Re: [Samba] Error joining Samba 4.7.4 DC to existing Win2008R2 domain

If I create SRVAD-NEW DNS record manually, under samdom.local zone, this is what I see with adsiedit:

distinguishedName: DC=SRVAD-NEW,DC=samdom.local,CN=MicrosoftDNS,DC=ForestDnsZones,DC=SAMDOM,DC=LOCAL

In "Active Directory Users and Computers" under "Domain Controllers" I see this object (that disappears after failure):

distinguishedName: CN=SRVAD-NEW,OU=Domain Controllers,DC=SAMDOM,DC=LOCAL

> Garming asked you to see if you could locate
> where the records got put the records by hand

Sorry, I can't understand what you mean with "if you could locate where the records got put"... Are you're asking me to create the DNS record by hand with RSAT on SRVAD_OLD, then run samba-tool join again? If so, yes I've tried to create the record manually and re-run samba-tool with the same error.

Sorry for the misunderstand

I'm still focusing on log lines after the failure:

--- no SRVAD-OLD address in /etc/hosts ---
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch
machine account password for SAMDOM from both secrets.ldb (Could not
find entry to match filter:
'(&(flatname=SAMDOM)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4636) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
This isn't it.  The things after the failure are not the issue, they
are happening in the unwind.

You can see the real failure in the backtrace, where it fails to find
the records using our DNS client library for LDAP (yes, a very strange

As Garming said, the issue is that Samba can't find the DNS records on
your AD DC over LDAP, having just added them via RPC.

This code is a bit tricky, and I thought I had it right, but clearly
that isn't the case.  Garming asked you to see if you could locate
where the records got put the records by hand.


Andrew Bartlett

