Scenario :
Primary Domain Controller - Windows 2012 Standard Edition
Backup Domain Controller - Zentyal (64bit) version 3.0-2
We have Active Directory and DNS setup already on Windows 2012, we will take advantage of Zentyal's squid proxy and authenticate it with our Windows 2012, adding a Windows 2012 Server poses a challenge, here is what zentyal.log says :
2013/04/03 20:59:16 INFO> Provision.pm:696 EBox::Samba::Provision::checkAddress - The DC JTY-SRV01.JANTY.LOCAL has been resolved to 192.168.2.46
2013/04/03 20:59:16 INFO> Provision.pm:699 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.2.46'...
2013/04/03 20:59:16 INFO> Provision.pm:720 EBox::Samba::Provision::checkAddress - The IP address 192.168.2.46 has been resolved to jty-srv01.janty.local
2013/04/03 20:59:16 INFO> Provision.pm:622 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.2.46' is online...
2013/04/03 20:59:16 INFO> Provision.pm:732 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2013/04/03 20:59:16 INFO> Provision.pm:641 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2013/04/03 20:59:16 INFO> Provision.pm:800 EBox::Samba::Provision::__ANON__ - Checking clock skew with AD server...
2013/04/03 20:59:16 INFO> Provision.pm:821 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enought.
2013/04/03 20:59:16 INFO> Provision.pm:541 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2013/04/03 20:59:16 INFO> Provision.pm:588 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2013/04/03 20:59:16 INFO> Provision.pm:760 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2013/04/03 20:59:16 INFO> Provision.pm:862 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2013/04/03 20:59:16 INFO> Provision.pm:870 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2013/04/03 20:59:16 INFO> Provision.pm:887 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2013/04/03 20:59:16 INFO> Provision.pm:986 EBox::Samba::Provision::__ANON__ - Joining to domain 'janty.local' as DC
2013/04/03 20:59:16 INFO> Provision.pm:1003 EBox::Samba::Provision::__ANON__ - Trying to get a kerberos ticket for principal '
Administrator@JANTY.LOCAL'
2013/04/03 20:59:16 INFO> Provision.pm:1012 EBox::Samba::Provision::__ANON__ - Executing domain join
2013/04/03 20:59:17 DEBUG> Provision.pm:1031 EBox::Samba::Provision::__ANON__ - Error joining to domain: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Using binding ncacn_ip_tcp:192.168.2.46[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
ERROR(runtime): uncaught exception - DsAddEntry failed
File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1104, in join_DC
ctx.do_join()
File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1007, in do_join
ctx.join_add_objects()
File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 525, in join_add_objects
ctx.join_add_ntdsdsa()
File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 458, in join_add_ntdsdsa
ctx.DsAddEntry([rec])
File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 421, in DsAddEntry
raise RuntimeError("DsAddEntry failed")
I was wondering what could be wrong or has this been tested in joining with Windows 2012 , we have tested on our VM's and it works fine with Windows 2003
Any help / expertise would be appreciated