I am trying to connect a Samba4 directory on a Centos7 machine to an existing Active Directory running with a functional level Win Server 2012 R2 using this guide.
Running the command "samba-tool domain join INTERNAL.GSFASTENERS.COM DC -U"INTERNAL\administrator" --dns-backend=SAMBA_INTERNAL" fails. The following is the output produced with log level = 1:
=========================================================================
Finding a writeable DC for domain 'internal.gsfasteners.com'
Found DC Doc.internal.gsfasteners.com
Password for [INTERNAL\administrator]:
workgroup is INTERNAL
realm is internal.gsfasteners.com
Adding CN=MYSERVER,OU=Domain Controllers,DC=internal,DC=gsfasteners,DC=com
Adding CN=MYSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=internal,DC=gsfasteners,DC=com
Adding CN=NTDS Settings,CN=MYSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=internal,DC=gsfasteners,DC=com
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 'WERR_DS_INCOMPATIBLE_VERSION')
Join failed - cleaning up
Could not find machine account in secrets database: Failed to fetch machine account password for INTERNAL from both secrets.ldb (Could not find entry to match filter: '(&(flatname=INTERNAL)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4576) and from /usr/local/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=MYSERVER,OU=Domain Controllers,DC=internal,DC=gsfasteners,DC=com
Deleted CN=MYSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=internal,DC=gsfasteners,DC=com
ERROR(runtime): uncaught exception - DsAddEntry failed
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1269, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 1175, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 614, in join_add_objects
ctx.join_add_ntdsdsa()
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 545, in join_add_ntdsdsa
ctx.DsAddEntry([rec])
File "/usr/local/samba/lib64/python2.7/site-packages/samba/join.py", line 496, in DsAddEntry
raise RuntimeError("DsAddEntry failed")
=========================================================================
Here is my smb.conf setup:
=========================================================================
workgroup = INTERNAL
server string = Daffy Duck 2
realm = INTERNAL.GSFASTENERS.COM
; printcap name = /etc/printcap
; load printer = no
; printing = cups
log file = /var/log/samba/smbd.log
log level = 1
; log level = 2 passdb:5
max log size = 0
security = user
encrypt passwords = yes
; unix password sync = Yes
; passwd program = /usr/bin/passwd %u
; passwd chat = *New*password* %n\n *Retype*new*password* %n\n *passwd:*all*authentication*tokens*updated*successfully*
; pam password change = yes
; username map = /etc/samba/smbusers
obey pam restrictions = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
; remote browse sync = 192.168.101.1 192.168.101.255
; remote announce = 192.168.101.1 192.168.101.255 192.168.1.255
local master = no
os level = 75
domain master = no
; preferred master = no
; wins support = yes
name resolve order = bcast host
; wins proxy = yes
dns proxy = no
; preserve case = yes
; default case = lower
; case sensative = no
; unix extensions = no
follow symlinks = yes
wide links = yes
netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
interfaces = 192.168.1.11/24
; hosts allow = 127. 192.168.12. 192.168.13.
max protocol = SMB2
=========================================================================
And /etc/krb5.conf
=========================================================================
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
dns_lookup_kdc = true
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
#default_realm = EXAMPLE.COM
default_realm = INTERNAL.GSFASTENERS.COM
default_ccache_name = KEYRING:persistent:%{uid}
#[realms]
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[realms]
INTERNAL.GSFASTENERS.COM = {
kdc = INTERNAL.GSFASTENERS.COM
admin_server = INTERNAL.GSFASTENERS.COM
}
[domain_realm]
.gsfasteners.com = INTERNAL.GSFASTENERS.COM
gsfasteners.com = INTERNAL.GSFASTENERS.COM
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
=========================================================================
And /etc/hosts
=========================================================================
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.4 Doc.internal.gsfasteners.com Doc
=========================================================================
Again, I am trying to setup this samba4 as a second domain controller for a windows active directory. Any ideas?
Samba4 as new Domain Controller
-
hunter86_bg
- Posts: 2019
- Joined: 2015/02/17 15:14:33
- Location: Bulgaria
- Contact:
Re: Samba4 as new Domain Controller
Maybe you should check here , just to be sure that you have not missed something.
Re: Samba4 as new Domain Controller
I'll take a look at it some more but everything looks in place so far. I think the problem is mainly in this linehunter86_bg wrote:Maybe you should check here , just to be sure that you have not missed something.
DsAddEntry failed with status (5, 'WERR_ACCESS_DENIED') info (8567, 'WERR_DS_INCOMPATIBLE_VERSION')
but I'm running out of options on how to go about solving the problem.