Hey Roland > thanks for the reply. > Can't I do that now? Or is Backup/ restore my only option at this point?If you have one working DC, then yes, remove the dead DC and move on. You should only backup the domain using the scripts introduced at 4.9.0 and then only use these backups if you have a catastrophic failure and all your DC's are corrupt. Rowland