thr3ads.net - samba - [Samba] Joining a samba ad dc domain from another samba installation [Apr 2022]

If this information is useful, please help other people find it:
Share via:

François Legal

2022-Apr-25 10:52 UTC

[Samba] Joining a samba ad dc domain from another samba installation

Hello,

I've got a debian Buster machine running samba as AD DC. To upgrade to
Bullseye, I installed a new VM, and tried to join the domain as another DC, so
that I could then migrate everything using the setup in VM.

Unfortunately, when trying to join the domain, I always get the same error shown
below. I tried to increase le log verbosity on both end, but that did not give
me a hint on what was going on.

I tried all the authentication options outlined in the wiki with no luck.

Can anybody point me in the right direction.

My samba versions are :
Version 4.9.5-Debian on the current DC [my-dc].[my samba domain]
Version 4.13.13-Debian on the VM that I try to join to the domain.

Oh, I also tried to join the domain as a normal machine, and that failed in the
same way.

Thanks in advance

Fran?ois

samba-tool domain join [my samba domain] DC -k yes --dns-backend=BIND9_DLZ
--option='idmap_ldb:use rfc2307 = yes'
INFO 2022-04-25 10:41:04,952 pid:374
/usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable DC for
domain '[my samba domain]'
INFO 2022-04-25 10:41:04,973 pid:374
/usr/lib/python3/dist-packages/samba/join.py #109: Found DC  [my-dc].[my samba
domain]
ERROR(<class 'samba.join.DCJoinException'>): uncaught exception -
Can't join, error: 00002020: Operation unavailable without authentication
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line
661, in run
    join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1536, in
join_DC
    ctx = DCJoinContext(logger, server, creds, lp, site, netbios_name,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 121, in
__init__
    raise DCJoinException(estr)

Jonathon Reinhart

2022-Apr-25 13:24 UTC

head link

[Samba] Joining a samba ad dc domain from another samba installation

On Mon, Apr 25, 2022 at 7:13 AM Fran?ois Legal via samba <
samba at lists.samba.org> wrote:
>
> samba-tool domain join [my samba domain] DC -k yes --dns-backend=BIND9_DLZ
> --option='idmap_ldb:use rfc2307 = yes'
> INFO 2022-04-25 10:41:04,952 pid:374
> /usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable DC
> for domain '[my samba domain]'
> INFO 2022-04-25 10:41:04,973 pid:374
> /usr/lib/python3/dist-packages/samba/join.py #109: Found DC  [my-dc].[my
> samba domain]
> ERROR(<class 'samba.join.DCJoinException'>): uncaught
exception - Can't
> join, error: 00002020: Operation unavailable without authentication
>
I see you used "-k yes". Did you confirm that you have a valid
Kerberos TGT
for a Domain Admin account? (Run "kinit" to get a ticket and
"klist" to
check.)

samba - Apr 2022 - Joining a samba ad dc domain from another samba installation

[Samba] Joining a samba ad dc domain from another samba installation

[Samba] Joining a samba ad dc domain from another samba installation