Web lists-archives.com

[Samba] join samba 4.5.12 to samba 4.1.13 failed

Hi there,

I have 2 DC servers(samba 4.1.13) working for more than 1 year.
When I join samba 4.5.12 to the domain, it fails on this error:
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft

2 existing DCs: DC1 and DC2, CentOS 6.2 32bit, compiled Samba 4.1.13
1 new DC: DC3, Centos 6.8 64bit, compiled Samba 4.5.12
DNS settings: samba 4 internal DNS.
Windows clients use conpany DNS servers which forward AD zone to AD servers

What I did on the new DC DC3:
# tar xvf samba-4.5.12.tar
# cd samba-4.5.12
# ./configure --prefix=/usr/local/samba
# make
# make install

# cat /etc/hosts localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 dc3.mydomain.htft dc3

# cat /etc/krb5.conf
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log
 default_realm = MYDOMAIN.HTFT
 dns_lookup_realm = false
 dns_lookup_kdc = true

#kinit administrator
Password for administrator@xxxxxxxxxxxxx:
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator@xxxxxxxxxxxxx

Valid starting     Expires            Service principal
07/25/17 11:37:41  07/25/17 21:37:41 krbtgt/MYDOMAIN.HTFT@xxxxxxxxxxxxx
        renew until 07/26/17 11:37:32

# /usr/local/samba/bin/samba-tool domain join mydomain.htft DC -U"MYDOMAIN.HTFT\administrator" --dns-backend=SAMBA_INTERNAL
Finding a writeable DC for domain 'mydomain.htft'
Found DC dc2.mydomain.htft
Password for [MYDOMAIN.HTFT\administrator]:
workgroup is MYDOMAIN
realm is mydomain.htft
Adding CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Adding CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hftne t,DC=htft Adding CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi guration,DC=mydomain,DC=htft
Adding SPNs to CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Setting account password for DC3$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=mydomain,DC=htft
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=htft] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=mydomain,DC=htft] objects[402/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[804/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1206/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1608/1633] linked_values[0/0] Partition[CN=Configuration,DC=mydomain,DC=htft] objects[1633/1633] linked_values[50/0]
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=htft] objects[98/98] linked_values[33/0]
Join failed - cleaning up
Deleted CN=DC3,OU=Domain Controllers,DC=mydomain,DC=htft
Deleted CN=NTDS Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=htft Deleted CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=htft ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.') File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 652, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1253, in join_DC
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1153, in do_join
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 896, in join_replicate
File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", line 254, in replicate
    (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)

It looks like it almost finished the join.
any idea?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba