Web lists-archives.com

Re: [Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain




It seems I'm talking to myself... anyway another test here:

Added the existing DC IP config to /etc/hosts and the join now shows a more explicit LDAP error:

---
Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed (Preauthentication failed) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <> Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <>
---

The Administrator password is correct (the SRVAD-NEW computer account is created on existing DC, then removed after fail).

What shall I do now?



New test config:

root@srvad-old:~# cat /etc/hosts
127.0.0.1       localhost
10.0.3.90       srvad-old.samdom.local srvad-old
10.0.3.100      srvad-new.samdom.local   srvad-new

root@srvad-new:~# samba-tool domain join samdom.local DC -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo eth_lan" --option="bind interfaces only=yes" -d3

lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2187] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1800/2187] linked_values[20/20] Replicated 191 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1607] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1607] linked_values[0/0]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[903/1607] linked_values[0/0]
Replicated 105 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Join failed - cleaning up
ldb_wrap open of secrets.ldb
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Wrong username or password: kinit for SRVAD-NEW$@SAMDOM.LOCAL failed (Preauthentication failed)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/SRVAD-OLD.SAMDOM.LOCAL failed (next[ntlmssp]): NT_STATUS_LOGON_FAILURE
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Failed to bind - LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <> Failed to connect to 'ldap://SRVAD-OLD.SAMDOM.LOCAL' with backend 'ldap': LDAP error 49 LDAP_INVALID_CREDENTIALS - <8009030C: LdapErr: DSID-0C0904D0, comment: AcceptSecurityContext error, data 52e, v1db0> <>
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records
    dns_partition=domaindns_zone_dn)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup
    dns_partition=dns_partition)




Il 01/03/2018 11:58, Claudio Nicora ha scritto:
Tested again to join, now clearing both Kerberos, Samba config and Samba private folder. The new log now has some more details (resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>), but I'm still not able to join.
Wonder why is it trying to do an lmhosts lookup, 4.6 is not.

An identical server (with same hostname and IP) with Samba 4.6 joins without issues (except for the need to manually create the DNS entries). NOTE: I'm testing the join with VirtualBox VMs so it's easy for me to get back to the same initial conditions.

NOTE: I'd like to use Samba 4.7 instead of 4.6 because of this warning in Samba wiki https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Verifying_the_DNS_Entries : "If you join a Samba DC that runs Samba 4.7 and later, samba-tool created all required DNS entries automatically. To manually create the records on an earlier version, see Verifying and Creating a DC DNS Record."

Here you are both logs: 4.7.4 (fail) and 4.6.7 (success).
Hope someone can help me...

=============================
Test environment
=============================
Domain:      SAMDOM.LOCAL
Existing DC: Win2008R2,   Hostname: SRVAD-OLD, IP: 10.0.3.90
New DC:      Samba 4.7.4, Hostname: SRVAD-NEW, IP: 10.0.3.100

=============================
Samba 4.7.4
=============================
root@srvad-new:~# rm -fr /etc/krb5.conf /etc/samba/smb.conf /var/lib/samba/private/*

root@srvad-new:~# samba-tool domain join samdom.local DC -U"administrator" -d3
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2173] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1809/2173] linked_values[20/20] Replicated 200 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[2/2]
Replicated 97 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[395/1587] linked_values[0/2]
Replicated 298 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[797/1587] linked_values[0/2]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[911/1587] linked_values[2/2]
Replicated 114 objects (2 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Discarding older DRS linked attribute update to member on CN=Enterprise Admins,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS linked attribute update to member on CN=Domain Users,CN=Users,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records
    dns_partition=domaindns_zone_dn)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup
    dns_partition=dns_partition)


=============================
Samba 4.6.7
=============================
root@srvad-new:~# samba-tool domain join samdom.local DC -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo eth_lan" --option="bind interfaces only=yes" -d3

GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
Password for [WORKGROUP\Administrator]:
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Netlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> cli_credentials(WORKGROUP\Administrator) without realm, cannot use kerberos for this connection ldap/SRVAD-OLD.SAMDOM.LOCAL
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1554] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1554] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/1995] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1755/1995] linked_values[20/20] Replicated 146 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1280] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1280] linked_values[0/0]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[855/1280] linked_values[0/0]
Replicated 57 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[93/93] linked_values[0/0] Replicated 93 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
See /var/lib/samba/private/named.conf for an example configuration include file for BIND and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates Joined domain SAMDOM (SID S-1-5-21-299502267-616249376-1417001333) as a DC


Il 26/02/2018 11:33, Claudio Nicora ha scritto:
Thanks for the time you're dedicating to solving my issue.

Is your WORKGROUP really the same as your dnsdomain ?
So, the command should be:
samba-tool domain join samdom.local DC -U Administrator --dns-backend=BIND9_DLZ --verbose -d3

I've replaced log sensitive data before posting it (replacing real domain name with SAMDOM), but replace was case-insensitive so everything became uppercase.
I'm attaching the correct log below, sorry for the confusion.
Anyway I've already tried either -U"SAMDOM.LOCAL\Administrator", -U"SAMDOM\Administrator" and -U Administrator and all of them fail with the same result.

Additional info: before testing Sabma 4.7.4, I've tested to join previous Samba version server (Ubuntu 17.10, Samba 4.6.7) and it worked.

Here's the new log (with case-preserved replacement), together with other required files:

=========================================
root@srvad-new:~# samba-tool domain join samdom.local DC -U"Administrator" --dns-backend=BIND9_DLZ --option="interfaces=lo eth_lan" --option="bind interfaces only=yes" -d3

lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Finding a writeable DC for domain 'samdom.local'
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.samdom.local<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Adding CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Adding CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Adding CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding SPNs to CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Setting account password for SRVAD-NEW$
Enabling account
Adding DNS account CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL with dns/ SPN
Setting account password for dns-SRVAD-NEW
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null) A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=SAMDOM,DC=LOCAL
Starting replication
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/1557] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1553/1557] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectClass on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectVersion on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to showInAdvancedViewOnly on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to name on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to objectCategory on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to schemaInfo on CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Replicated 1553 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[402/2508] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[804/2508] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1206/2508] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1608/2508] linked_values[0/20] Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL Partition[CN=Configuration,DC=SAMDOM,DC=LOCAL] objects[1833/2508] linked_values[20/20] Replicated 224 objects (20 linked attributes) for CN=Configuration,DC=SAMDOM,DC=LOCAL
Replicating critical objects from the base DN of the domain
Partition[DC=SAMDOM,DC=LOCAL] objects[97/169] linked_values[0/0]
Replicated 97 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[396/1918] linked_values[0/0]
Replicated 299 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[798/1918] linked_values[0/0]
Replicated 399 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Partition[DC=SAMDOM,DC=LOCAL] objects[936/1918] linked_values[0/0]
Replicated 138 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL] objects[21/21] linked_values[0/0] Replicated 21 objects (0 linked attributes) for DC=DomainDnsZones,DC=SAMDOM,DC=LOCAL
Replicating DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL
Partition[DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL] objects[94/94] linked_values[0/0] Replicated 94 objects (0 linked attributes) for DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL Exop on[CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL] objects[3] linked_values[0] Discarding older DRS attribute update to objectClass on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to whenCreated on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to showInAdvancedViewOnly on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to nTSecurityDescriptor on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to name on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to fSMORoleOwner on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from 19f8865f-929c-4aa1-a8fb-bb23c80b9cd0 Discarding older DRS attribute update to systemFlags on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectCategory on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to isCriticalSystemObject on CN=RID Manager$,CN=System,DC=SAMDOM,DC=LOCAL from a9e55326-e32f-4da3-8baa-8cf29cbafded Discarding older DRS attribute update to objectClass on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to whenCreated on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to displayName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to nTSecurityDescriptor on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to name on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to userAccountControl on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to codePage on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to countryCode on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dBCSPwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to localPolicyFlags on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to logonHours on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to unicodePwd on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to ntPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to pwdLastSet on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to primaryGroupID on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to supplementalCredentials on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectSid on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to accountExpires on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to lmPwdHistory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to sAMAccountType on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to dNSHostName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to servicePrincipalName on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to objectCategory on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to isCriticalSystemObject on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869 Discarding older DRS attribute update to msDS-SupportedEncryptionTypes on CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL from 5129d5e2-1df1-4299-bede-1eed9ff37869
Replicated 3 objects (0 linked attributes) for DC=SAMDOM,DC=LOCAL
Committing SAM database
Adding 1 remote DNS records for SRVAD-NEW.SAMDOM.LOCAL
Using binding ncacn_ip_tcp:SRVAD-OLD.SAMDOM.LOCAL[,sign]
resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20> resolve_lmhosts: Attempting lmhosts lookup for name SRVAD-OLD.SAMDOM.LOCAL<0x20>
Adding DNS A record SRVAD-NEW.SAMDOM.LOCAL for IPv4 IP: 10.0.3.100
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for SAMDOM from both secrets.ldb (Could not find entry to match filter: '(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=RID Set,CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL
Deleted CN=dns-SRVAD-NEW,CN=Users,DC=SAMDOM,DC=LOCAL
Deleted CN=NTDS Settings,CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL Deleted CN=SRVAD-NEW,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=SAMDOM,DC=LOCAL ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records
    dns_partition=domaindns_zone_dn)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup
    dns_partition=dns_partition)



root@srvad-new:~# cat /etc/hosts
127.0.0.1       localhost
10.0.3.90       srvad-old.samdom.local  srvad-old
10.0.3.100      srvad-new.samdom.local  srvad-new

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters


root@srvad-new:~# cat /etc/hostname
srvad-new.samdom.local  (---> also tried with "srvad-new" only)


root@srvad-new:~# cat /etc/resolv.conf
nameserver 10.0.3.90
search samdom.local
=======================








Il 25/02/2018 14:30, Rowland Penny via samba ha scritto:
On Sun, 25 Feb 2018 12:28:39 +0100
Claudio Nicora via samba <samba@xxxxxxxxxxxxxxx> wrote:

Tried again to join, now with full cleanup of /var/lib/samba/private
folder on new server... same error.

Anyone have an idea of what's going wrong?


============================================================
root@SRVAD-NEW:~# samba-tool domain join SAMDOM.LOCAL DC
-U"SAMDOM.LOCAL\Administrator" --dns-backend=BIND9_DLZ
--option="interfaces=eth_lan" --verbose -d3

Is your WORKGROUP really the same as your dnsdomain ?


Finding a writeable DC for domain 'SAMDOM.LOCAL'
resolve_lmhosts: Attempting lmhosts lookup for name
_ldap._tcp.SAMDOM.LOCAL<0x0>
Found DC SRVAD-OLD.SAMDOM.LOCAL
resolve_lmhosts: Attempting lmhosts lookup for name
SRVAD-OLD.SAMDOM.LOCAL<0x20>
Password for [SAMDOM.LOCAL\Administrator]:
workgroup is SAMDOM
realm is SAMDOM.LOCAL
Seemingly not ;-)

So, the command should be:

samba-tool domain join samdom.local DC -U Administrator
--dns-backend=BIND9_DLZ --verbose -d3

Can you post your /etc/hosts and /etc/resolv.conf files

Can you also tell us the ipaddresses of the original DC and the new DC

Rowland





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba