samba - Apr 2020 - samba-tool join faild. ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT

Hello,

I inherited an Active directory in Windows in Spanish, after a lot of
work I was able to do the first synchronization to a DC in Samba.

Now I am at the stage that I want to remove Windows, but previously I
want to remove Windows.

I am trying to add another DC in Samba to advance and I am presented
with the following problem. I feel lost with these errors.

root at DC01:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local


First Join without server paramenter:

root at DC02:~# samba-tool domain join conylec.local DC -U
"conylec\administrador" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'conylec.local'
Found DC AD01.conylec.local
Password for [CONYLEC\administrador]:
workgroup is CONYLEC
realm is conylec.local
Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
Adding
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Join failed - cleaning up
Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
Deleted CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Deleted
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -
<0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
ref 1:
'1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local'
> <ldap://1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in
do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 668, in
join_add_objects
    ctx.samdb.modify(m)



Second join with server parameter

root at DC02:~# samba-tool domain join conylec.local DC -U
"conylec\administrador" --dns-backend=SAMBA_INTERNAL
--server=DC01.conylec.local
Password for [CONYLEC\administrado]:
workgroup is CONYLEC
realm is conylec.local
Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
Join failed - cleaning up
Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
<00002030: objectclass: Cannot add
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
parent does not exist!> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in
do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
join_add_objects
    ctx.samdb.add(rec)


You see a important different, in the first join the DNS (Windows DC not fsmo) :
Adding
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local

And the second the DNS is  (Samba DC  is fsmo):

Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local

the first join the DN is correct, but in the second is wrong. you have
any idea to continue?

Thanks.

I run command in debug mode level 3:

root at DC02:~# samba-tool domain join conylec.local DC -U
"conylec\administrador" --dns-backend=SAMBA_INTERNAL
--server=DC01.conylec.local -d 3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name
DC01.conylec.local<0x20>
Password for [CONYLEC\administrador]:
Cannot reach a KDC we require to contact (null) : kinit for
administrador at CONYLEC failed (Cannot contact any KDC for requested
realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
ldap/DC01.conylec.local failed (next[ntlmssp]):
NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is CONYLEC
realm is conylec.local
Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch
machine account password for CONYLEC from both secrets.ldb (Could not
find entry to match filter:
'(&(flatname=CONYLEC)(objectclass=primaryDomain))' base:
'cn=Primary
Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4657) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
<00002030: objectclass: Cannot add
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
parent does not exist!> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in
do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
join_add_objects
    ctx.samdb.add(rec)

El dom., 5 abr. 2020 a las 20:05, Epsilon Minus
(<theepsilonminus at gmail.com>) escribi?:
>
> Hello,
>
> I inherited an Active directory in Windows in Spanish, after a lot of
> work I was able to do the first synchronization to a DC in Samba.
>
> Now I am at the stage that I want to remove Windows, but previously I
> want to remove Windows.
>
> I am trying to add another DC in Samba to advance and I am presented
> with the following problem. I feel lost with these errors.
>
> root at DC01:~# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> InfrastructureMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> RidAllocationMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> PdcEmulationMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> DomainNamingMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> DomainDnsZonesMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> ForestDnsZonesMasterRole owner: CN=NTDS
>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
>
> First Join without server paramenter:
>
> root at DC02:~# samba-tool domain join conylec.local DC -U
> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> Finding a writeable DC for domain 'conylec.local'
> Found DC AD01.conylec.local
> Password for [CONYLEC\administrador]:
> workgroup is CONYLEC
> realm is conylec.local
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Join failed - cleaning up
> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Deleted CN=NTDS
>
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Deleted
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -
> <0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
> ref 1: '1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local'
> >
<ldap://1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local>
>   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
> 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
1474, in join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
1375, in do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
668, in
> join_add_objects
>     ctx.samdb.modify(m)
>
>
>
> Second join with server parameter
>
> root at DC02:~# samba-tool domain join conylec.local DC -U
> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> --server=DC01.conylec.local
> Password for [CONYLEC\administrado]:
> workgroup is CONYLEC
> realm is conylec.local
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Join failed - cleaning up
> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> <00002030: objectclass: Cannot add
>
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
> parent does not exist!> <>
>   File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
line
> 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
1474, in join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
1375, in do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line
631, in
> join_add_objects
>     ctx.samdb.add(rec)
>
>
> You see a important different, in the first join the DNS (Windows DC not
fsmo) :
> Adding
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
> And the second the DNS is  (Samba DC  is fsmo):
>
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
>
> the first join the DN is correct, but in the second is wrong. you have
> any idea to continue?
>
> Thanks.

On 06/04/2020 01:33, Epsilon Minus via samba wrote:
> I run command in debug mode level 3:
>
What OS ?

What Samba Version ?

Rowland

Hi Epsilon,

I think the issue here is with localization support in Samba. You 
"Default-First-Site" in Spanish MS-AD is translated (as it is in
French
AD), and it seems that it looks for the following site name during the join:

CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local

while it should be trying to create the entry in the following site name:

CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local

I have already joined a few French localized MS-AD in the past and don't 
remember that issue though. Default-First-Site-Name should be a 
well-known-object with its own GUID I think, so I think it shouldn't 
matter what the name is...

You may try to specify the site name when doing the join with the --site 
option using your spanish name, it might just work.

Cheers,

Denis


Le 06/04/2020 ? 02:33, Epsilon Minus via samba a ?crit?:
> I run command in debug mode level 3:
> 
> root at DC02:~# samba-tool domain join conylec.local DC -U
> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
> --server=DC01.conylec.local -d 3
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> resolve_lmhosts: Attempting lmhosts lookup for name
DC01.conylec.local<0x20>
> Password for [CONYLEC\administrador]:
> Cannot reach a KDC we require to contact (null) : kinit for
> administrador at CONYLEC failed (Cannot contact any KDC for requested
> realm)
> 
> SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for
> ldap/DC01.conylec.local failed (next[ntlmssp]):
> NT_STATUS_NO_LOGON_SERVERS
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x62088235
> workgroup is CONYLEC
> realm is conylec.local
> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for CONYLEC from both secrets.ldb (Could not
> find entry to match filter:
> '(&(flatname=CONYLEC)(objectclass=primaryDomain))' base:
'cn=Primary
> Domains': No such object: dsdb_search at
> ../source4/dsdb/common/util.c:4657) and from
> /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
> <00002030: objectclass: Cannot add
>
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
> parent does not exist!> <>
>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
>      return self.run(*args, **kwargs)
>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 661, in run
>      machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>    File "/usr/lib/python2.7/dist-packages/samba/join.py", line
1474, in join_DC
>      ctx.do_join()
>    File "/usr/lib/python2.7/dist-packages/samba/join.py", line
1375, in do_join
>      ctx.join_add_objects()
>    File "/usr/lib/python2.7/dist-packages/samba/join.py", line
631, in
> join_add_objects
>      ctx.samdb.add(rec)
> 
> El dom., 5 abr. 2020 a las 20:05, Epsilon Minus
> (<theepsilonminus at gmail.com>) escribi?:
>>
>> Hello,
>>
>> I inherited an Active directory in Windows in Spanish, after a lot of
>> work I was able to do the first synchronization to a DC in Samba.
>>
>> Now I am at the stage that I want to remove Windows, but previously I
>> want to remove Windows.
>>
>> I am trying to add another DC in Samba to advance and I am presented
>> with the following problem. I feel lost with these errors.
>>
>> root at DC01:~# samba-tool fsmo show
>> SchemaMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> InfrastructureMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> RidAllocationMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> PdcEmulationMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> DomainNamingMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> DomainDnsZonesMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> ForestDnsZonesMasterRole owner: CN=NTDS
>>
Settings,CN=DC01,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>>
>>
>> First Join without server paramenter:
>>
>> root at DC02:~# samba-tool domain join conylec.local DC -U
>> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
>> Finding a writeable DC for domain 'conylec.local'
>> Found DC AD01.conylec.local
>> Password for [CONYLEC\administrador]:
>> workgroup is CONYLEC
>> realm is conylec.local
>> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
>> Adding
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> Join failed - cleaning up
>> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
>> Deleted CN=NTDS
>>
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> Deleted
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> ERROR(ldb): uncaught exception - LDAP error 10 LDAP_REFERRAL -
>> <0000202B: RefErr: DSID-030A0B8E, data 0, 1 access points
>> ref 1:
'1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local'
>>>
<ldap://1bb952b0-c0ee-44fc-9a5d-ce440d550993._msdcs.conylec.local>
>>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 176, in _run
>>      return self.run(*args, **kwargs)
>>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
>> 661, in run
>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
>>    File "/usr/lib/python2.7/dist-packages/samba/join.py",
line 1474, in join_DC
>>      ctx.do_join()
>>    File "/usr/lib/python2.7/dist-packages/samba/join.py",
line 1375, in do_join
>>      ctx.join_add_objects()
>>    File "/usr/lib/python2.7/dist-packages/samba/join.py",
line 668, in
>> join_add_objects
>>      ctx.samdb.modify(m)
>>
>>
>>
>> Second join with server parameter
>>
>> root at DC02:~# samba-tool domain join conylec.local DC -U
>> "conylec\administrador" --dns-backend=SAMBA_INTERNAL
>> --server=DC01.conylec.local
>> Password for [CONYLEC\administrado]:
>> workgroup is CONYLEC
>> realm is conylec.local
>> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
>> Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> Join failed - cleaning up
>> Deleted CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
>> ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
>> <00002030: objectclass: Cannot add
>>
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local,
>> parent does not exist!> <>
>>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>> line 176, in _run
>>      return self.run(*args, **kwargs)
>>    File
"/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
>> 661, in run
>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
>>    File "/usr/lib/python2.7/dist-packages/samba/join.py",
line 1474, in join_DC
>>      ctx.do_join()
>>    File "/usr/lib/python2.7/dist-packages/samba/join.py",
line 1375, in do_join
>>      ctx.join_add_objects()
>>    File "/usr/lib/python2.7/dist-packages/samba/join.py",
line 631, in
>> join_add_objects
>>      ctx.samdb.add(rec)
>>
>>
>> You see a important different, in the first join the DNS (Windows DC
not fsmo) :
>> Adding
CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>> Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=conylec,DC=local
>>
>> And the second the DNS is  (Samba DC  is fsmo):
>>
>> Adding CN=DC02,OU=Domain Controllers,DC=conylec,DC=local
>> Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=conylec,DC=local
>>
>> the first join the DN is correct, but in the second is wrong. you have
>> any idea to continue?
>>
>> Thanks.
>