Hi,
To rule out any issues with cryptographic libraries I have tried to join only
after setting 'update-crypto-policies --set DEFAULT:AD-SUPPORT-LEGACY'
and as this did not make a difference 'update-crypto-policies --set
LEGACY' each followed by a reboot. So I don't think it is related to
that.
As the error is
...
Could not find machine account in secrets database: Failed to fetch machine
account password for SUB from both secrets.ldb (Could not find entry to match
filter: '(&(flatname=SUB)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../../source4/dsdb/common/util.c:5731) and from
/usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
...
I ran ldbsearch manually of secrets.ldb. On the new DC the file exists with same
size as on the existing DCs but it is missing this record whereas on the other
DCs it is found with 'samAccountName: MDC02$' and 'samAccountName:
MDC01$' respectively. It looks like this is only added during the join
procedure. Why wasn't it added and the new MDC03?
secrets.tdb is completely empty:
Number of records: 0
Whereas on the other DCs I have 8 records each.
Is the secrets LDB & TDB also replicated during the join or is it generated
locally from other data? Why wasn't it replicated correctly?
Thanks
________________________________________
From: samba <samba-bounces at lists.samba.org> on behalf of Peter
Mittermayer via samba <samba at lists.samba.org>
Sent: Monday, December 9, 2024 9:40 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Error when joining new DC
Yes. FIPS mode is disabled: The OS installation was done without enabling it.
[root at mdc02 samba]# fips-mode-setup --check
Installation of FIPS modules is not completed.
FIPS mode is disabled.
Anything else to check? Basically, I followed the instructions in the Wiki to
build and install Samba.
Peter