Re: [Samba] Samba 4.1 LDAP error joining domain as DC

[Pete Storkey]

I tried joining the domain as a member, which worked. I then tried to promote 
the server to a DC using "samba-tool domain dcpromo" but it failed with the 
same error:

ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  
<0000052D: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0
> <>
 File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 
175, in _run
   return self.run(*args, **kwargs)
 File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", 
line 482, in run
   promote_existing=True)
 File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
1169, in join_DC
   ctx.do_join()
 File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
1072, in do_join
   ctx.join_add_objects()
 File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 616, 
in join_add_objects
   ctx.samdb.add(msg)

Pete

On Sep 28, 2013, at 12:19 PM, Pete Storkey <pstor...@shaw.ca> wrote:

>       
> Fresh download of Samba 4.1 RC4 source code. Simple build:
> 
> ./configure
> make
> make install
> 
> Trying to join an existing domain as a domain controller. The domain and 
> forest are both Windows 2008 R2 operational level. There is a single Windows 
> Server 2012 DC.
> 
> Running the following command to join:
> 
> # samba-tool domain join mydomain.com DC -d3 -Umydomain.com\\administrator 
> --dns-backend=BIND9_DLZ
> 
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'sasl-DIGEST-MD5' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Finding a writeable DC for domain 'mydomain.com'
> Found DC win-server.mydomain.com
> Password for [mydomain.com\administrator]:
> workgroup is MYDOMAIN
> realm is mydomain.com
> checking sAMAccountName
> Adding CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com
> Adding 
> CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Adding CN=NTDS 
> Settings,CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Using binding ncacn_ip_tcp:win-server.mydomain.com[,seal]
> Adding SPNs to CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com
> Setting account password for smb-server$
> Enabling account
> Adding DNS account CN=dns-smb-server,CN=Users,DC=mydomain,DC=com with dns/ SPN
> Join failed - cleaning up
> checking sAMAccountName
> Deleted CN=smb-server,OU=Domain Controllers,DC=mydomain,DC=com
> Deleted CN=NTDS 
> Settings,CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> Deleted 
> CN=smb-server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
> ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -  
> <0000052D: SvcErr: DSID-031A129B, problem 5003 (WILL_NOT_PERFORM), data 0
>> <>
>  File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 175, in _run
>    return self.run(*args, **kwargs)
>  File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py", line 
> 552, in run
>    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 1169, in join_DC
>    ctx.do_join()
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 1072, in do_join
>    ctx.join_add_objects()
>  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 
> 616, in join_add_objects
>    ctx.samdb.add(msg)
> 
> Anyone have any ideas?
> 
> Thanks,
> 
> Pete
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba