Arndt Kritzner
2022-Feb-13 19:38 UTC
[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain
When trying to join an existing 2012R2 ADS (object Version 69) this results in
an error and subsequential rollback of
the join:
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py",
line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py",
line 700, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1543,
in join_DC
ctx.do_join()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1440,
in do_join
ctx.join_add_dns_records()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1181,
in join_add_dns_records
= ctx.samdb.dns_lookup("%s.%s" % (name, zone),
File "/usr/lib/python3.10/site-packages/samba/samdb.py", line 1357,
in dns_lookup
return dsdb_dns.lookup(self, dns_name,
Samba version is 4.15.5 (Arch Linux). The ADS-domain is of software version 69
(W2012R2) on an W2k8 base system. I was
installing and initializing samba after this tutorial:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
DNS and Kerberos might work. The existing DC/DNS reports in the Moment of the
exception an event 6702 (see below). With
in the end the same result these join commands were attempted:
samba-tool domain join kk.lokal DC --use-krb5-ccache=/tmp/krb5cc_0 --verbose
-d3
samba-tool domain join kk.lokal DC -U"KK\Administrator"
--dns-backend=SAMBA_INTERNAL --verbose -d3
Any ideas how to resolve or further investigate this? For details see below.
Kind regards
Arndt
details:
=====================================================================================================event
6702 (windows DNS side) description: german info: "DNS-Server hat die
eigenen Host-Eintr?ge (A) aktualisiert. Um
sicherzustellen, dass die verzeichnisdienstintegrierten Peer-DNS-Server mit
diesem Server replizieren k?nnen, wurde
versucht, diese mit dem neuen Eintrag mittels dynamischer Aktualisierung zu
aktualisieren. Dabei ist ein Fehler
aufgetreten. Die Daten enthalten den Fehlercode."
=> means:"DNS server has updated it's own host entries (A). ... was
tried to also update peer DNSes. This resulted in an
error. ..."
[root at dc1-samba ~]# klist
Ticketzwischenspeicher: FILE:/tmp/krb5cc_0
Standard-Principal: Administrator at KK.LOCAL
Valid starting Expires Service principal
13.02.2022 16:26:07 14.02.2022 02:26:07 krbtgt/KK.LOCAL at KK.LOCAL
erneuern bis 14.02.2022 16:26:01
13.02.2022 16:33:20 14.02.2022 02:26:07 ldap/ADS-2008.kk.local at KK.LOCAL
13.02.2022 16:33:20 14.02.2022 02:26:07 ldap/ADS-2008.KK.LOCAL at KK.LOCAL
13.02.2022 16:33:28 14.02.2022 02:26:07 host/ADS-2008.KK.LOCAL at KK.LOCAL
[root at dc1-samba ~]# smbd -b | egrep
"LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR"
LOCKDIR: /var/cache/samba
STATEDIR: /var/lib/samba
CACHEDIR: /var/cache/samba
PRIVATE_DIR: /var/lib/samba/private
[root at dc1-samba ~]# find /var/cache/samba -name "*db" -exec rm {}
\;
[root at dc1-samba ~]# find /var/lib/samba -name "*db" -exec rm {} \;
[root at dc1-samba ~]# rm /etc/samba/smb.conf
[root at dc1-samba ~]# samba-tool domain join kk.local DC
--use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
INFO 2022-02-13 17:36:05,040 pid:2096
/usr/lib/python3.10/site-packages/samba/join.py #105: Finding a writeable DC for
domain 'kk.local'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.kk.local<0x0>
INFO 2022-02-13 17:36:05,045 pid:2096
/usr/lib/python3.10/site-packages/samba/join.py #107: Found DC ADS-2008.kk.local
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
INFO 2022-02-13 17:36:05,080 pid:2096
/usr/lib/python3.10/site-packages/samba/join.py #1527: workgroup is KK
INFO 2022-02-13 17:36:05,080 pid:2096
/usr/lib/python3.10/site-packages/samba/join.py #1530: realm is kk.local
Adding CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Adding
CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
Adding CN=NTDS
Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
Adding SPNs to CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Setting account password for DC1-SAMBA$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
INFO 2022-02-13 17:36:05,362 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2105: Looking up
IPv4 addresses
INFO 2022-02-13 17:36:05,362 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2122: Looking up
IPv6 addresses
WARNING 2022-02-13 17:36:05,362 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2129: No IPv6
address will be assigned
INFO 2022-02-13 17:36:05,556 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2271: Setting up
share.ldb
INFO 2022-02-13 17:36:05,570 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2275: Setting up
secrets.ldb
INFO 2022-02-13 17:36:05,578 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2280: Setting up
the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows
NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal
Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key
'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE'
not found
key added:
key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
INFO 2022-02-13 17:36:05,605 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2283: Setting up
the privileges database
INFO 2022-02-13 17:36:05,618 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2286: Setting up
idmap db
INFO 2022-02-13 17:36:05,628 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2293: Setting up
SAM db
INFO 2022-02-13 17:36:05,631 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #880: Setting up
sam.ldb partitions and settings
INFO 2022-02-13 17:36:05,631 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #892: Setting up
sam.ldb rootDSE
INFO 2022-02-13 17:36:05,634 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #1305: Pre-loading
the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No
such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on
local domainSIDs
INFO 2022-02-13 17:36:05,649 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2345: A Kerberos
configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
INFO 2022-02-13 17:36:05,649 pid:2096
/usr/lib/python3.10/site-packages/samba/provision/__init__.py #2347: Merge the
contents of this file with your system krb5.conf or replace it with this one. Do
not create a symlink!
Provision OK for domain DN DC=kk,DC=local
Starting replication
Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[402/2277]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[804/2277]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[1206/2277]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[1608/2277]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] objects[1743/2277]
linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=kk,DC=local from
37215069-30ae-460f-a9aa-90172f984318
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Replicated 1743 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[402/3491] linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[804/3491] linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1206/3491]
linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1608/3491]
linked_values[0/12]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1896/3491]
linked_values[0/12]
dsdb_replicated_objects_convert: Ignoring object outside partition
28cc91bc-56cb-4e6e-b855-c4d9fb1de9e1
CN=Schema,CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
Replicated 287 objects (0 linked attributes) for CN=Configuration,DC=kk,DC=local
Partition[CN=Configuration,DC=kk,DC=local] objects[1949/3491]
linked_values[12/12]
Replicated 53 objects (12 linked attributes) for CN=Configuration,DC=kk,DC=local
Replicating critical objects from the base DN of the domain
Partition[DC=kk,DC=local] objects[99/148] linked_values[0/16]
Replicated 99 objects (0 linked attributes) for DC=kk,DC=local
Partition[DC=kk,DC=local] objects[402/5344] linked_values[0/16]
Replicated 402 objects (0 linked attributes) for DC=kk,DC=local
Partition[DC=kk,DC=local] objects[661/5344] linked_values[16/16]
dsdb_replicated_objects_convert: Ignoring object outside partition
0072135d-84d3-4a6b-8161-558fae7f612f
CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
dsdb_replicated_objects_convert: Ignoring object outside partition
1c3e80cd-a49b-496e-91e3-9163f182345a
DC=DomainDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
dsdb_replicated_objects_convert: Ignoring object outside partition
87ce9ad5-1c53-4529-87ba-da71ba908779
DC=ForestDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED
Replicated 256 objects (16 linked attributes) for DC=kk,DC=local
Partition[DC=kk,DC=local] objects[741/5344] linked_values[16/16]
Replicated 80 objects (0 linked attributes) for DC=kk,DC=local
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=kk,DC=local
Partition[DC=DomainDnsZones,DC=kk,DC=local] objects[21/21] linked_values[0/0]
Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=kk,DC=local
Replicating DC=ForestDnsZones,DC=kk,DC=local
Partition[DC=ForestDnsZones,DC=kk,DC=local] objects[5/5] linked_values[0/0]
Replicated 5 objects (0 linked attributes) for DC=ForestDnsZones,DC=kk,DC=local
Exop on[CN=RID Manager$,CN=System,DC=kk,DC=local] objects[3] linked_values[0]
Discarding older DRS attribute update to objectClass on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to whenCreated on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to name on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to fSMORoleOwner on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to systemFlags on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectCategory on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to isCriticalSystemObject on CN=RID
Manager$,CN=System,DC=kk,DC=local from
3b98d086-0b63-4b2f-81e7-a8855827b4f5
Discarding older DRS attribute update to objectClass on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to whenCreated on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to displayName on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to name on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to userAccountControl on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to codePage on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to countryCode on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to dBCSPwd on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to localPolicyFlags on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to logonHours on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to unicodePwd on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to ntPwdHistory on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to pwdLastSet on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to primaryGroupID on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to supplementalCredentials on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
from 5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectSid on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to accountExpires on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to lmPwdHistory on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to sAMAccountName on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to sAMAccountType on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to dNSHostName on CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to servicePrincipalName on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to objectCategory on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from
5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to isCriticalSystemObject on
CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
from 5382ee1d-7748-45f1-80ff-318179cceab7
Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on
CN=DC1-SAMBA,OU=Domain
Controllers,DC=kk,DC=local from 5382ee1d-7748-45f1-80ff-318179cceab7
Replicated 3 objects (0 linked attributes) for DC=kk,DC=local
Committing SAM database
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
Badly formatted SDDL '
(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)'
replmd_prepare_commit: Processing linked attributes
Repacking database from v1 to v2 format (first record
CN=Scope-Flags,CN=Schema,CN=Configuration,DC=kk,DC=local)
Repack: re-packed 10000 records so far
Repacking database from v1 to v2 format (first record
CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,CN=Configuration,DC=kk,DC=local)
Repacking database from v1 to v2 format (first record
DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=kk,DC=local)
Repacking database from v1 to v2 format (first record CN=NTDS
Quotas,DC=ForestDnsZones,DC=kk,DC=local)
Repacking database from v1 to v2 format (first record
CN=E74E40BE7F8F42468F72B5888FDE5E96300AE2B119D511DEAF31525400123457,CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=kk,DC=local)
INFO 2022-02-13 17:36:12,173 pid:2096
/usr/lib/python3.10/site-packages/samba/join.py #1100: Adding 1 remote DNS
records
for DC1-SAMBA.kk.local
Using binding ncacn_ip_tcp:ADS-2008.kk.local[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
ADS-2008.kk.local<0x20>
INFO 2022-02-13 17:36:12,205 pid:2096
/usr/lib/python3.10/site-packages/samba/join.py #1163: Adding DNS A record
DC1-SAMBA.kk.local for IPv4 IP: 192.168.1.3
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for KK from both
secrets.ldb (Could not find entry to match filter:
'(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:4774) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Deleted CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local
Deleted CN=NTDS
Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
Deleted
CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local
ERROR(runtime): uncaught exception - (9003,
'WERR_DNS_ERROR_RCODE_NAME_ERROR')
File "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py",
line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py",
line 700, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1543,
in join_DC
ctx.do_join()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1440,
in do_join
ctx.join_add_dns_records()
File "/usr/lib/python3.10/site-packages/samba/join.py", line 1181,
in join_add_dns_records
= ctx.samdb.dns_lookup("%s.%s" % (name, zone),
File "/usr/lib/python3.10/site-packages/samba/samdb.py", line 1357,
in dns_lookup
return dsdb_dns.lookup(self, dns_name,
[root at dc1-samba ~]# cat /var/lib/samba/private/krb5.conf
[libdefaults]
default_realm = KK.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
KK.LOCAL = {
default_domain = kk.local
}
[domain_realm]
DC1-SAMBA = KK.LOCAL
L. van Belle
2022-Feb-14 10:17 UTC
[Samba] Exception and error (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an existing W2012R2 domain
The important part of thie message. Could not find machine account in secrets database: Failed to fetch machine account password for KK from both secrets.ldb (Could not find entry to match filter: '(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4774) and from This is the hint : cn=Primary Domains Was this from origin a 2003 server? Read this carefully. https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting * also https://bugzilla.samba.org/show_bug.cgi?id=13298 I did look for a solution here, i know there is one but i cant find it. Sooo.. Lets hope Rowland his memory is better then mine today. ;-) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Arndt Kritzner via samba > Verzonden: zondag 13 februari 2022 20:39 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Exception and error > (WERR_DNS_ERROR_RCODE_NAME_ERROR) joining samba 4.15.5 to an > existing W2012R2 domain > > When trying to join an existing 2012R2 ADS (object Version > 69) this results in an error and subsequential rollback of > the join: > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > File > "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py", > line 186, in _run > return self.run(*args, **kwargs) > File > "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py", > line 700, in run > join_DC(logger=logger, server=server, creds=creds, > lp=lp, domain=domain, > File "/usr/lib/python3.10/site-packages/samba/join.py", > line 1543, in join_DC > ctx.do_join() > File "/usr/lib/python3.10/site-packages/samba/join.py", > line 1440, in do_join > ctx.join_add_dns_records() > File "/usr/lib/python3.10/site-packages/samba/join.py", > line 1181, in join_add_dns_records > = ctx.samdb.dns_lookup("%s.