Web lists-archives.com

Re: [Samba] Samba 4.3.11 join an exiting windows AD failed with timeout




On Tue, 2018-10-16 at 18:16 +0000, Ming Li via samba wrote:
> Hello,
> 
> I built a DNS and AD in windows 2012 as PDC, and would like to setup a BDC in linux. I followed this link https://www.server-world.info/en/note?os=Ubuntu_18.04&p=samba&f=7 . But got below error. Any ides would be appreciated.
> 
> $ samba-tool domain join xxx.com DC -U "xxx\administrator" --dns-backend=SAMBA_INTERNAL
> 
> Finding a writeable DC for domain 'xxx.com'
> Found DC DCPR1.xxx.com
> Password for [XXX\administrator]:
> workgroup is XXX
> realm is xxx.com
> checking sAMAccountName
> Adding CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com
> Adding CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com
> Adding CN=NTDS Settings,CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com
> Join failed - cleaning up
> checking sAMAccountName
> Deleted CN=UBUNTUBDC,OU=Domain Controllers,DC=xxx,DC=com
> Deleted CN=UBUNTUBDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=xxx,DC=com
> ERROR(runtime): uncaught exception - (-1073741643, '{Device Timeout} The specified I/O operation on %hs was not completed before the time-out period expired.')
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 621, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1170, in join_DC
>     ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1073, in do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 562, in join_add_objects
>     ctx.join_add_ntdsdsa()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 495, in join_add_ntdsdsa
>     ctx.DsAddEntry([rec])
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 432, in DsAddEntry
>     (level, ctr) = ctx.drsuapi.DsAddEntry(ctx.drsuapi_handle, 2, req2)

I would check you have firewall access to the high DCE/RPC port uses
for DRSUAPI, and that your windows server is happy in general. 

Is there a specific reason you are adding this additional DC?  I
suspect the domain isn't working correctly already. 

Finally, I would note that long-term windows/samba domains are
supported, but rare.  I would encourage a full migration if you intend
this to be in production long-term.

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba