Web lists-archives.com

[Samba] join samba 4.5.12 to samba 4.1.13 failed




Hi there,

I have 2 DC servers(samba 4.1.13) working for more than 1 year.
When I join samba 4.5.12 to the domain, it fails on this error:
....
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
...

Environment:
2 existing DCs: DC1 and DC2, CentOS 6.2 32bit, compiled Samba 4.1.13
1 new DC: DC3, Centos 6.8 64bit, compiled Samba 4.5.12
DNS settings: samba 4 internal DNS.
Windows clients use conpany DNS servers which forward AD zone to AD servers


What I did on the new DC DC3:
# tar xvf samba-4.5.12.tar
# cd samba-4.5.12
# ./configure --prefix=/usr/local/samba
# make
# make install

# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.42 dc3.mydomain.htft dc3

# cat /etc/krb5.conf
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
[libdefaults]
 default_realm = MYDOMAIN.HTFT
 dns_lookup_realm = false
 dns_lookup_kdc = true

#kinit administrator
Password for administrator@xxxxxxxxxxxxx:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@xxxxxxxxxxxxx

Valid starting     Expires            Service principal
07/25/17 11:37:41  07/25/17 21:37:41 krbtgt/MYDOMAIN.HTFT@xxxxxxxxxxxxx
        renew until 07/26/17 11:37:32


# /usr/local/samba/bin/samba-tool domain join mydomain.htft DC -U"MYDOMAIN.HTFT\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'mydomain.htft'
Found DC dc2.mydomain.htft
Password for [MYDOMAIN.HTFT\administrator]:
workgroup is MYDOMAIN
realm is mydomain.htft
Adding CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Adding CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hftne t,DC=htft Adding CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi guration,DC=mydomain,DC=htft
Adding SPNs to CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Setting account password for DC3$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=mydomain,DC=htft
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[402/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[804/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1206/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1608/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1633/1633] linked_values[50/0]
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Deleted CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=htft Deleted CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=htft ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.') File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1253, in join_DC
    ctx.do_join()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1153, in do_join
    ctx.join_replicate()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 896, in join_replicate
    replica_flags=ctx.domain_replica_flags)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", line 254, in replicate
    (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

It looks like it almost finished the join.
any idea?

Thanks
Allen


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba