samba - May 2020 - Failed to commit objects: DOS code 0x000021bf attempting to add DC to Zentyal 3.2 domain (samba 4.1.7)

So there is no migration path?  I really don't want to rebuild my domain if
I can help it.  I wouldn't mind so much having to recreate users as much as
having user's desktop profiles be orphaned.

How would I tell if it was openldap vs pure samba ad-dc?

Rich

----- On May 25, 2020, at 10:52 AM, samba samba at lists.samba.org wrote:
> On 25/05/2020 15:26, Rich Webb via samba wrote:
>>
>> Also I am currently using 4.10.15 as I tried to backrev to a version
that would
>> join properly. The -d4 produced a ton of output... Let me know if you
need more
>> but here is the final pieces that would likely give a clue.  I have no
idea
>> what mail-fs1 is.. that may have been an old host name possibly left
hanging
>> around in DNS?  The DC's name is fs1:
>>
>> Missing parent while attempting to apply records: No parent with GUID
>> fe34e0f7-7c0d-415d-af6e-d564e2b1cdb4 found for object remotely known as
>> CN=mail-fs1,OU=Kerberos,DC=tca,DC=local
>> Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
>> Join failed - cleaning up
> 
> I think you might not get anywhere here, I don't think Zentyal 3.2
> actually was a pure AD DC, I think it ran openldap as well, possibly on
> a different port.
> 
> Rowland
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

On 25/05/2020 16:14, Rich Webb via samba wrote:
> So there is no migration path?  I really don't want to rebuild my
domain if I can help it.  I wouldn't mind so much having to recreate users
as much as having user's desktop profiles be orphaned.
>
> How would I tell if it was openldap vs pure samba ad-dc?
>
I do not use zentyal, so I am not sure about upgrading it. Zentyal isn't 
a Samba product, it is a Distro that uses Samba. I seem to remember that 
3.2 used openldap as well as Samba, I am unsure just how Samba was used.

What I am trying to point out is, you will probably get better help 
asking on the zentyal forum. If it can be confirmed that zentyal 3.2 
does use Samba as an AD DC (and not an NT4-style DC) then you might be 
able to join an earlier version of Samba to it and then go from there.

As to finding out what ldap is being used for, you could try using 
ldapsearch to dump to a file and then examine this.

Rowland

On 25/05/2020 16:50, Rowland penny via samba wrote:
> On 25/05/2020 16:14, Rich Webb via samba wrote:
>> So there is no migration path?? I really don't want to rebuild my 
>> domain if I can help it.? I wouldn't mind so much having to
recreate
>> users as much as having user's desktop profiles be orphaned.
>>
>> How would I tell if it was openldap vs pure samba ad-dc?
>>
> I do not use zentyal, so I am not sure about upgrading it. Zentyal 
> isn't a Samba product, it is a Distro that uses Samba. I seem to 
> remember that 3.2 used openldap as well as Samba, I am unsure just how 
> Samba was used.
>
> What I am trying to point out is, you will probably get better help 
> asking on the zentyal forum. If it can be confirmed that zentyal 3.2 
> does use Samba as an AD DC (and not an NT4-style DC) then you might be 
> able to join an earlier version of Samba to it and then go from there.
>
> As to finding out what ldap is being used for, you could try using 
> ldapsearch to dump to a file and then examine this.
>
> Rowland
>
>
>
OK, first the good news, your zentyal is running Samba as an AD DC, now 
for the bad news:

It is also running another kdc on port 8880 and slapd on port 390.

Now for the really bad news, it is also using the pre 2008 dns.

I think you will have to 'walk' your zentyal up the Samba versions until
you get the latest dns version, though I am not sure about this, never 
had to do this.

It might just be easier to start again with a new domain.

Rowland