join attempted via
sudo samba-tool domain join net.example.com DC
-U'NET.EXAMPLE.COM\administrator'
--option='idmap_ldb:use rfc2307 = yes
failure lines
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically signed
INFO 2020-11-13 09:00:44,891 pid:12210
/usr/local/samba/lib/python3.8/site-packages/samba/join.py #1178: Adding
DNS A record TLA-DC06.NET.EXAMPLE.COM for IPv4 IP: 10.74.20.69
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for EXAMPLE from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=EXAMPLE)(objectclass=primaryDomain))'
base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:4760) and from
/usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=TLA-DC06,OU=Domain Controllers,DC=NET,DC=EXAMPLE,DC=COM
Deleted CN=NTDS
Settings,CN=TLA-DC06,CN=Servers,CN=NBG,CN=Sites,CN=Configuration,DC=NET,DC=EXAMPLE,DC=COM
Deleted
CN=TLA-DC06,CN=Servers,CN=NBG,CN=Sites,CN=Configuration,DC=NET,DC=EXAMPLE,DC=COM
ERROR(runtime): uncaught exception - (9714,
'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST')
File
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/__init__.py",
line 186, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/domain.py",
line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py",
line
1558, in join_DC
ctx.do_join()
File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py",
line
1455, in do_join
ctx.join_add_dns_records()
File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py",
line
1196, in join_add_dns_records
= ctx.samdb.dns_lookup("%s.%s" % (name, zone),
File "/usr/local/samba/lib/python3.8/site-packages/samba/samdb.py",
line
1245, in dns_lookup
return dsdb_dns.lookup(self, dns_name,
This happens when trying to join a DC from packages or sources to a
existing domain that started as a 2003 server, was upgraded to 2008r2 them
migrated to samba. The FQDN is NET.EXAMPLE.COM here and the workgroup is
EXAMPLE
All servers are using bind9 for the backend and I have tried to join with
both the bind and samba dns backends
The lmhosts file is primed with ip address and server for all hosts.
The krbconf looks like this
[libdefaults]
default_realm = NET.EXAMPLE.COM
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
NET.EXAMPLE.COM = {
kdc = TLA-DC06 (NEW ubuntu server)
kdc = TLA-DC03 (working ubuntu server)
kdc = TLA-DC10 (working ubuntu server)
kdc = TLA-DC30 (working ubuntu server)
}
[domain_realm]
.net.example.com = NET.EXAMPLE.COM
Hosts file has all dc's and the domain in it.
The named.conf is based on the wiki and it is working well to my knowledge
This big thing that is stumping me is all our sites we build from the
ground up are named based on the wiki so we use
net.customer-owned-domain.com and the workgroup is net. While this site
preceded us and the workgroup is the customer-owned-domain
We found this
https://lists.samba.org/archive/samba/2020-February/228112.html
But I don't know where to go from here to fix this.
Is this the problem?
If so, what is our path to fix?
On 13/11/2020 19:45, Travis Wenks via samba wrote:> join attempted via > sudo samba-tool domain join net.example.com DC > -U'NET.EXAMPLE.COM\administrator' > --option='idmap_ldb:use rfc2307 = yesThe '-U NET.EXAMPLE.COM\administrator' should be either '-U NET\administrator' or just '-U administrator'> > failure lines > > gensec_gssapi: NO credentials were delegated > GSSAPI Connection will be cryptographically signed > INFO 2020-11-13 09:00:44,891 pid:12210 > /usr/local/samba/lib/python3.8/site-packages/samba/join.py #1178: Adding > DNS A record TLA-DC06.NET.EXAMPLE.COM for IPv4 IP: 10.74.20.69 > Join failed - cleaning upThe error was adding a DNS record, the rest of the output up to the python error message is just an artefact> ERROR(runtime): uncaught exception - (9714, > 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') > File > "/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/__init__.py", > line 186, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/domain.py", > line 661, in run > join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain, > File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py", line > 1558, in join_DC > ctx.do_join() > File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py", line > 1455, in do_join > ctx.join_add_dns_records() > File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py", line > 1196, in join_add_dns_records > = ctx.samdb.dns_lookup("%s.%s" % (name, zone), > File "/usr/local/samba/lib/python3.8/site-packages/samba/samdb.py", line > 1245, in dns_lookup > return dsdb_dns.lookup(self, dns_name, > > > This happens when trying to join a DC from packages or sources to a > existing domain that started as a 2003 server, was upgraded to 2008r2 them > migrated to samba.OK, you say it was a 2003 server upgraded to 2008R2, but was the DNS upgraded as well, see here: https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application Windows seems to work with the old DNS, Samba doesn't, so this could be your problem. Rowland
H Rowland Thank you for your insight. I have checked over the article and have found a remnant from the old domain. I think :) Let's assume the domain is travis.com and the samdom is net.travis.com. Under this I have a subdomain called _msdcs so I would think this would be called _msdcs.net.travis.com. In the RSAT DNS tool I right click and try to delete. I get "The DNS domain cannot be deleted. This function is not supported on this system." So my next logical step is to use samba-tool to remove it. I cannot wrap my head around how to do so. I am guessing something like sudo samba-tool dns delete localhost _msdcs.net.travis.com (but what goes here) Thank you in advance for your help Travis On Fri, Nov 13, 2020 at 12:11 PM Rowland penny via samba < samba at lists.samba.org> wrote:> On 13/11/2020 19:45, Travis Wenks via samba wrote: > > join attempted via > > sudo samba-tool domain join net.example.com DC > > -U'NET.EXAMPLE.COM\administrator' > > --option='idmap_ldb:use rfc2307 = yes > The '-U NET.EXAMPLE.COM\administrator' should be either '-U > NET\administrator' or just '-U administrator' > > > > failure lines > > > > gensec_gssapi: NO credentials were delegated > > GSSAPI Connection will be cryptographically signed > > INFO 2020-11-13 09:00:44,891 pid:12210 > > /usr/local/samba/lib/python3.8/site-packages/samba/join.py #1178: Adding > > DNS A record TLA-DC06.NET.EXAMPLE.COM for IPv4 IP: 10.74.20.69 > > Join failed - cleaning up > The error was adding a DNS record, the rest of the output up to the > python error message is just an artefact > > ERROR(runtime): uncaught exception - (9714, > > 'WERR_DNS_ERROR_NAME_DOES_NOT_EXIST') > > File > > "/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/__init__.py", > > line 186, in _run > > return self.run(*args, **kwargs) > > File > "/usr/local/samba/lib/python3.8/site-packages/samba/netcmd/domain.py", > > line 661, in run > > join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain, > > File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py", line > > 1558, in join_DC > > ctx.do_join() > > File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py", line > > 1455, in do_join > > ctx.join_add_dns_records() > > File "/usr/local/samba/lib/python3.8/site-packages/samba/join.py", line > > 1196, in join_add_dns_records > > = ctx.samdb.dns_lookup("%s.%s" % (name, zone), > > File "/usr/local/samba/lib/python3.8/site-packages/samba/samdb.py", line > > 1245, in dns_lookup > > return dsdb_dns.lookup(self, dns_name, > > > > > > This happens when trying to join a DC from packages or sources to a > > existing domain that started as a 2003 server, was upgraded to 2008r2 > them > > migrated to samba. > > OK, you say it was a 2003 server upgraded to 2008R2, but was the DNS > upgraded as well, see here: > > > https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application > > Windows seems to work with the old DNS, Samba doesn't, so this could be > your problem. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >