What are the small local changes that were necessary?
On Wed, Jun 30, 2021 at 1:11 PM Klaus Ade Johnstad via samba <
samba at lists.samba.org> wrote:
> On 30.06.2021 21:32, Rowland Penny via samba wrote:
> > On Wed, 2021-06-30 at 20:42 +0200, Klaus Ade Johnstad via samba wrote:
> >> I'm looking at a new hosting provider for a new project, and
one of
> >> the
> >> things we need setup, is a Samba ReadOnly DC at the hosting
places,
> >> talking to our DC at the office over vpn. I've tried 4
different
> >> hostingproviders, and joining a Samba DC from 3 of these providers
> >> works
> >> flawlessly. I have a script that sets up everything, so the setup
is
> >> identical everywhere. I use Debian 10 with the newest samba
packages
> >> from Louis.
> >>
> >> At one place this just does not work. The weird thing is that
klist
> >> works, ldapsearch works, I can even join as a normal member, just
not
> >> as
> >> a RODC, or normal DC for that matter. There is no firewall
stopping
> >> anything. I just wonder if anyone has seen something like this? Or
> >> if
> >> they have an idea what might be stopping this?
> >>
> >> This is that I get every time, but only at 1 of the 4 different
> >> hosting
> >> places I've tried:
> >> samba-tool domain join s.d-s.no RODC
-U"AD\\Administrator"
> >> --dns-backend=SAMBA_INTERNAL --option='idmap_ldb:use rfc2307
= yes'
> >> --server=dc01.s.d-s.no --option="interfaces=lo tun9"
--option="bind
> >> interfaces only=yes"
> >>
> >
> > Try it like this:
> >
> > samba-tool domain join s.d-s.no RODC -U Administrator --
> > password=ADMINISTRATOR_PASSWORD --option='idmap_ldb:use rfc2307 =
yes'
> > --option="interfaces = lo tun9" --option="bind
interfaces only = yes"
> >
> > I take it that everything else is identical, /etc/resolv.conf for
> > instance.
> >
> > Rowland
> >
> >
> >
>
> Thanks for the answer, should have mentioned in my first mail that I
> have tried that, but I did it again like you suggest. Everything is
> identical across this 4 providers, the same /etc/hosts and
> /etc/resolv.conf (with small local necessary changes)
>
> samba-tool domain join s.d-s.no RODC -U Administrator --password=secret
> --option='idmap_ldb:use rfc2307 = yes' --option="interfaces=lo
tun9"
> --option="bind interfaces only=yes"
> WARNING: Using password on command line is insecure. Please install the
> setproctitle python module.
> INFO 2021-06-30 22:06:15,586 pid:764
> /usr/lib/python3/dist-packages/samba/join.py #106: Finding a writeable
> DC for domain 's.d-s.no'
> INFO 2021-06-30 22:06:16,188 pid:764
> /usr/lib/python3/dist-packages/samba/join.py #108: Found DC dc01.s.d-s.no
> ERROR(<class 'samba.join.DCJoinException'>): uncaught
exception - Can't
> join, error: 00002020: Operation unavailable without authentication
> File
"/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
> 186, in _run
> return self.run(*args, **kwargs)
> File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py",
line
> 681, in run
> backend_store_size=backend_store_size)
> File "/usr/lib/python3/dist-packages/samba/join.py", line
1483, in
> join_RODC
> backend_store_size=backend_store_size)
> File "/usr/lib/python3/dist-packages/samba/join.py", line 120,
in
> __init__
> raise DCJoinException(estr)
>
>
> --
> Klaus Ade Johnstad
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>