Web lists-archives.com

Re: [Samba] Joining Samba4 to existing AD




Hi Erick,

We were unable recently to join a 4.6.1 machine to the domain as a domain member server. Going back to 4.5.7 solved it immediately.

In our case it turned out to be a bug that will supposedly be fixed in samba 4.6.3. Perhaps this same bug is what's biting you...

Try the latest 4.5.x

MJ

On 04/07/2017 02:26 AM, Erick Ocrospoma via samba wrote:
Hi,

I have followed this guide on the wiki
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory,
in
order to join samba to an existing Active Directory.
I'm using CentOS 7, using Samba 4.6 and compiled from source.

So the thing is that I'm stuck on step
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller

Basically when I try to join Samba to the AD I get this error

[root@samba-dc-02 ]# samba-tool domain join EXAMPLE.COM DC -U
"EXAMPLE/Administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'EXAMPLE.COM'
Found DC dc-01.example.com
Password for [EXAMPLE\Administrator]:
workgroup is EXAMPLE
realm is example.com
Adding CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
Adding
CN=SAMBA-DC-02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Join failed - cleaning up
Deleted CN=SAMBA-DC-02,OU=Domain Controllers,DC=example,DC=com
ERROR(ldb): uncaught exception - LDAP error 32 LDAP_NO_SUCH_OBJECT -
CN=Sites,CN=Configuration,DC=example,DC=com <0000208D: NameErr:
DSID-03100238, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=Sites,CN=Configuration,DC=example,DC=com'
<>
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py",
line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1269, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
1175, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line
606, in join_add_objects
    ctx.samdb.add(rec)


This is my currrent Kerberos conf

[root@samba-dc-02 ]# cat /etc/krb5.conf
[libdefaults]
        dns_lookup_realm = false
        dns_lookup_kdc = true
        default_realm = EXAMPLE.COM


And the Kerberos ticket is opened successfully.

[root@samba-dc-02 ]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@xxxxxxxxxxx

Valid starting       Expires              Service principal
04/06/2017 20:42:24  04/07/2017 06:42:24  krbtgt/EXAMPLE.COM@xxxxxxxxxxx
        renew until 04/07/2017 20:42:18

The Samba server itelsf resolves to the AD ip

[root@samba-dc-02 ]# cat /etc/resolv.conf
# Generated by NetworkManager
search example.com
nameserver 10.3.251.19


Anybody have an idea what could be happening? Thanks in advance.




--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba