Web lists-archives.com

Re: [Samba] Possibly WERR_DS_DRA_ACCESS_DENIED or NT_STATUS_CANT_ACCESS_DOMAIN_INFO




On Thu, 2 May 2019 14:44:18 -0400
James Fowler <fowlerj@xxxxxxxx> wrote:

> I have read that so many times.  I started out with the simple,
> prompted 'samba-tool domain join' and built up from there.
> 
> Version is:
> Samba 4.7.6 from Ubuntu (18.04.2)
> 
> Interesting what happens when I take out --site directive (see below).
> 
> root@DC2:~# samba-tool domain join DOMAIN1.DOMAIN DC
> --username='DOMAIN1\EnterpriseAdminUser' --realm='DOMAIN1.DOMAIN'
> --server='DC1' --dns-backend=BIND9_DLZ --workgroup='DOMAIN1' -d 3
> Password for [DOMAIN1\EnterpriseAdminUser]:
> workgroup is DOMAIN1
> realm is DOMAIN1.DOMAIN
> Adding CN=DC2,OU=Domain Controllers,DC=DOMAIN1,DC=DOMAIN
> Adding
> CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN
> Join failed - cleaning up
> ldb_wrap open of secrets.ldb
> Could not find machine account in secrets database: Failed to fetch
> machine account password for DOMAIN1 from both secrets.ldb (Could not
> find entry to match filter:
> '(&(flatname=DOMAIN1)(objectclass=primaryDomain))' base: 'cn=Primary
> Domains': No such object: dsdb_search
> at ../source4/dsdb/common/util.c:4636) and
> from /var/lib/samba/private/secrets.tdb:
> NT_STATUS_CANT_ACCESS_DOMAIN_INFO Deleted CN=DC2,OU=Domain
> Controllers,DC=DOMAIN1,DC=DOMAIN ERROR(ldb): uncaught exception -
> LDAP error 32 LDAP_NO_SUCH_OBJECT -
> CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN <0000208D: NameErr:
> DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:
> 'CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN'
> > <>  
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py",
> line 661, in run
>     machinepass=machinepass, use_ntvfs=use_ntvfs,
> dns_backend=dns_backend) File
> "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
> join_DC ctx.do_join()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1375, in
> do_join
>     ctx.join_add_objects()
>   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 631, in
> join_add_objects
>     ctx.samdb.add(rec)

I wonder if it is a dns problem ?

can you post the contents of the following files:

/etc/resolv.conf
/etc/hostname
/etc/hosts
/etc/krb5.conf

4.7.6 is EOL as far as Samba is concerned, you can find a later version
here:

http://apt.van-belle.nl/

Is bind9 installed, if so can you post the conf files.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba