Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Joining samba4 as a DC to Windows Server 2012 active directory
533 views
Skip to first unread message
James-Arthur Eaton Gonzalez
Apr 28, 2013, 5:57:08 AM4/28/13
to
Hello all,
I am attempting to join samba4 to my current domain which is controlled by
a Windows 2012 Active Directory Server. When following the instructions on
the official WIKI:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
I am able to do a kinit administrator, which then gives me a ticket which I
can see via klist.
The problem is that once I run the command:
# bin/samba-tool domain join samba.example.com DC -Uadministrator
--realm=samba.example.com
It does not work. I get the following error:
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
Could this be because of the version of AD? I can't find much
around compatibility of this version of Windows. Any help is greatly
appreciated.
Here is the full debug:
1. ./samba-tool domain join example.com DC -Uadministrator --realm=
example.com
2. Finding a writeable DC for domain 'example.com'
3. Found DC dc01.example.com
4. Password for [WORKGROUP\administrator]:
5. workgroup is EXAMPLE
6. realm is example.com
7. checking sAMAccountName
8. Deleted CN=DC02,CN=Computers,DC=example,DC=com
9. Adding CN=DC02,OU=Domain Controllers,DC=example,DC=com
10. Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
11. Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
12. DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
13. Join failed - cleaning up
14. checking sAMAccountName
15. Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=com
16. Deleted
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
17. ERROR(runtime): uncaught exception - DsAddEntry failed
18. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
19. return self.run(*args, **kwargs)
20. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
21. machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
22. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1104,
in join_DC
23. ctx.do_join()
24. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1007,
in do_join
25. ctx.join_add_objects()
26. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 525,
in join_add_objects
27. ctx.join_add_ntdsdsa()
28. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 458,
in join_add_ntdsdsa
29. ctx.DsAddEntry([rec])
30. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 421,
in DsAddEntry
31. raise RuntimeError("DsAddEntry failed")
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I am attempting to join samba4 to my current domain which is controlled by
a Windows 2012 Active Directory Server. When following the instructions on
the official WIKI:
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
I am able to do a kinit administrator, which then gives me a ticket which I
can see via klist.
The problem is that once I run the command:
# bin/samba-tool domain join samba.example.com DC -Uadministrator
--realm=samba.example.com
It does not work. I get the following error:
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
Could this be because of the version of AD? I can't find much
around compatibility of this version of Windows. Any help is greatly
appreciated.
Here is the full debug:
1. ./samba-tool domain join example.com DC -Uadministrator --realm=
example.com
2. Finding a writeable DC for domain 'example.com'
3. Found DC dc01.example.com
4. Password for [WORKGROUP\administrator]:
5. workgroup is EXAMPLE
6. realm is example.com
7. checking sAMAccountName
8. Deleted CN=DC02,CN=Computers,DC=example,DC=com
9. Adding CN=DC02,OU=Domain Controllers,DC=example,DC=com
10. Adding
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
11. Adding CN=NTDS
Settings,CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
12. DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
'WERR_DS_INCOMPATIBLE_VERSION')
13. Join failed - cleaning up
14. checking sAMAccountName
15. Deleted CN=DC02,OU=Domain Controllers,DC=example,DC=com
16. Deleted
CN=DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
17. ERROR(runtime): uncaught exception - DsAddEntry failed
18. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
19. return self.run(*args, **kwargs)
20. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 552, in run
21. machinepass=machinepass, use_ntvfs=use_ntvfs,
dns_backend=dns_backend)
22. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1104,
in join_DC
23. ctx.do_join()
24. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1007,
in do_join
25. ctx.join_add_objects()
26. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 525,
in join_add_objects
27. ctx.join_add_ntdsdsa()
28. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 458,
in join_add_ntdsdsa
29. ctx.DsAddEntry([rec])
30. File
"/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 421,
in DsAddEntry
31. raise RuntimeError("DsAddEntry failed")
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Matthieu Patou
Apr 30, 2013, 12:36:01 AM4/30/13
to
On 04/28/2013 02:57 AM, James-Arthur Eaton Gonzalez wrote:
> Hello all,
>
> I am attempting to join samba4 to my current domain which is controlled by
> a Windows 2012 Active Directory Server. When following the instructions on
> the official WIKI:
>
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>
> I am able to do a kinit administrator, which then gives me a ticket which I
> can see via klist.
>
> The problem is that once I run the command:
>
>
> # bin/samba-tool domain join samba.example.com DC -Uadministrator
> --realm=samba.example.com
>
>
> It does not work. I get the following error:
> DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
> 'WERR_DS_INCOMPATIBLE_VERSION')
>
> Could this be because of the version of AD? I can't find much
> around compatibility of this version of Windows. Any help is greatly
> appreciated.
What is the level of your forest and domain, I suspect that you have a
> Hello all,
>
> I am attempting to join samba4 to my current domain which is controlled by
> a Windows 2012 Active Directory Server. When following the instructions on
> the official WIKI:
>
> http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>
> I am able to do a kinit administrator, which then gives me a ticket which I
> can see via klist.
>
> The problem is that once I run the command:
>
>
> # bin/samba-tool domain join samba.example.com DC -Uadministrator
> --realm=samba.example.com
>
>
> It does not work. I get the following error:
> DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567,
> 'WERR_DS_INCOMPATIBLE_VERSION')
>
> Could this be because of the version of AD? I can't find much
> around compatibility of this version of Windows. Any help is greatly
> appreciated.
2012 Forest and Domain level.
For the moment we don't support this and we still have a schema issue
with 2012 so you'd better off not using 2012.
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
0 new messages