Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] cannot join an existing AD as either a RODC or DC w/ samba4
152 views
Skip to first unread message
Mike Edwards
Jan 10, 2013, 5:10:02 PM1/10/13
to
I'm unable to have samba4 join an existing AD domain as either an RODC
(preferrable) or merely a DC.
AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it.
Domain functional level is Win2k3.
### Adding samba4 as an RODC ###
# samba-tool domain join -d5 my.domain RODC -U'admi...@MY.DOMAIN' --server=nysv-vmdc3.my.domain
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [admi...@MY.DOMAIN]:
Timed out smb_krb5 packet
Received smb_krb5 packet of length 148
Timed out smb_krb5 packet
Received smb_krb5 packet of length 1450
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
workgroup is MY
realm is my.domain
checking sAMAccountName
Adding CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 19
LDAP_CONSTRAINT_VIOLATION - <000020B5: AtrErr: DSID-03152804, #2:
0: 000020B5: DSID-03152804, problem 1005 (CONSTRAINT_ATT_TYPE), data
0, Att 90786 (msDS-NeverRevealGroup)
1: 000020B5: DSID-03152804, problem 1005 (CONSTRAINT_ATT_TYPE), data
0, Att 90788 (msDS-RevealOnDemandGroup)
> <>
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 558, in run
dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1071, in join_RODC
ctx.do_join()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1007, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 499, in join_add_objects
ctx.samdb.add(rec)
### Adding samba4 as a DC ###
# samba-tool domain join -d5 my.domain DC -U'admi...@MY.DOMAIN' --server=nysv-vmdc3.my.domain
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [admi...@MY.DOMAIN]:
Timed out smb_krb5 packet
Received smb_krb5 packet of length 148
Timed out smb_krb5 packet
Received smb_krb5 packet of length 1450
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
workgroup is MY
realm is my.domain
checking sAMAccountName
Adding CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain
Adding
CN=NYSV-NIS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain
Join failed - cleaning up
checking sAMAccountName
Deleted CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=my,DC=domain <0000208D: NameErr:
DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Sites,CN=Configuration,DC=my,DC=domain'
> <>
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1104, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1007, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 518, in join_add_objects
ctx.samdb.add(rec)
Any ideas?
--
Mike Edwards | If this email address disappears,
Unsolicited advertisments to | assume it was spammed to death. To
this address are not welcome. | reach me in that case, s/-.*@/@/
"Our progress as a nation can be no swifter than our progress in education.
The human mind is our fundamental resource."
-- John F. Kennedy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
(preferrable) or merely a DC.
AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it.
Domain functional level is Win2k3.
### Adding samba4 as an RODC ###
# samba-tool domain join -d5 my.domain RODC -U'admi...@MY.DOMAIN' --server=nysv-vmdc3.my.domain
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [admi...@MY.DOMAIN]:
Timed out smb_krb5 packet
Received smb_krb5 packet of length 148
Timed out smb_krb5 packet
Received smb_krb5 packet of length 1450
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
workgroup is MY
realm is my.domain
checking sAMAccountName
Adding CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 19
LDAP_CONSTRAINT_VIOLATION - <000020B5: AtrErr: DSID-03152804, #2:
0: 000020B5: DSID-03152804, problem 1005 (CONSTRAINT_ATT_TYPE), data
0, Att 90786 (msDS-NeverRevealGroup)
1: 000020B5: DSID-03152804, problem 1005 (CONSTRAINT_ATT_TYPE), data
0, Att 90788 (msDS-RevealOnDemandGroup)
> <>
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 558, in run
dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1071, in join_RODC
ctx.do_join()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1007, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 499, in join_add_objects
ctx.samdb.add(rec)
### Adding samba4 as a DC ###
# samba-tool domain join -d5 my.domain DC -U'admi...@MY.DOMAIN' --server=nysv-vmdc3.my.domain
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
added interface eth0 ip=fe80::20c:29ff:fef7:cd62%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=fe80::20c:29ff:fef7:cd6c%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
added interface eth1 ip=192.168.42.1 bcast=192.168.42.255
netmask=255.255.255.0
added interface eth0 ip=10.2.40.194 bcast=10.2.40.255
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [admi...@MY.DOMAIN]:
Timed out smb_krb5 packet
Received smb_krb5 packet of length 148
Timed out smb_krb5 packet
Received smb_krb5 packet of length 1450
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
workgroup is MY
realm is my.domain
checking sAMAccountName
Adding CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain
Adding
CN=NYSV-NIS1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=my,DC=domain
Join failed - cleaning up
checking sAMAccountName
Deleted CN=NYSV-NIS1,OU=Domain Controllers,DC=my,DC=domain
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=my,DC=domain <0000208D: NameErr:
DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
'CN=Sites,CN=Configuration,DC=my,DC=domain'
> <>
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1104, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 1007, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 518, in join_add_objects
ctx.samdb.add(rec)
Any ideas?
--
Mike Edwards | If this email address disappears,
Unsolicited advertisments to | assume it was spammed to death. To
this address are not welcome. | reach me in that case, s/-.*@/@/
"Our progress as a nation can be no swifter than our progress in education.
The human mind is our fundamental resource."
-- John F. Kennedy
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Mike Edwards
Jan 11, 2013, 12:20:01 PM1/11/13
to
I'm stuck trying to figure out what the next step should be. Any hints
on what I could try?
On Thu, Jan 10, 2013 at 04:53:59PM -0500, Mike Edwards babbled thus:
on what I could try?
On Thu, Jan 10, 2013 at 04:53:59PM -0500, Mike Edwards babbled thus:
> I'm unable to have samba4 join an existing AD domain as either an RODC
> (preferrable) or merely a DC.
>
> AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it.
> Domain functional level is Win2k3.
>
>
> ### Adding samba4 as an RODC ###
>
*chomp*
> (preferrable) or merely a DC.
>
> AD domain is Win2k3, but we recently added a pair of Win2k8 DCs to it.
> Domain functional level is Win2k3.
>
>
> ### Adding samba4 as an RODC ###
>
>
> ### Adding samba4 as a DC ###
>
*chomp*
> ### Adding samba4 as a DC ###
>
Dewayne Geraghty
Feb 6, 2013, 6:10:03 AM2/6/13
to
I've spent a good part of the day trying to figure out the sequence for getting a samba4 AD DC and Samba4 RODC
From the Microsoft site, I recall seeing that RODC requires a domain functional level of W2k8R2. There is also a clue at
(http://blog.tridgell.net/) to a wintest suite. Within your source tree you'll find test-s4-howto.py under /samba-4.0.3/wintest. It
only talks about W2K8. There's also "W2K8R2C" and "W2K8R2A" which are machines names, so disregard.
Unfortunately without doc or "list" guidance, I'll defer trying to work out the incantation for a pure samba4 AD DC - RODC setup for
the time-being. Tridges video for a multimaster is enticing but uses 4.0.0Alpha11 http://blog.tridgell.net/?p=12
Good luck.
Regards, Dewayne.
0 new messages