[SOLVED] Failure to join secondary zentyal domain controller

[rezon]

I have the most up to date version of zentyal running on two servers.  The primary domain controller has been setup and configured and I have successfully joined all of the computers in my lan to that server.  I am quite excited with the quality of control there is with this system.  I originally had an issue joining my computers to the domain because of improper order of steps taken in the original provisioning of the samba kerberos system but I since resolved that.

The current issue I have is in trying to join a secondary domain controller to my system.  I don't find this particularly needed for my limited infrastructure but the learning experience will carry over to a site I am currently administering as they run a previous version of zentyal.

The error I receive when trying to join the secondary domain controller is:
"FATAL: Could not connect to samba LDAP server: connect: No such file or directory"

I have double and triple checked every setting I can think of that might be causing this including the firewall rules for internal networks to zentyal as I noticed the LDAP service was set to deny originally.  I didn't see that setting tweak in any of the documentation I read so I guess I assumed it would be set to allow requests.

I have followed the setup points thrice now to the letter from the following:
http://trac.zentyal.org/wiki/Documentation/Community/Document/MultipleZentyal

By thrice I mean, I tried three times, reinstalling zentyal completely to try each of the following two times.  Reason being, I learned the hard way that if the kerberos provisioning system is not implemented at the right time with all of the hostname and domain name configuration settings the right way and with naming conventions the way you want them, you will be a sad little man trying to figure out why your machines won't connect to the domain properly.

I haven't tried completely setting up all of the DNS records and everything for the secondary server, on the primary server BEFORE I enable the file sharing module for the first time on the PDC.  I can't believe that would be necessary as that seems like an awful lot of re-work just to add a secondary DC.

I have attached the log information from /var/log/zentyal.log if you would like to review the error in more detail.  The bash: syntax error near unexpected token `(' seems relevant but I don't know how to track down the source of that issue.

Any help will be most appreciated.  Thank you for your consideration.

[stc]

Could do with some help with this too as I have the exact same problem on Zentyal 3.2. FYI I have just installed Zentyal 3.0-1 to see if may be an issue with the windows server but it worked and connected as an ADC just fine, it just seems to be 3.2 causing this problem. Somebody please help

[christian]

I looks like quite a lot of you are facing this problem 
What I hardly understand is if this error occurs on secondary controller while trying to connect to local LDAP server (I suppose the "Samba/LDAP" one) or if this occurs while trying to connect to (Samba)LDAP on the primary controller. Or even something else ?

Can't you run some network analysis tool or find some relevant information?

This said, it looks like a bug. Creating ticket may help too 

[rezon]

I have never tried to provision the file sharing as a stand alone controller on my secondary server THEN attempted to connect it to the PDC.  I didn't read anywhere that needed to be done so I assumed the process for adding the secondary controller was:

-Query the PDC
-Login with Domain Admin credentials
-Create provision ticket from kerberos at PDC for Secondary DC
-Allow Secondary DC to access Samba LDAP configuration and users and permit sync
-Secondary DC brings over info from PDC and creates users, computers, shares, etc

These are just assumptions based on what I've seen in the log files, what I've read and what I've seen work and not work.  I can query both servers from one another using Network --> Tool --> Ping/Traceroute and both worked fine.

I'm going to try and analyze the script at: /usr/share/perl5/EBox/LDB.pm as it provides the error we are seeing in the log file at line 201.  If I can track down the variables and where they lead back to originating the login maybe I can see more into the error that might be causing the lack of success.

[YAdrien]

Hi,

I have the same problem right here ; did u create a ticket or find something in the script ?

Code: [Select]

201     throw EBox::Exceptions::External(
202         __x(q|FATAL: Could not connect to samba LDAP server: {error}|,
203             error => $error));

[rezon]

I have created a ticket here:
http://trac.zentyal.org/ticket/7428

One of my fellow linux pals suggested ramping up logging to try and track down the issue so I am going to attempt that this week and see if additional logs pertaining to this process will shed some light.

[rezon]

This apparently was a known issue what was resolved with the updated system components:
DNS 3.2.1
Samba 3.2.3

I updated both via Software Components --> Zentyal Components --> Update

I didn't realize this section was there in addition to the 'System Updates' section that is shown in the Dashboard widget.

The secondary server joins perfectly without incident.  Please let us know if this helps anyone else with this issue.

[christian]

If problem is solved (that's what I understand from your post), could you please update your first post title and stamp it as [SOLVED] ?

[priyamdeb]

Hi .. We are  facing issue ADC joining issue   ..  While joining we are below error ..

Partition[DC=varaunited,DC=net] objects[103/103] linked_values[28/0]
Missing parent while attempting to apply records: No parent with GUID ce2d7365-                                                                                        6790-4772-b8a1-63a95d8ebc85 found for object remotely known as CN=Cert Publisher                                                                                        s,OU=VARA_BSEL,DC=varaunited,DC=net
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine acc                                                                                        ount password for VARAUNITED from both secrets.ldb (Could not find entry to matc                                                                                        h filter: '(&(flatname=VARAUNITED)(objectclass=primaryDomain))' base: 'cn=Primar                                                                                        y Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4575) a                                                                                        nd from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process ch                                                                                        unk: NT code 0xc000210c
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, i                                                                                        n _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 652, in                                                                                         run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1253, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1153, in do_join
     ctx.join_replicate()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 890, in join_repl                                                                                        icate
     replica_flags=ctx.domain_replica_flags)
   File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 258, in repl                                                                                        icate
     schema=schema, req_level=req_level, req=req)

Command output: Adding CN=BDCRTP,OU=Domain Controllers,DC=varaunited,DC=net
Adding CN=BDCRTP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio                                                                                        n,DC=varaunited,DC=net
Adding CN=NTDS Settings,CN=BDCRTP,CN=Servers,CN=Default-First-Site-Name,CN=Site                                                                                        s,CN=Configuration,DC=varaunited,DC=net
Adding SPNs to CN=BDCRTP,OU=Domain Controllers,DC=varaunited,DC=net
Setting account password for BDCRTP$
Enabling account
Adding DNS account CN=dns-BDCRTP,CN=Users,DC=varaunited,DC=net with dns/ SPN
Setting account password for dns-BDCRTP
Calling bare provision
Provision OK for domain DN DC=varaunited,DC=net
Starting replication
Replicating critical objects from the base DN of the domain
Join failed - cleaning up
Deleted CN=BDCRTP,OU=Domain Controllers,DC=varaunited,DC=net
Deleted CN=dns-BDCRTP,CN=Users,DC=varaunited,DC=net
Deleted CN=NTDS Settings,CN=BDCRTP,CN=Servers,CN=Default-First-Site-Name,CN=Sit                                                                                        es,CN=Configuration,DC=varaunited,DC=net
Deleted CN=BDCRTP,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurati                                                                                        on,DC=varaunited,DC=net
.
Exit value: 255
2017/03/01 00:37:04 INFO> Base.pm:231 EBox::Module::Base::save - Restarting serv                                                                                        ice for module: logs
2017/03/01 00:37:04 ERROR> GlobalImpl.pm:734 EBox::GlobalImpl::saveAllModules -                                                                                         The following modules failed while saving their changes, their state is unknown:                                                                                         samba  at The following modules failed while saving their changes, their state                                                                                         is unknown: samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 734
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x5bb9bc0)', 'progress',                                                                                         'EBox::ProgressIndicator=HASH(0x550eb90)') called at /usr/share/perl5/EBox/Glob                                                                                        al.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x5baa0f0)', 'progress', 'EBox::Progre                                                                                        ssIndicator=HASH(0x550eb90)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30