samba - May 2024 - LDAP error 53 LDAP_UNWILLING_TO_PERFORM

On Tue, 28 May 2024 12:22:23 +0300
Omnis ludis - games <sergey.gortinsc17 at gmail.com> wrote:
> the CENTOS 7 operating system is used
OK, but where did you get the Samba packages from, by default, Centos,
like RHEL cannot be provisioned or joined as a DC.
> the command to enter is as follows: samba-tool domain join
> admugra.local DC -U Administrator --dns-backend=BIND9_DLZ
Using '.local' is not recommended or supported.
> --realm=ADMUGRA.LOCAL 
> --backend-store=mdb 
Don't change the backend, it isn't required.
> --option="ad dc functional
> level = 2016" --server=dc1.admugra.local -d 10
> version exactly 4.19
Sorry, but no it isn't, it will be in the format 4.19.x where 'x' is
a
number between (at present) 0 and 6
> join to DC not RODC
That is what I cannot understand, your error is this:

ERROR(ldb): uncaught exception - LDAP error 53
LDAP_UNWILLING_TO_PERFORM - <00002010: SvcErr: DSID-031A124C, problem
5003 (WILL_NOT_PERFORM), data 0> <> File
"samba/netcmd/__init__.py",
line 279, in samba.netcmd.Command._run File
"samba/netcmd/domain/join.py", line 130, in
samba.netcmd.domain.join.cmd_domain_join.run File "samba/join.py",
line
1683, in samba.join.join_DC File "samba/join.py", line 1590, in
samba.join.DCJoinContext.do_join File "samba/join.py", line 1563, in
samba.join.DCJoinContext.do_join File "samba/join.py",
logger.info("Joined domain %s (SID %s) as an RODC" % (ctx.domain_name,
ctx.domsid))line 649, in samba.join.DCJoinContext.join_add_objects
Adding CN=DCRED,OU=Domain Controllers,DC=domain,DC=local

The last of the 'File' lines is where the error actually occurs and
each one of the 'File' lines calls the next.
If you download the 4.19.0 tarball and go to python/samba/join.py then
to line 649, you will find that it is actually a blank line, but line
651 is: print("Adding %s" % ctx.server_dn), which is the last line of
your error.
Line 649 is part of join_add_objects
The line above it in the error is line 1563, which is DCJoinContext and
this calls 'ctx.do_join()', which, if it succeeds, runs the next line:

logger.info("Joined domain %s (SID %s) as an RODC" % (ctx.domain_name,
 ctx.domsid))

So I come back to my original question, where did you get your Samba
packages from ?
You seem to running the command to join as a DC, but it seems to end up
trying join as an RODC, unless I am missing something somewhere.

Rowland

A Windows-based domain controller is definitely not an RODC, I can?t
understand why it goes to this line, I?m putting together a package for
testing myself, making some changes to it, maybe this is related to this,
tell me about local, why it?s not advisable to use .local

??, 28 ??? 2024??. ? 14:26, Rowland Penny via samba <samba at
lists.samba.org>:
> On Tue, 28 May 2024 12:22:23 +0300
> Omnis ludis - games <sergey.gortinsc17 at gmail.com> wrote:
>
> > the CENTOS 7 operating system is used
>
> OK, but where did you get the Samba packages from, by default, Centos,
> like RHEL cannot be provisioned or joined as a DC.
>
> > the command to enter is as follows: samba-tool domain join
> > admugra.local DC -U Administrator --dns-backend=BIND9_DLZ
>
> Using '.local' is not recommended or supported.
>
> > --realm=ADMUGRA.LOCAL
> > --backend-store=mdb
>
> Don't change the backend, it isn't required.
>
> > --option="ad dc functional
> > level = 2016" --server=dc1.admugra.local -d 10
> > version exactly 4.19
>
> Sorry, but no it isn't, it will be in the format 4.19.x where
'x' is a
> number between (at present) 0 and 6
>
> > join to DC not RODC
>
> That is what I cannot understand, your error is this:
>
> ERROR(ldb): uncaught exception - LDAP error 53
> LDAP_UNWILLING_TO_PERFORM - <00002010: SvcErr: DSID-031A124C, problem
> 5003 (WILL_NOT_PERFORM), data 0> <> File
"samba/netcmd/__init__.py",
> line 279, in samba.netcmd.Command._run File
> "samba/netcmd/domain/join.py", line 130, in
> samba.netcmd.domain.join.cmd_domain_join.run File
"samba/join.py", line
> 1683, in samba.join.join_DC File "samba/join.py", line 1590, in
> samba.join.DCJoinContext.do_join File "samba/join.py", line 1563,
in
> samba.join.DCJoinContext.do_join File "samba/join.py",
> logger.info("Joined domain %s (SID %s) as an RODC" %
(ctx.domain_name,
> ctx.domsid))line 649, in samba.join.DCJoinContext.join_add_objects
> Adding CN=DCRED,OU=Domain Controllers,DC=domain,DC=local
>
> The last of the 'File' lines is where the error actually occurs and
> each one of the 'File' lines calls the next.
> If you download the 4.19.0 tarball and go to python/samba/join.py then
> to line 649, you will find that it is actually a blank line, but line
> 651 is: print("Adding %s" % ctx.server_dn), which is the last
line of
> your error.
> Line 649 is part of join_add_objects
> The line above it in the error is line 1563, which is DCJoinContext and
> this calls 'ctx.do_join()', which, if it succeeds, runs the next
line:
>
> logger.info("Joined domain %s (SID %s) as an RODC" %
(ctx.domain_name,
>  ctx.domsid))
>
> So I come back to my original question, where did you get your Samba
> packages from ?
> You seem to running the command to join as a DC, but it seems to end up
> trying join as an RODC, unless I am missing something somewhere.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>