Web lists-archives.com

Re: [Samba] Domain join issues - 4.9.0




On Tue, 13 Nov 2018 at 21:26, Rowland Penny via samba
<samba@xxxxxxxxxxxxxxx> wrote:
>
> On Tue, 13 Nov 2018 20:55:08 +0000
> Jonathan Hunter via samba <samba@xxxxxxxxxxxxxxx> wrote:
>
> > After running the following:
> > $ sudo samba-tool domain join mydomain.org DC -U myadmin --site=mysite
> > --server=dc3
> > all seems well, until:
> > [...]
> > Setting up secrets.ldb
> > Setting up the registry
> > Setting up the privileges database
> > Setting up idmap db
> > Setting up SAM db
> > Setting up sam.ldb partitions and settings
> > Setting up sam.ldb rootDSE
> > Pre-loading the Samba 4 and AD schema
> > Unable to determine the DomainSID, can not enforce uniqueness
> > constraint on local domainSIDs
> > [... and also ...]
> > Replicating critical objects from the base DN of the domain
> > Partition[DC=mydomain,DC=org] objects[99/99] linked_values[28/28]
> > Partition[DC=mydomain,DC=org] objects[501/886] linked_values[0/61]
> > Partition[DC=mydomain,DC=org] objects[903/886] linked_values[0/718]
> > ../lib/ldb/ldb_tdb/ldb_index.c:2352: duplicate attribute value in
> > CN=somePC,OU=someOU,OU=Computers,OU=mysite,DC=mydomain,DC=org for
> > index on servicePrincipalName, duplicate of objectGUID
> > 00000000-1111-2222-3333-444444444444 in
> > @INDEX:SERVICEPRINCIPALNAME:RESTRICTEDKRBHOST/SOMEPC
> > [lots of these]
>
> I think you may be running into this bug:
>
> https://bugzilla.samba.org/show_bug.cgi?id=8929
>
> You may have duplicate SPN's e.g. one 'HOST/somePC' and another
> 'host/somepc'

You could well be right, thank you. It's entirely possible - my domain
has been upgraded through various samba versions so that might be the
case.

Looks like this is an old bug, so I am guessing that a) it isn't
likely to be fixed imminently, and b) until I can get rid of the
duplicate entries somehow, I won't be able to join any DCs back into
my domain...

> Also there were several problems with 4.9.0, so I would rapidly upgrade
> to 4.9.2

I did check the release notes and couldn't see anything critical for
my environment at the time, but I may well have missed something - so
am upgrading now and will try again.

The other message that worried me was the one about "Unable to
determine the DomainSID", I don't know what is causing that... (or if
indeed it would be a problem)

Many thanks as always,

Jonathan

-- 
"If we knew what it was we were doing, it would not be called
research, would it?"
      - Albert Einstein

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba