Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 24, 2022, 11:45:22 am »
Hi all,
i am having problems joining a Zentyal 7 (Commercial Trial Edition) to our existing AD Controller Zentyal 5.1.3 (Community edition). The join is unsuccessful. I followed the official tutorial on Youtube.
The goal is to replace the old Zentyal 5 with the Version 7 Commercial. I tried upgrading the V5 to 6 before and it while the upgrade was still successful, our users were not able to log in to their machines any more.
I hope you can guide me to successfully join the domain or give me another advice how to migrate to the new commercial edition.
Here is the zentyal.log (split in three posts) of the unsuccessful join attempt - i masked our true domain values with foo.bar.xyz.
Thanks, Alex
i am having problems joining a Zentyal 7 (Commercial Trial Edition) to our existing AD Controller Zentyal 5.1.3 (Community edition). The join is unsuccessful. I followed the official tutorial on Youtube.
The goal is to replace the old Zentyal 5 with the Version 7 Commercial. I tried upgrading the V5 to 6 before and it while the upgrade was still successful, our users were not able to log in to their machines any more.
I hope you can guide me to successfully join the domain or give me another advice how to migrate to the new commercial edition.
Here is the zentyal.log (split in three posts) of the unsuccessful join attempt - i masked our true domain values with foo.bar.xyz.
Thanks, Alex
Quote
2022/01/23 14:57:40 INFO> GlobalImpl.pm:617 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2022/01/23 14:57:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2022/01/23 14:57:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2022/01/23 14:57:40 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2022/01/23 14:57:43 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2022/01/23 14:57:45 INFO> Provision.pm:810 EBox::Samba::Provision::checkAddress - Resolving largo.foo.bar.xyz to an IP address
2022/01/23 14:57:45 INFO> Provision.pm:830 EBox::Samba::Provision::checkAddress - The DC largo.foo.bar.xyz has been resolved to 192.168.0.2
2022/01/23 14:57:45 INFO> Provision.pm:833 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.0.2'...
2022/01/23 14:57:45 INFO> Provision.pm:857 EBox::Samba::Provision::checkAddress - The IP address 192.168.0.2 does not have associated PTR record
2022/01/23 14:57:45 INFO> Provision.pm:756 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.0.2' is online...
2022/01/23 14:57:45 INFO> Provision.pm:866 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2022/01/23 14:57:45 INFO> Provision.pm:898 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2022/01/23 14:57:45 INFO> Provision.pm:775 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2022/01/23 14:57:45 INFO> Provision.pm:972 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2022/01/23 14:57:45 INFO> Provision.pm:993 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2022/01/23 14:57:45 INFO> Provision.pm:675 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2022/01/23 14:57:45 INFO> Provision.pm:722 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2022/01/23 14:57:45 INFO> Provision.pm:932 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2022/01/23 14:57:45 INFO> Provision.pm:1034 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2022/01/23 14:57:45 INFO> Provision.pm:1042 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2022/01/23 14:57:45 INFO> Provision.pm:1059 EBox::Samba::Provision::checkADNebiosName - Checking domain xyzbios name...
2022/01/23 14:57:46 INFO> Provision.pm:1286 EBox::Samba::Provision::provisionADC - Joining to domain 'foo.bar.xyz' as DC
2022/01/23 14:57:47 INFO> Provision.pm:1299 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'domainadmin@foo.bar.xyz'
2022/01/23 14:57:47 INFO> Provision.pm:1308 EBox::Samba::Provision::provisionADC - Executing domain join
2022/01/23 14:57:52 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join foo.bar.xyz DC --username='domainadmin' --workgroup='ac' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server='192.168.0.2' --dns-backend=BIND9_DLZ --realm='foo.bar.xyz' --site='Default-First-Site-Name' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
Analyze and apply schema objects
Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for AC from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
ctx.join_replicate()
File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
Pages: [1]