thr3ads.net - samba - [Samba] Linux/Windows Domain Controller [Nov 2023]

If this information is useful, please help other people find it:
Share via:

matti.kaupenjohann

2023-Oct-30 12:25 UTC

[Samba] Linux/Windows Domain Controller

Hi together,

did nobody before joined a Windows Functional Level 2016 Domain with 
Samba 4.19?

Am 10/25/23 um 13:58 schrieb matti.kaupenjohann via
samba:> So. I've builded 4.19.2 from source. building worked fine and I've 
> configured like the following:
>
> ./configure \
> ?? ?--sbindir=/usr/local/sbin \
> ?? ?--bindir=/usr/local/bin \
> ?? ?--sysconfdir=/etc/samba \
> ?? ?--mandir=/usr/share/man \
> ?? ?--systemd-install-services \
> ?? ?--with-systemddir=/lib/systemd/system \
> ?? ?--enable-selftest \
> ?? ?--disable-cups
>
> I ran make quicktest with no resulting issues.
>
> I generated a ticket with kinit administrator which worked as expected.
>
> Afterwards I tried to join the domain with:
>
> samba-tool domain join mydomain.special.de DC
-U"mydomain\administrator"
>
> Which resulted in the foloowing already known error:
>
> INFO 2023-10-25 11:56:33,488 pid:403032 
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #106: 
> Finding a writeable DC for domain 'mydomain.special.de'
> INFO 2023-10-25 11:56:33,505 pid:403032 
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #108: 
> Found DC dc02.mydomain.special.de
> Password for [MYDOMAIN\administrator]:
> INFO 2023-10-25 11:56:41,616 pid:403032 
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1614: 
> workgroup is MYDOMAIN
> INFO 2023-10-25 11:56:41,617 pid:403032 
> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1617: 
> realm is mydomain.special.de
> Adding CN=DC03,OU=Domain Controllers,DC=mydomain,DC=special,DC=de
> Adding 
>
CN=DC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=special,DC=de
> Adding CN=NTDS 
>
Settings,CN=DC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=special,DC=de
> DsAddEntry failed with status WERR_ACCESS_DENIED info (8567, 
> 'WERR_DS_INCOMPATIBLE_VERSION')
> Join failed - cleaning up
> Deleted CN=DC03,OU=Domain Controllers,DC=mydomain,DC=special,DC=de
> Deleted 
>
CN=DC03,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=special,DC=de
> ERROR(runtime): uncaught exception - DsAddEntry failed
> ??? File 
>
"/usr/local/samba/lib/python3.10/site-packages/samba/netcmd/__init__.py",
> line 279, in _run
> ??? ??? return self.run(*args, **kwargs)
> ??? File 
>
"/usr/local/samba/lib/python3.10/site-packages/samba/netcmd/domain/join.py",
> line 128, in run
> ??? ??? join_DC(logger=logger, server=server, creds=creds, lp=lp, 
> domain=domain,
> ??? File 
> "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
> 1630, in join_DC
> ??? ??? ctx.do_join()
> ??? File 
> "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
> 1518, in do_join
> ??? ??? ctx.join_add_objects()
> ??? File 
> "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
> 673, in join_add_objects
> ??? ??? ctx.join_add_ntdsdsa()
> ??? File 
> "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
> 598, in join_add_ntdsdsa
> ??? ??? ctx.DsAddEntry([rec])
> ??? File 
> "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
> 534, in DsAddEntry
> ??? ??? raise RuntimeError("DsAddEntry failed")
>
> Seems from my position still be an issue with functional level 2016. 
> Do I need to configure differently?
> Further I am curious about the systemd service flag. The created and 
> installed services doesn't uses as exec samba -D instead it uses samba 
> --foreground.
>
> Am 10/19/23 um 10:39 schrieb Stefan Kania via samba:
>
>>
>>
>> Am 18.10.23 um 23:27 schrieb Matti Kaupenjohann via samba:
>>> Yes I've red this section and the docu is saying no FL above
2008.
>>> Might be caused by incompleted docu? So far I understand if we
don't
>>> use >4.19 we will not be able to use FL 2016 which is necessary 
>>> since our DC WIN22 is configured as FL2016?
>>
>> Yes you MUST usee 4.19 ;-)
>>
>>>
>>> On 18.10.23 19:10, Stefan Kania via samba wrote:
>>>> If you take a look at:
>>>>
>>>>
https://wiki.samba.org/index.php/Windows_2012_Server_compatibility
>>>>
>>>> You will find your error message. I think your domain is
running
>>>> with FL 2012 and you are using a samba version < 4.19. So
you can
>>>> only go up to FL 2008_R2. The new 4.19 is the first version 
>>>> supporting FL >2008_R2. There you can go up to FL 2016.
>>>>
>>>>
>>>> Am 18.10.23 um 18:05 schrieb matti.kaupenjohann via samba:
>>>>> DsAddEntry failed with status WERR_ACCESS_DENIED info
(8567,
>>>>> 'WERR_DS_INCOMPATIBLE_VERSION')
>>>>
>>>>
>>>
>>
>>
>>-- 

Mit freundlichen Gr??en

Matti Kaupenjohann

Fachhochschule Dortmund
University of Applied Sciences and Arts

*Kaupenjohann, Matti*
FB Informationstechnik,

Sonnenstra?e 96 - 44139 Dortmund
Raum SON-A A701.4
Tel???? 0231 9112 9190
matti.kaupenjohann at fh-dortmund.de
www.fh-dortmund.de

Think before you print!

Stefan Kania

2023-Nov-02 16:02 UTC

head link

[Samba] Linux/Windows Domain Controller

Am 30.10.23 um 13:25 schrieb matti.kaupenjohann via
samba:> 
> did nobody before joined a Windows Functional Level 2016 Domain with 
> Samba 4.19?I did, with:
samba-tool domain join example.net DC --realm=example.net --option="ad 
dc functional level = 2016"  --dns-backend=BIND9_DLZ --backend-store=mdb 
-Uadministrator
--

Seemingly Similar Threads

Search for more reasonably related threads

samba - Nov 2023 - Linux/Windows Domain Controller

[Samba] Linux/Windows Domain Controller

[Samba] Linux/Windows Domain Controller

Seemingly Similar Threads