Problem installing dcsamba4 on an existing Windows AD domain

Come here to share your tips and tricks for using Samba4
Locked
eckeagle
Messages: 4
Registration: December 27, 2017 - 5:39 PM

December 27, 2017 - 5:55 PM

Good morning

I have an Active Directory domain running on Windows Server 2012 R2, so the forest functional level is on Windows Server 2008 and the domain functional level is on Windows Server 2008 R2

I followed your tutorial https://dev.tranquil.it/wiki/SAMBA_-_In ... secondary To add a Debian 9 Samba 4 DC at the time of joining, it gives me these:

Code: Select all

Adding 1 remote DNS records for ECKBADEB.kenneagle.lan
Adding DNS A record ECKBADEB.kenneagle.lan for IPv4 IP: 192.168.100.3
Join failed - cleaning up
Deleted CN=RID Set,CN=ECKBADEB,OU=Domain Controllers,DC=kenneagle,DC=lan
Deleted CN=ECKBADEB,OU=Domain Controllers,DC=kenneagle,DC=lan
Deleted CN=NTDS Settings,CN=ECKBADEB,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=kenneagle,DC=lan
Deleted CN=ECKBADEB,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=kenneagle,DC=lan
ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1384, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1116, in join_add_dns_records
    dns_partition=domaindns_zone_dn)
  File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 939, in dns_lookup
    dns_partition=dns_partition)
Can you help me, thank you in advance?
High
eckeagle
Messages: 4
Registration: December 27, 2017 - 5:39 PM

December 28, 2017 - 12:12

Good morning

After retesting, I managed to connect my Samba4 domain controller to my existing Active Directory domain

The directory is replicated correctly, but not DNS and sysvol:
for dns

Code: Select all

root@eckbadeb:/home/nicoket# samba_dnsupdate --use-samba-tool --rpc-server-ip=192.168.1.78
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
ERROR(runtime): uncaught exception - (-1073741790, '{Access Denied} A process has requested access to an object but has not been granted those access rights.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 935, in run
    0, server, zone, name, add_rec_buf, None)
Failed update of 24 entries

Code: Select all

samba-tool ntacl sysvolcheck ERROR(<type 'exceptions.TypeError'>): uncaught exception - (2, 'No such file or directory')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 270, in run
    lp)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1723, in checksysvolacl
    direct_db_access)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1659, in check_gpos_acl
    direct_db_access=direct_db_access, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 81, in getntacl
    xattr.XATTR_NTACL_NAME)

Code: Select all

root@eckbadeb:/home/nicoket# samba-tool ntacl sysvolresetopen: error=2 (No such file or directory)
ERROR(runtime): uncaught exception - (-1073741823, '{Operation Failed} The requested operation was unsuccessful.')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/ntacl.py", line 239, in run
    lp, use_ntvfs=use_ntvfs)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1609, in setsysvolacl
    set_gpos_acl(sysvol, dnsdomain, domainsid, domaindn, samdb, lp, use_ntvfs, passdb=s4_passdb)
  File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 1502, in set_gpos_acl
    use_ntvfs=use_ntvfs, skip_invalid_chown=True, passdb=passdb, service=SYSVOL_SERVICE)
  File "/usr/lib/python2.7/dist-packages/samba/ntacls.py", line 162, in setntacl
    smbd.set_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL, sd, service=service)
Does anyone have any ideas?
High
User avatar
sfonteneau
WAPT Expert
Messages: 2318
Registered: July 10, 2014 - 11:52 PM
Contact :
Contact Sfonteneau

December 29, 2017 - 11:45 AM

The sysvol part is normal.

https://dev.tranquil.it/wiki/SAMBA_-_R% ... age_SYSVOL

With a Syncthing solution on both the Windows and Linux sides, it's certainly doable, but it will require some adjustments!

Regarding DNS, could you specify the IP address of the Windows Active Directory and the Samba 4 server?
High
eckeagle
Messages: 4
Registration: December 27, 2017 - 5:39 PM

January 2, 2018 - 5:57 PM

Hello,

thank you for your reply.

The sysvol problem is understood and resolved.

Regarding DNS,

my Windows server is on IP address 192.168.1.78 and
my Linux server is on IP address 192.168.100.3.

After further testing, I completely rebuilt the server.
The connection only works if the option "To all servers running on domain controllers in this domain: mydomain.lan" is checked. Is this a server problem?
And DNS synchronization still doesn't work.
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

January 15, 2018 - 1:21 PM

eckeagle wrote: Dec 27, 2017 - 5:55 PM Hello,

I have an AD domain running on Windows Server 2012 R2, so the forest functional level is on Windows Server 2008 and the domain functional level is on Windows Server 2008 R2.

I followed your tutorial https://dev.tranquil.it/wiki/SAMBA_-_In ... secondary to add a Debian 9 Samba4 DC, but during the join process, it gives me these results:
Even though the forest level is 2k8r2, the Win2k12 server adds specific features that aren't compatible with Samba-AD (at least that was true 5-6 months ago). There have been commits posted to the mailing list to resolve this issue and add support for 2k12 schemas (I'm referring to schemas here, not silo functions, FAST, etc.).
It is better to do the test with a win2k8r2, or wait for Samba 4.8 which should probably include these improvements.

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
User avatar
dcardon
WAPT Expert
Messages: 1932
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

January 15, 2018 - 1:27 PM

eckeagle wrote: January 2, 2018 - 5:57 PM For DNS,

my Windows server is on IP 192.168.1.78
and my Linux server is on IP 192.168.100.3.

After further testing, I completely rebuilt the server.
The connection only works if the option "to all servers running on domain controllers in this domain: mydomain.lan" is checked. Server problem???
And DNS synchronization still doesn't work.
I just joined a Windows Server 2008 R2 Active Directory to my Samba-AD domain running version 4.7.4. I'm having a problem replicating DNS zones (in fact, the KCC didn't even create the corresponding `repsfrom` and `repsto` records). It must be a regression, or there's something wrong with my `DC=DomainDNSZones` and `DC=ForestDNSZones` partitions. The other partitions are working fine... It's worked in the past, although mixed Samba/MS domains aren't recommended. I'll take another look this afternoon if I have time.

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
eckeagle
Messages: 4
Registration: December 27, 2017 - 5:39 PM

January 15, 2018 - 11:19 PM

I was starting to suspect it was coming from Network Manager. Yes, I installed the GNOME interface, but I don't know what to recommend
High
Locked

Return to "Tips and Tricks"


  • To go further with WAPT