%s" % (name, zone), > File "/usr/lib/python3.10/site-packages/samba/samdb.py", > line 1357, in dns_lookup > return dsdb_dns.lookup(self, dns_name, > > Samba version is 4.15.5 (Arch Linux). The ADS-domain is of > software version 69 (W2012R2) on an W2k8 base system. I was > installing and initializing samba after this tutorial: > > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Exis > ting_Active_Directory > DNS and Kerberos might work. The existing DC/DNS reports in > the Moment of the exception an event 6702 (see below). With > in the end the same result these join commands were attempted: > samba-tool domain join kk.lokal DC > --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3 > samba-tool domain join kk.lokal DC -U"KK\Administrator" > --dns-backend=SAMBA_INTERNAL --verbose -d3 > > Any ideas how to resolve or further investigate this? For > details see below. > > Kind regards > Arndt > > > details: > =============================================================> =======================================> event 6702 (windows DNS side) description: german info: > "DNS-Server hat die eigenen Host-Eintr?ge (A) aktualisiert. Um > sicherzustellen, dass die verzeichnisdienstintegrierten > Peer-DNS-Server mit diesem Server replizieren k?nnen, wurde > versucht, diese mit dem neuen Eintrag mittels dynamischer > Aktualisierung zu aktualisieren. Dabei ist ein Fehler > aufgetreten. Die Daten enthalten den Fehlercode." > => means:"DNS server has updated it's own host entries (A). > ... was tried to also update peer DNSes. This resulted in an > error. ..." > > [root at dc1-samba ~]# klist > Ticketzwischenspeicher: FILE:/tmp/krb5cc_0 > Standard-Principal: Administrator at KK.LOCAL > > Valid starting Expires Service principal > 13.02.2022 16:26:07 14.02.2022 02:26:07 krbtgt/KK.LOCAL at KK.LOCAL > erneuern bis 14.02.2022 16:26:01 > 13.02.2022 16:33:20 14.02.2022 02:26:07 > ldap/ADS-2008.kk.local at KK.LOCAL > 13.02.2022 16:33:20 14.02.2022 02:26:07 > ldap/ADS-2008.KK.LOCAL at KK.LOCAL > 13.02.2022 16:33:28 14.02.2022 02:26:07 > host/ADS-2008.KK.LOCAL at KK.LOCAL > > > [root at dc1-samba ~]# smbd -b | egrep > "LOCKDIR|STATEDIR|CACHEDIR|PRIVATE_DIR" > LOCKDIR: /var/cache/samba > STATEDIR: /var/lib/samba > CACHEDIR: /var/cache/samba > PRIVATE_DIR: /var/lib/samba/private > [root at dc1-samba ~]# find /var/cache/samba -name "*db" -exec rm {} \; > [root at dc1-samba ~]# find /var/lib/samba -name "*db" -exec rm {} \; > [root at dc1-samba ~]# rm /etc/samba/smb.conf > > > [root at dc1-samba ~]# samba-tool domain join kk.local DC > --use-krb5-ccache=/tmp/krb5cc_0 --verbose -d3 > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'http_negotiate' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > INFO 2022-02-13 17:36:05,040 pid:2096 > /usr/lib/python3.10/site-packages/samba/join.py #105: Finding > a writeable DC for > domain 'kk.local' > resolve_lmhosts: Attempting lmhosts lookup for name > _ldap._tcp.kk.local<0x0> > INFO 2022-02-13 17:36:05,045 pid:2096 > /usr/lib/python3.10/site-packages/samba/join.py #107: Found > DC ADS-2008.kk.local > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > INFO 2022-02-13 17:36:05,080 pid:2096 > /usr/lib/python3.10/site-packages/samba/join.py #1527: workgroup is KK > INFO 2022-02-13 17:36:05,080 pid:2096 > /usr/lib/python3.10/site-packages/samba/join.py #1530: realm > is kk.local > Adding CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local > Adding > CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,C > N=Sites,CN=Configuration,DC=kk,DC=local > Adding CN=NTDS > Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local> Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > Adding SPNs to CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local > Setting account password for DC1-SAMBA$ > Enabling account > Calling bare provision > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > lpcfg_load: refreshing parameters from /etc/samba/smb.conf > INFO 2022-02-13 17:36:05,362 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2105: Looking up > IPv4 addresses > INFO 2022-02-13 17:36:05,362 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2122: Looking up > IPv6 addresses > WARNING 2022-02-13 17:36:05,362 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2129: No IPv6 > address will be assigned > INFO 2022-02-13 17:36:05,556 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2271: Setting up > share.ldb > INFO 2022-02-13 17:36:05,570 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2275: Setting up > secrets.ldb > INFO 2022-02-13 17:36:05,578 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2280: Setting up > the registry > ldb_wrap open of hklm.ldb > Key 'key=SOFTWARE,hive=NONE' not found > key added: key=SOFTWARE,hive=NONE > Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found > key added: key=CurrentVersion,key=Windows > NT,key=Microsoft,key=SOFTWARE,hive=NONE > Key 'key=SYSTEM,hive=NONE' not found > key added: key=SYSTEM,hive=NONE > Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found > key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYST > EM,hive=NONE' not found > key added: > key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTE > M,hive=NONE > Key > 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=N > ONE' not found > key added: > key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: key=Terminal > Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' > not found > key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hi > ve=NONE' not found > key added: > key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSe > t,key=SYSTEM,hive=NONE' not found > key added: > key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet > ,key=SYSTEM,hive=NONE > Key > 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hiv > e=NONE' not found > key added: > key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE > Key > 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet > ,key=SYSTEM,hive=NONE' not found > key added: > key=Parameters,key=Alerter,key=Services,key=CurrentControlSet, > key=SYSTEM,hive=NONE > INFO 2022-02-13 17:36:05,605 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2283: Setting up > the privileges database > INFO 2022-02-13 17:36:05,618 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2286: Setting up > idmap db > INFO 2022-02-13 17:36:05,628 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2293: Setting up SAM db > INFO 2022-02-13 17:36:05,631 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #880: Setting up > sam.ldb partitions and settings > INFO 2022-02-13 17:36:05,631 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #892: Setting up > sam.ldb rootDSE > INFO 2022-02-13 17:36:05,634 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #1305: Pre-loading > the Samba 4 and AD schema > partition_metadata: Migrating partition metadata: open of > metadata.tdb gave: No such Base DN: @INDEXLIST > Unable to determine the DomainSID, can not enforce uniqueness > constraint on local domainSIDs > > INFO 2022-02-13 17:36:05,649 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2345: A Kerberos > configuration suitable for Samba AD has been generated at > /var/lib/samba/private/krb5.conf > INFO 2022-02-13 17:36:05,649 pid:2096 > /usr/lib/python3.10/site-packages/samba/provision/__init__.py > #2347: Merge the > contents of this file with your system krb5.conf or replace > it with this one. Do not create a symlink! > Provision OK for domain DN DC=kk,DC=local > Starting replication > Using binding ncacn_ip_tcp:ADS-2008.kk.local[,seal] > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] > objects[402/2277] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] > objects[804/2277] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] > objects[1206/2277] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] > objects[1608/2277] linked_values[0/0] > Schema-DN[CN=Schema,CN=Configuration,DC=kk,DC=local] > objects[1743/2277] linked_values[0/0] > Analyze and apply schema objects > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to dSASignature on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 37215069-30ae-460f-a9aa-90172f984318 > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to nTSecurityDescriptor > on CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to dSASignature on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 37215069-30ae-460f-a9aa-90172f984318 > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to nTSecurityDescriptor > on CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to dSASignature on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 37215069-30ae-460f-a9aa-90172f984318 > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to nTSecurityDescriptor > on CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to objectClass on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to whenCreated on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to dSASignature on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 37215069-30ae-460f-a9aa-90172f984318 > Discarding older DRS attribute update to objectVersion on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > showInAdvancedViewOnly on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to nTSecurityDescriptor > on CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to name on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to fSMORoleOwner on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to objectCategory on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to schemaInfo on > CN=Schema,CN=Configuration,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Replicated 1743 objects (0 linked attributes) for > CN=Schema,CN=Configuration,DC=kk,DC=local > Partition[CN=Configuration,DC=kk,DC=local] objects[402/3491] > linked_values[0/12] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=kk,DC=local > Partition[CN=Configuration,DC=kk,DC=local] objects[804/3491] > linked_values[0/12] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=kk,DC=local > Partition[CN=Configuration,DC=kk,DC=local] objects[1206/3491] > linked_values[0/12] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=kk,DC=local > Partition[CN=Configuration,DC=kk,DC=local] objects[1608/3491] > linked_values[0/12] > Replicated 402 objects (0 linked attributes) for > CN=Configuration,DC=kk,DC=local > Partition[CN=Configuration,DC=kk,DC=local] objects[1896/3491] > linked_values[0/12] > dsdb_replicated_objects_convert: Ignoring object outside > partition 28cc91bc-56cb-4e6e-b855-c4d9fb1de9e1 > CN=Schema,CN=Configuration,DC=kk,DC=local: > WERR_DS_ADD_REPLICA_INHIBITED > Replicated 287 objects (0 linked attributes) for > CN=Configuration,DC=kk,DC=local > Partition[CN=Configuration,DC=kk,DC=local] objects[1949/3491] > linked_values[12/12] > Replicated 53 objects (12 linked attributes) for > CN=Configuration,DC=kk,DC=local > Replicating critical objects from the base DN of the domain > Partition[DC=kk,DC=local] objects[99/148] linked_values[0/16] > Replicated 99 objects (0 linked attributes) for DC=kk,DC=local > Partition[DC=kk,DC=local] objects[402/5344] linked_values[0/16] > Replicated 402 objects (0 linked attributes) for DC=kk,DC=local > Partition[DC=kk,DC=local] objects[661/5344] linked_values[16/16] > dsdb_replicated_objects_convert: Ignoring object outside > partition 0072135d-84d3-4a6b-8161-558fae7f612f > CN=Configuration,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED > dsdb_replicated_objects_convert: Ignoring object outside > partition 1c3e80cd-a49b-496e-91e3-9163f182345a > DC=DomainDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED > dsdb_replicated_objects_convert: Ignoring object outside > partition 87ce9ad5-1c53-4529-87ba-da71ba908779 > DC=ForestDnsZones,DC=kk,DC=local: WERR_DS_ADD_REPLICA_INHIBITED > Replicated 256 objects (16 linked attributes) for DC=kk,DC=local > Partition[DC=kk,DC=local] objects[741/5344] linked_values[16/16] > Replicated 80 objects (0 linked attributes) for DC=kk,DC=local > Done with always replicated NC (base, config, schema) > Replicating DC=DomainDnsZones,DC=kk,DC=local > Partition[DC=DomainDnsZones,DC=kk,DC=local] objects[21/21] > linked_values[0/0] > Replicated 21 objects (0 linked attributes) for > DC=DomainDnsZones,DC=kk,DC=local > Replicating DC=ForestDnsZones,DC=kk,DC=local > Partition[DC=ForestDnsZones,DC=kk,DC=local] objects[5/5] > linked_values[0/0] > Replicated 5 objects (0 linked attributes) for > DC=ForestDnsZones,DC=kk,DC=local > Exop on[CN=RID Manager$,CN=System,DC=kk,DC=local] objects[3] > linked_values[0] > Discarding older DRS attribute update to objectClass on > CN=RID Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to whenCreated on > CN=RID Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to > showInAdvancedViewOnly on CN=RID > Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to nTSecurityDescriptor > on CN=RID Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to name on CN=RID > Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to fSMORoleOwner on > CN=RID Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to systemFlags on > CN=RID Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to objectCategory on > CN=RID Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to > isCriticalSystemObject on CN=RID > Manager$,CN=System,DC=kk,DC=local from > 3b98d086-0b63-4b2f-81e7-a8855827b4f5 > Discarding older DRS attribute update to objectClass on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to whenCreated on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to displayName on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to nTSecurityDescriptor > on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to name on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to userAccountControl > on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to codePage on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to countryCode on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to dBCSPwd on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to localPolicyFlags on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to logonHours on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to unicodePwd on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to ntPwdHistory on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to pwdLastSet on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to primaryGroupID on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > supplementalCredentials on CN=DC1-SAMBA,OU=Domain > Controllers,DC=kk,DC=local > from 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to objectSid on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to accountExpires on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to lmPwdHistory on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to sAMAccountName on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to sAMAccountType on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to dNSHostName on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to servicePrincipalName > on CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to objectCategory on > CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local from > 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > isCriticalSystemObject on CN=DC1-SAMBA,OU=Domain > Controllers,DC=kk,DC=local > from 5382ee1d-7748-45f1-80ff-318179cceab7 > Discarding older DRS attribute update to > msDS-SupportedEncryptionTypes on CN=DC1-SAMBA,OU=Domain > Controllers,DC=kk,DC=local from 5382ee1d-7748-45f1-80ff-318179cceab7 > Replicated 3 objects (0 linked attributes) for DC=kk,DC=local > Committing SAM database > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > Badly formatted SDDL ' > (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)' > replmd_prepare_commit: Processing linked attributes > Repacking database from v1 to v2 format (first record > CN=Scope-Flags,CN=Schema,CN=Configuration,DC=kk,DC=local) > Repack: re-packed 10000 records so far > Repacking database from v1 to v2 format (first record > CN=nTDSSettings-Display,CN=40B,CN=DisplaySpecifiers,CN=Configu > ration,DC=kk,DC=local) > Repacking database from v1 to v2 format (first record > DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,DC=Dom > ainDnsZones,DC=kk,DC=local) > Repacking database from v1 to v2 format (first record CN=NTDS > Quotas,DC=ForestDnsZones,DC=kk,DC=local) > Repacking database from v1 to v2 format (first record > CN=E74E40BE7F8F42468F72B5888FDE5E96300AE2B119D511DEAF315254001 > 23457,CN=ObjectMoveTable,CN=FileLinks,CN=System,DC=kk,DC=local) > INFO 2022-02-13 17:36:12,173 pid:2096 > /usr/lib/python3.10/site-packages/samba/join.py #1100: Adding > 1 remote DNS records > for DC1-SAMBA.kk.local > Using binding ncacn_ip_tcp:ADS-2008.kk.local[,sign] > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name > ADS-2008.kk.local<0x20> > INFO 2022-02-13 17:36:12,205 pid:2096 > /usr/lib/python3.10/site-packages/samba/join.py #1163: Adding > DNS A record > DC1-SAMBA.kk.local for IPv4 IP: 192.168.1.3 > Join failed - cleaning up > ldb_wrap open of secrets.ldb > Could not find machine account in secrets database: Failed to > fetch machine account password for KK from both > secrets.ldb (Could not find entry to match filter: > '(&(flatname=KK)(objectclass=primaryDomain))' base: 'cn=Primary > Domains': No such object: dsdb_search at > ../../source4/dsdb/common/util.c:4774) and from > /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO > Deleted CN=RID Set,CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local > Deleted CN=DC1-SAMBA,OU=Domain Controllers,DC=kk,DC=local > Deleted CN=NTDS > Settings,CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,CN=Sites,CN=Configuration,DC=kk,DC=local> Deleted > CN=DC1-SAMBA,CN=Servers,CN=Standardname-des-ersten-Standorts,C > N=Sites,CN=Configuration,DC=kk,DC=local > ERROR(runtime): uncaught exception - (9003, > 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > File > "/usr/lib/python3.10/site-packages/samba/netcmd/__init__.py", > line 186, in _run > return self.run(*args, **kwargs) > File > "/usr/lib/python3.10/site-packages/samba/netcmd/domain.py", > line 700, in run > join_DC(logger=logger, server=server, creds=creds, > lp=lp, domain=domain, > File "/usr/lib/python3.10/site-packages/samba/join.py", > line 1543, in join_DC > ctx.do_join() > File "/usr/lib/python3.10/site-packages/samba/join.py", > line 1440, in do_join > ctx.join_add_dns_records() > File "/usr/lib/python3.10/site-packages/samba/join.py", > line 1181, in join_add_dns_records > = ctx.samdb.dns_lookup("%s.%s" % (name, zone), > File "/usr/lib/python3.10/site-packages/samba/samdb.py", > line 1357, in dns_lookup > return dsdb_dns.lookup(self, dns_name, > > > [root at dc1-samba ~]# cat /var/lib/samba/private/krb5.conf > [libdefaults] > default_realm = KK.LOCAL > dns_lookup_realm = false > dns_lookup_kdc = true > > [realms] > KK.LOCAL = { > default_domain = kk.local > } > > [domain_realm] > DC1-SAMBA = KK.LOCAL > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >