Joining Zentyal as an Additional Domain Controller on top of Windows Server 2012

[hlastimosa]

Scenario :

Primary Domain Controller - Windows 2012 Standard Edition
Backup Domain Controller - Zentyal (64bit) version 3.0-2

We have Active Directory and DNS setup already on Windows 2012, we will take advantage of Zentyal's squid proxy and authenticate it with our Windows 2012, adding a Windows 2012 Server poses a challenge, here is what zentyal.log says :


2013/04/03 20:59:16 INFO> Provision.pm:696 EBox::Samba::Provision::checkAddress - The DC JTY-SRV01.JANTY.LOCAL has been resolved to 192.168.2.46
2013/04/03 20:59:16 INFO> Provision.pm:699 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.2.46'...
2013/04/03 20:59:16 INFO> Provision.pm:720 EBox::Samba::Provision::checkAddress - The IP address 192.168.2.46 has been resolved to jty-srv01.janty.local
2013/04/03 20:59:16 INFO> Provision.pm:622 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.2.46' is online...
2013/04/03 20:59:16 INFO> Provision.pm:732 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2013/04/03 20:59:16 INFO> Provision.pm:641 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2013/04/03 20:59:16 INFO> Provision.pm:800 EBox::Samba::Provision::__ANON__ - Checking clock skew with AD server...
2013/04/03 20:59:16 INFO> Provision.pm:821 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enought.
2013/04/03 20:59:16 INFO> Provision.pm:541 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2013/04/03 20:59:16 INFO> Provision.pm:588 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2013/04/03 20:59:16 INFO> Provision.pm:760 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2013/04/03 20:59:16 INFO> Provision.pm:862 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2013/04/03 20:59:16 INFO> Provision.pm:870 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2013/04/03 20:59:16 INFO> Provision.pm:887 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2013/04/03 20:59:16 INFO> Provision.pm:986 EBox::Samba::Provision::__ANON__ - Joining to domain 'janty.local' as DC
2013/04/03 20:59:16 INFO> Provision.pm:1003 EBox::Samba::Provision::__ANON__ - Trying to get a kerberos ticket for principal 'Administrator@JANTY.LOCAL'
2013/04/03 20:59:16 INFO> Provision.pm:1012 EBox::Samba::Provision::__ANON__ - Executing domain join
2013/04/03 20:59:17 DEBUG> Provision.pm:1031 EBox::Samba::Provision::__ANON__ - Error joining to domain: GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x60088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x60088235
 Using binding ncacn_ip_tcp:192.168.2.46[,seal]
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x62898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x60088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x60088235
 ERROR(runtime): uncaught exception - DsAddEntry failed
   File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1104, in join_DC
     ctx.do_join()
   File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1007, in do_join
     ctx.join_add_objects()
   File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 525, in join_add_objects
     ctx.join_add_ntdsdsa()
   File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 458, in join_add_ntdsdsa
     ctx.DsAddEntry([rec])
   File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 421, in DsAddEntry
     raise RuntimeError("DsAddEntry failed")



I was wondering what could be wrong or has this been tested in joining with Windows 2012 , we have tested on our VM's and it works fine with Windows 2003
Any help / expertise would be appreciated

[hammad]

Hi

I'm looking for the same thing (using zentyal as an additional domain controller for a Windows 2012 Active Directory domain. Followed the tutorial at this link http://trac.zentyal.org/wiki/Documentation/Community/Document/MultipleWithWindows However when I start the service I get this error..

Error joining to domain: GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Cannot do GSSAPI to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 Using binding ncacn_ip_tcp:192.168.1.203[,seal] Cannot do GSSAPI to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 ERROR(runtime): uncaught exception - DsAddEntry failed File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1007, in do_join ctx.join_add_objects() File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 525, in join_add_objects ctx.join_add_ntdsdsa() File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 458, in join_add_ntdsdsa ctx.DsAddEntry([rec]) File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 421, in DsAddEntry raise RuntimeError("DsAddEntry failed")

Any help will be appreciated.

Regards
 

[tenacioustechie]

I know this topic is old, did you make any progress with this issue?

Adding Zentyal to an existing Server 2012 domain.

I'm intending to do the same thing, then removing my windows domain controller and leaving just Zentyal in place.

[talkien01]

Same scenario , any updates to this issue??

Error joining to domain: GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Cannot do GSSAPI to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 Using binding ncacn_ip_tcp:192.168.1.3[,seal] Cannot do GSSAPI to an IP address Got challenge flags: Got NTLMSSP neg_flags=0x62898235 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 ERROR(runtime): uncaught exception - DsAddEntry failed File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/opt/samba4/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1172, in join_DC ctx.do_join() File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 1075, in do_join ctx.join_add_objects() File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 541, in join_add_objects ctx.join_add_ntdsdsa() File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 474, in join_add_ntdsdsa ctx.DsAddEntry([rec]) File "/opt/samba4/lib/python2.7/site-packages/samba/join.py", line 437, in DsAddEntry raise RuntimeError("DsAddEntry failed")

[jbahillo]

Hi there:

Perhaps this thread could be useful for you:
https://lists.samba.org/archive/samba-technical/2012-November/089058.html