Author Topic: Additionnal DC to a Zentyal server  (Read 1310 times)

nfplacide

  • Zen Apprentice
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Additionnal DC to a Zentyal server
« on: November 28, 2017, 04:49:36 pm »
Hi,
Please I am trying to add a BDC (zentyal)  to an existing Domain under zentyal.
BD Zentyal:   5.0.10
But I have an error.  Below is the output of the CLI


root@dc-port-01:/home/administrateur# samba-tool domain join GELPORT.LAN DC -U "GELPORT\domainadmin" --dns-backend=BIND9_DLZ --server=pdc-port-01                                                                                            GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name pdc-port-01<0x20>
Password for [GELPORT\domainadmin]:
Cannot reach a KDC we require to contact (null) : kinit for domainadmin@GELPORT failed (Cannot contact any KDC for requested realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/pdc-port-01 failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
workgroup is GELPORT
realm is gelport.lan
Adding CN=DC-PORT-01,OU=Domain Controllers,DC=gelport,DC=lan
Adding CN=DC-PORT-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gelport,DC=lan
Adding CN=NTDS Settings,CN=DC-PORT-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gelport,DC=lan
Using binding ncacn_ip_tcp:pdc-port-01[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name pdc-port-01<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name pdc-port-01<0x20>
Cannot reach a KDC we require to contact (null) : kinit for domainadmin@GELPORT failed (Cannot contact any KDC for requested realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/PDC-PORT-01 failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Adding SPNs to CN=DC-PORT-01,OU=Domain Controllers,DC=gelport,DC=lan
Setting account password for DC-PORT-01$
Enabling account
Adding DNS account CN=dns-DC-PORT-01,CN=Users,DC=gelport,DC=lan with dns/ SPN
Setting account password for dns-DC-PORT-01
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=gelport,DC=lan
Starting replication
Using binding ncacn_ip_tcp:pdc-port-01[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name pdc-port-01<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name pdc-port-01<0x20>
Cannot reach a KDC we require to contact (null) : kinit for domainadmin@GELPORT failed (Cannot contact any KDC for requested realm)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT for ldap/PDC-PORT-01 failed (next[ntlmssp]): NT_STATUS_NO_LOGON_SERVERS
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=gelport,DC=lan] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=gelport,DC=lan] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=gelport,DC=lan] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=gelport,DC=lan] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Replicated 1550 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=gelport,DC=lan
Partition[CN=Configuration,DC=gelport,DC=lan] objects[402/1617] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=gelport,DC=lan
Partition[CN=Configuration,DC=gelport,DC=lan] objects[804/1617] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=gelport,DC=lan
Partition[CN=Configuration,DC=gelport,DC=lan] objects[1206/1617] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=gelport,DC=lan
Partition[CN=Configuration,DC=gelport,DC=lan] objects[1608/1617] linked_values[0/0]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=gelport,DC=lan
Partition[CN=Configuration,DC=gelport,DC=lan] objects[1617/1617] linked_values[48/0]
Replicated 9 objects (48 linked attributes) for CN=Configuration,DC=gelport,DC=lan
Replicating critical objects from the base DN of the domain
Partition[DC=gelport,DC=lan] objects[99/99] linked_values[32/0]
Missing parent while attempting to apply records: No parent with GUID 14f8df14-8756-490e-b1be-0db640d06a19 found for object remotely known as CN=                                                                                            http-PDC-PORT-01,OU=Kerberos,DC=gelport,DC=lan
Failed to commit objects: WERR_DS_DRA_MISSING_PARENT
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for GELPORT from both secrets.ldb (Could not find en                                                                                            try to match filter: '(&(flatname=GELPORT)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsd                                                                                            b/common/util.c:4576) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC-PORT-01,OU=Domain Controllers,DC=gelport,DC=lan
Deleted CN=dns-DC-PORT-01,CN=Users,DC=gelport,DC=lan
Deleted CN=NTDS Settings,CN=DC-PORT-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gelport,DC=lan
Deleted CN=DC-PORT-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gelport,DC=lan
ERROR(runtime): uncaught exception - (8460, "Failed to process 'chunk' of DRS replicated objects: WERR_DS_DRA_MISSING_PARENT")
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1269, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1177, in do_join
    ctx.join_replicate()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 903, in join_replicate
    replica_flags=ctx.domain_replica_flags)
  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 258, in replicate
    schema=schema, req_level=req_level, req=req)
root@dc-port-01:/home/administrateur#
« Last Edit: November 28, 2017, 04:51:08 pm by nfplacide »

BerT666

  • Zen Warrior
  • ***
  • Posts: 230
  • Karma: +17/-0
    • View Profile
Re: Additionnal DC to a Zentyal server
« Reply #1 on: November 29, 2017, 03:21:43 pm »
not sure about this, but I think it must be:

samba-tool domain join GELPORT.LAN DC -U "domainadmin" --dns-backend=BIND9_DLZ --server=pdc-port-01

Regards

Thomas