Rowland Penny
2023-May-09 07:24 UTC
[Samba] Need help setting up Samba DC in Windows environment
On 09/05/2023 00:34, Owen DeLong via samba wrote:> I'm having difficulty constructing my first samba DC in a currently windows-only environment. > When I run: > samba-tool domain join <domain> DC -U ?<workgroup>\owen.delong" > I get the authentication prompt, enter my password, then: > INFO 2023-05-08 15:28:07,002 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1488: workgroup is <workgroup> > INFO 2023-05-08 15:28:07,004 pid:73304 /usr/lib/python3/dist-packages/samba/join.py #1491: realm is <domain> > Adding CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2> > Adding CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> > Got krbtgt_name=krbtgt_14279 > Renaming CN=krbtgt_SJC-BR-01,CN=Users,DC=<domain1>,DC=<domain2> to CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2> > Adding CN=SJC-BR-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> > Join failed - cleaning up > Deleted CN=SJC-BR-01,OU=Domain Controllers,DC=<domain1>,DC=<domain2> > Deleted CN=krbtgt_14279,CN=Users,DC=<domain1>,DC=<domain2> > ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2> <0000208D: NameErr: DSID-0310028C, problem 2001 (NO_OBJECT), data 0, best match of: > 'CN=Sites,CN=Configuration,DC=<domain1>,DC=<domain2>' >> <> > I'm completely out of my depth when it comes to Active Directory. I'm a long-time linux/unix/juniper/cisco guy. > The intent is for this to be a local DC at a stub site (branch office). > This is on a dietpi system (arm64, nanopi r6s). > Linux sjc-br-01 5.10.110 #1 SMP Tue Mar 14 21:59:07 CST 2023 aarch64 GNU/Linux > Samba 4.13.13-Debian > (.deb package install) > > > > Any assistance, pointers, references greatly appreciated. > > Thanks, > > Owen >Several things here, first is, I know it works on arm64, because I run my DC's on arm64. Next, you are going to have to use Administrator to join the DC, a normal user doesn't work. Why is 'krbtgt' called 'krbtgt_14279' and then why is it being renamed to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever happen before. I have never used dietpi, but believe it is based on Debian, if this is the case, you will be better off using Samba from backports. I think you need to tell us just what you did (in broad terms for now) before you ran the samba-tool join command. Rowland
Andrew Bartlett
2023-May-09 08:21 UTC
[Samba] Need help setting up Samba DC in Windows environment
On Tue, 2023-05-09 at 08:24 +0100, Rowland Penny via samba wrote:> > Several things here, first is, I know it works on arm64, because I > run > > my DC's on arm64. > > > > Next, you are going to have to use Administrator to join the DC, a > > normal user doesn't work. > > > > Why is 'krbtgt' called 'krbtgt_14279' and then why is it being > renamed > > to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever happen > before.This looks like joining as an RODC, which wasn't what the command showed. Odd. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst.Net Limited Catalyst.Net Ltd - a Catalyst IT group company - Expert Open Source Solutions