Web lists-archives.com

Re: [Samba] Problem joining a samba Dc to a winbdows domain




On Thu, 2018-06-21 at 18:46 +0100, Rowland Penny via samba wrote:
> On Thu, 21 Jun 2018 12:02:41 -0400 (EDT)
> Tom Diehl via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > Hi,
> > 
> > I am trying to join a self compiled samba 4.8.2 DC to an existing
> > Windows domain using
> > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory#Joining_the_Active_Directory_as_a_Domain_Controller
> > as instructions.
> > 
> > The smb.conf looks like the following:
> > 
> > [global]
> >      netbios name = PHT-VDC1
> >      realm = EXAMPLE.COM
> >      server role = active directory domain controller
> >      server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = EXAMPLE
> > 
> > [netlogon]
> >      path = /usr/local/samba/var/locks/sysvol/example.com/scripts
> >      read only = No
> > 
> > [sysvol]
> >      path = /usr/local/samba/var/locks/sysvol
> >      read only = No
> > 
> > The above was generated by the following samba-tool command line:
> > samba-tool domain join example.com DC -U"example\admin"
> > --dns-backend=BIND9_DLZ
> > 
> > When I run samba-tool I get the following output:
> > (pht-vdc1 pts10) # samba-tool domain join example.com DC
> > -U"example\admin" --dns-backend=BIND9_DLZ Finding a writeable DC for
> > domain 'example.com' Found DC PHT1.example.com
> > Password for [EXAMPLE\admin]:

....

> > Partition[CN=Configuration,DC=example,DC=com] objects[804/7722]
> > linked_values[0/355] ...
> > Partition[CN=Configuration,DC=example,DC=com] objects[6376/7722]
> > linked_values[0/355] Partition[CN=Configuration,DC=example,DC=com]
> > objects[6510/7722] linked_values[12/355] Replicating critical objects
> > from the base DN of the domain Partition[DC=example,DC=com]
> > objects[105/156] linked_values[42/388] Partition[DC=example,DC=com]
> > objects[296/7902] linked_values[1/388] Partition[DC=example,DC=com]
> > objects[466/7902] linked_values[72/388] Failed to commit objects: DOS
> > code 0x000021bf Join failed - cleaning up
> 
> This is where it seems to fail and 0x000021bf is this:
> 
> The replication operation failed because the target object referenced
> by a link value is recycled.
> 
> So it might be an idea to check the DC you are trying to join to.

Thanks Rowland,

What is happening here is that Samba is trying to find the end of a
link that it has been given, so as to be able to set the backlink. 
This used to just result in the backlink being dropped, and now we have
fixed that (never dropping the link).  However it seems that goes a bit
wrong here against Windows.

The reason this works with 4.7 is that the backlink is just ignored and
dropped in this case.

I've CC'ed Tim Beale who was the developer of that code, who may have
some insights. 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba