samba - May 2023 - Need help setting up Samba DC in Windows environment

On 09/05/2023 09:21, Andrew Bartlett wrote:
> On Tue, 2023-05-09 at 08:24 +0100, Rowland Penny via samba wrote:
>>
>> Several things here, first is, I know it works on arm64, because I
>> run
>>
>> my DC's on arm64.
>>
>>
>>
>> Next, you are going to have to use Administrator to join the DC, a
>>
>> normal user doesn't work.
>>
>>
>>
>> Why is 'krbtgt' called 'krbtgt_14279' and then why is
it being
>> renamed
>>
>> to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever
happen
>> before.
> 
> This looks like joining as an RODC, which wasn't what the command
> showed. Odd.
> 
> Andrew Bartlett
> 
Which would explain why I do not remember seeing anything like that, I 
have never set up an RODC.

Still think we need more info.

Rowland

On 09/05/2023 10:03, Rowland Penny via samba wrote:
> 
> 
> On 09/05/2023 09:21, Andrew Bartlett wrote:
>> On Tue, 2023-05-09 at 08:24 +0100, Rowland Penny via samba wrote:
>>>
>>> Several things here, first is, I know it works on arm64, because I
>>> run
>>>
>>> my DC's on arm64.
>>>
>>>
>>>
>>> Next, you are going to have to use Administrator to join the DC, a
>>>
>>> normal user doesn't work.
>>>
>>>
>>>
>>> Why is 'krbtgt' called 'krbtgt_14279' and then why
is it being
>>> renamed
>>>
>>> to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever
happen
>>> before.
>>
>> This looks like joining as an RODC, which wasn't what the command
>> showed. Odd.
>>
>> Andrew Bartlett
>>
> 
> Which would explain why I do not remember seeing anything like that, I 
> have never set up an RODC.
> 
> Still think we need more info.
> 
> Rowland
> 
After a quick read of the code, it looks like the code that is renaming 
'krbtgt' should only be run if 'krbtgt_dn' exists in
'ctx', which looks
like it should only happen when joining an RODC.
My only thoughts are, has the OP provisioned a new DC and is now trying 
to 'join' this to an existing AD domain ?

Rowland

> On May 9, 2023, at 02:03, Rowland Penny via samba <samba at
lists.samba.org> wrote:
> 
> ?
> 
>> On 09/05/2023 09:21, Andrew Bartlett wrote:
>>> On Tue, 2023-05-09 at 08:24 +0100, Rowland Penny via samba wrote:
>>> 
>>> Several things here, first is, I know it works on arm64, because I
>>> run
>>> 
>>> my DC's on arm64.
Yes, just trying to provide complete information. 
>>> 
>>> 
>>> 
>>> Next, you are going to have to use Administrator to join the DC, a
>>> 
>>> normal user doesn't work.
The account Owen.Delong is a domain administrator and has been used previously
to add several devices to the domain.
>>> 
>>> 
>>> 
>>> Why is 'krbtgt' called 'krbtgt_14279' and then why
is it being
>>> renamed
I honestly don?t know. How could I find out?
>>> 
>>> to 'krbtgt_SJC-BR-01' ? I cannot remember seeing that ever
happen
>>> before.
I don?t know what these are. SJC-BR-01 is the hostname of the samba DC I?m
trying to add.
>> 
>> This looks like joining as an RODC, which wasn't what the command
>> showed. Odd.
The results are the same whether I specify DC or RODC. An RODC would be an
acceptable outcome here if that?s easier.
>> 
>> Andrew Bartlett
>> 
> 
> Which would explain why I do not remember seeing anything like that, I
> have never set up an RODC.
> 
> Still think we need more info.
Happy to provide whatever info is useful, but could use some guidance on what to
collect/provide and possibly how to gather it.

Thanks,

Owen


> 
> Rowland
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba