Zentyal Forum, Linux Small Business Server

Zentyal Server => Installation and Upgrades => Topic started by: ccarpenter on September 15, 2012, 02:17:05 am

Title: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 15, 2012, 02:17:05 am
I am trying to get it to join my existing domain. I downloaded "File Sharing and Domain Services" and "Users and Groups" and in the Users and groups config I setup my domain. dc=test,dc=local and in the File Sharing setting it is still showing a default zentyal domain which I don't want. So searching I found samba4 docs here: http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

So i changed my /etc/krb5.conf to reflect my domain TEST.local instead of the default zentyal domain and at the command line ran "kinit administrator" to test the connection and asks for the password and I put it in and receive "kinit: krb5_get_init_creds: unable to reach any KDC in realm TEST.local" I also made sure that I set a DNS record to point to my domain controller.

I have searched around and noticed other people were able to set it up, but I cannot get it to work. So for those who have gotten it to work can you give a little help. Thank you.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 16, 2012, 01:10:05 am
Just a follow up with more info. These are the test from my DNS:

firewall@firewall:~$ host -t SRV _ldap._tcp.test.local
_ldap._tcp.test.local has SRV record 0 100 389 ts1.test.local.
firewall@firewall:~$ host -t SRV _kerberos._udp.test.local
_kerberos._udp.test.local has SRV record 0 100 88 ts1.test.local.
firewall@firewall:~$ host -t A ts1.test.local
ts1.test.local has address 10.1.1.8

As you can see I have all the kerberos and ldap DNS settings configured correctly, but in the File Sharing settings I cannot change the realm from the default ZENTYAL-DOMAIN.LAN to my test.local domain.

I still get the same result when trying to use the samba-tool join domain command:
firewall@firewall:~$ samba-tool domain join test.local DC -Uadministrator --realm=test.local
Finding a writeable DC for domain 'test.local'
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'test.local'
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 77, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 234, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)

I am sure someone has gotten this to work. I feel like I'm missing something simple?
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on September 16, 2012, 07:43:11 am
I believe that I have read elsewhere that the .local domain is not allowed.  Maybe this is the root of the problem.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 16, 2012, 04:43:50 pm
I will change my test domain to .lan then and get back with the results. Seems odd though because it seems pretty common place for people to use .local for domains that just need to be supported on the local lan
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 16, 2012, 06:56:30 pm
I am so confused as to how others were able to get this to work. I get the same results after changing my domain to test.lan.

firewall@firewall:/etc$ host -t SRV _ldap._tcp.test.lan
_ldap._tcp.test.lan has SRV record 0 100 389 DC.test.lan.
firewall@firewall:/etc$ host -t SRV _kerberos._udp.test.lan
_kerberos._udp.test.lan has SRV record 0 100 88 DC.test.lan.
firewall@firewall:/etc$ host -t A dc.test.lan
dc.test.lan has address 10.1.1.8

firewall@firewall:/etc$ samba-tool domain join test.lan DC -Uadministrator --realm=test.lan
Finding a writeable DC for domain 'test.lan'
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'test.lan'
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 77, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 234, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)

After I install the Users module and setting the ldap settings to be dc=test,dc=lan and saving it displays correctly on the admin screen.
Here is what the LDAP web settings shows:

LDAP information
Base DN:    dc=test,dc=lan
Root DN:    cn=zentyal,dc=test,dc=lan
Password:    5=zNP8aySWc=e3eYkf1i
Users DN:    ou=Users,dc=test,dc=lan
Groups DN:    ou=Groups,dc=test,dc=lan

But I still cannot change the realm in the File Sharing from ZENTYAL-DOMAIN.LAN to my TEST.LAN
I noticed after installing the Users module, configuring it and saving the /etc/krb5.conf still showed this:
[libdefaults]
    default_realm = ZENTYAL-DOMAIN.LAN
    dns_lookup_kdc = true
    dns_lookup_realm = true
    default_tgs_enctypes = arcfour-hmac-md5 des-cbc-md5 dec-cbc-crc
    default_tkt_enctypes = arcfour-hmac-md5 des-cbc-md5 dec-cbc-crc
    preferred_enctypes   = arcfour-hmac-md5 des-cbc-md5 dec-cbc-crc

[kadmin]
    default_keys = des-cbc-crc:pw-salt des-cbc-md5:pw-salt arcfour-hmac-md5:pw-salt

Why would it configure  ZENTYAL-DOMAIN.LAN to be the default realm when I just configured it to be TEST.LAN?
This is beginning to be very frustrating!
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on September 16, 2012, 08:42:49 pm
Might be an oversight on the programming end.  It assigned mine right the first time during install.  Try manually editing the kerberos info and retry.  This is getting away from my expertise so please bear with me.  Hopefully someone with more samba4 knowledge will be along soon.,
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 16, 2012, 09:00:22 pm
I have tried editing the /etc/krb5.conf but that didn't make any effect. I also looked in the /use/share/zentyal/stubs/samba.conf.mas (path from memory?). Any way the template only had variables and no settings. Where can I make the change? And what is the point of the web LDAP settings if it doesn't have any effect either?
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on September 17, 2012, 04:20:12 am
I am pretty sure that samba needs to be in sync with dns for everything to work.  I have my domain listed under dns and it can't be changed/deleted.  I have not had the time to really dig around and find all of the scripts associated with samba4 and dns.  If it is anything like past versions of Zentyal,  there will be a script to reset each module.  Hopefully a developer or someone more familiar than I will be along shortly.  If this is a test environment I might suggest starting over with a clean install.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 17, 2012, 05:04:27 am
I have used the reconfigure module command and have reinstalled a few times. And I made sure I had my domain all setup in the DNS before installing the Users and File Sharing modules. I setup Kerberos, kpasswd and LDAP in my services of the domain. Do I need to configure any other services for the domain?
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: codedmind on September 18, 2012, 07:53:11 pm
Same problem here :/

Can't have zentyal to resolve local lan hostnames and can't configure dns to do that.

Realm always put the .local and then can't make any changes
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 18, 2012, 09:00:22 pm
I just figured by the time the final version was released it would be figured out, but I am still struggling trying to get it working.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on September 19, 2012, 02:15:15 am
I was able to do it here using two clean copies of Zentyal.  Machine one was setup as a standalone server.  I joined an Ubuntu box to it to verify that portion.  I then configured Zentyal machine two as an additional domain controller.  Everything worked as advertised.  I then created a new user on Zentyal one.  It propogated to machine two. I tried from machine2 with the same results.  The next step will be to setup a test at work with a 2003 server and see what the results are.  More on this later. 
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 19, 2012, 05:35:40 am
I haven't tried two Ubuntu boxes yet as my setup requires a windows 2003 server. My test setup was a fresh install of server 2003 as a test domain and it will not see my domain
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on September 19, 2012, 06:00:22 am
I found this reference with some clues here http://admingeeks.blogspot.com/2011/05/samba-4-domain-controller-part-4-adding.html (http://admingeeks.blogspot.com/2011/05/samba-4-domain-controller-part-4-adding.html)
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 25, 2012, 06:37:45 pm
I need to add my zentyal 3 box to an existing windows 2003 domain, not the other way around. Has anyone gotten this to work?
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on September 25, 2012, 09:50:33 pm
I will be testing this over the weekend in a testbed.  I will post my results back here Monday.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: browley on September 25, 2012, 10:22:26 pm
Adding some .02$ here.  I am in the beginning steps to get it added just to prove it out.  Note: this was a fresh install and I never got around to enabling the samba module via the dashboard.  First step was to go into /etc/hosts and add both the existing 2003 DC and my IP for the Zentyal box:
Code: [Select]
192.168.101.11  win2k3.domain.lan w2k3
192.168.101.112  zentyal.domain.lan zentyal

I then also added the DNS entries in the Zentyal dashboard just in case.  I then ran the following:
Code: [Select]
/usr/bin/samba-tool domain join zentyal DC -Uadmin%password

Which reported a successful join.  I was actually shocked especially since I did not put in the FQDN.  Anyway, it seemed all for naught as "samba-tool drs showrepl" gives an error that it "Failed to connect host <ip> (<hostname>) on port 135..."  I read somewhere that samba needed to be restarted so I gave the machine a boot.  Upon boot, I checked the "samba-tool drs showrepl" again which was still throwing an error like that it "fails to find CN=NTDS Settings".  A suggested fix, https://lists.samba.org/archive/samba-technical/2011-December/080880.html (https://lists.samba.org/archive/samba-technical/2011-December/080880.html)  had me run the following:
Code: [Select]
samba-tool dbcheck --fixin which I totally started seeing my Windows 2k3 active directory objects.  W00t!  Right now when I run showrepl, I keep getting failures.  I'm going to look into it and see what I can find, just wanted to share that I made some progress.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: browley on September 26, 2012, 12:28:51 am
Checking back in before I head out of work.  Basically, at this point, the DNS from the Windows 2k3 server is failing to connect to the Zentyal box.  I've tried the Samba4 install with vanilla bind and remember it being a pain.  That said, with Zentyal in the mix, I have a feeling it will be a little bit more difficult setting both up to play nice.  Right now, I'd be referencing this step: http://wiki.samba.org/index.php/Samba4/HOWTO#Configure_.2Fetc.2Fresolv.conf (http://wiki.samba.org/index.php/Samba4/HOWTO#Configure_.2Fetc.2Fresolv.conf)

So, I have set up the bare minimum for DNS via the dashboard and now am trying to get the SRV records from above straightened out.  For example:

Code: [Select]
$ host -t SRV _ldap._tcp.zentyal.domain.lan
_ldap._tcp.zentyal.domain.lan has SRV record 0 100 389 zentyal.domain.lan.

EDIT:
Think I found the file the needs to update DNS, it's /usr/share/samba/setup/dns_update_list.  So basically, those entries need to be added dynamically to Zentyal's DNS in order for everything to be happy.  So, @Zentyal coders, how can we accomplish this?  In other words, can something be done were bind.conf.mas startup file is modified to include these entries?  Could it be flushed every time a computer/user is added/modified?  This is starting to get a little too deep into the coding for me to know what to do.  Thanks in advance.

Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: ccarpenter on September 28, 2012, 02:44:32 am
We'll another update. I'm not really sure how it happened, but the realm finally changed to be test.lan instead of the default zentyal-domain.lan!!!! Curious because I haven't done anything different, besides re-installing ubuntu and adding the zentyal sources again. Maybe there was an update since I last tested? Any way I now have the same issue as the guy in this thread:
http://forum.zentyal.org/index.php/topic,12175.0.html

It will sync my users and groups but only from the default User OU and not from my OU that I created and my users are in. Does anyone have a solution for this?
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: FarquahrWindsor on September 28, 2012, 09:48:24 am
http://wiki.samba.org/index.php/Samba4/Releases/4.0.0beta8

If you are trying this in production I would warn against it.

Its been such a long wait for the Samba4 binary that I myself like many others are itching to get it employed.
I have been hounding Zentyal and with much credit to the devs they are one of the foremost early adopters as it looks like the resara iniative has died a death and then there is only two others I think.

Beta8 is not netbios browseable and its hard to reconfigure even with RC1 there are still dns replication problems.

So it might be wise to provide the ldap sync aswell in the manner of 2.2
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: half_life on October 03, 2012, 09:34:29 pm
I know it is Thursday not Monday but I do have good news.  I was able to add a Win2003R2 server (clean install) as an additional DC to an existing Zentyal DC.  Coming soon the REAL test,  adding Zentyal as an additional DC to an existing W2003R2 domain.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: FarquahrWindsor on October 03, 2012, 09:54:21 pm
Would be great to hear back for you and I know this is a dumb question but what uses netbios nowadays?

The beta8 doesn't support netbios, its implemented RC1 does there are still problems with drs replication.

I read that you can just rsync sysvol to your member servers otherwise you might run into problems where group polices are not replicated.

I don't know if samba pushes or pulls the replication I guess its PDC to member servers it is M$ though might be both ways.

Interested to hear how you get on with browsing the network and group policies.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: jsalamero on October 07, 2012, 09:30:56 am
Just let you know that I just tried this with Samba4 RC2 and zentyal-samba 3.0.2 and works fine.
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: typ6ojiocb on October 10, 2012, 05:04:51 am
 i have trouble with joining to existing AD :( 
i change .local as in post : http://forum.zentyal.org/index.php/topic,12196.msg49930.html#msg49930
next - goto "File Sharing", select Additional Domain Controller, put values into fields and save changes, start filesharng module, and get error with starting dns, in dashboard i see that file sharing module not running, press button "start" and see msg "Error restrarting service File Sharing. See /var/log/zentyal/zentyal.log for more information.
/var/log/zentyal/zentyal.log:
Quote
INFO> Service.pm:716 EBox::Module::Service::restartService - Restarting service for module: samba
2012/10/04 11:21:58 INFO> Samba.pm:822 EBox::Samba::__ANON__ - Joining to domain 'PVK.LOCAL' as DC
2012/10/04 11:22:00 ERROR> Samba.pm:855 EBox::Samba::__ANON__ - Error joining to domain: Failed to connect to ldap URL 'ldap://ubuntu5.pvk.local' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldap://ubuntu5.pvk.local' with backend 'ldap': (null)
 ERROR(ldb): uncaught exception - None
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
     machinepass, use_ntvfs, dns_backend, promote_existing)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 82, in __init__
     credentials=ctx.creds, lp=ctx.lp)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 56, in __init__
     options=options)
   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 114, in __init__
     self.connect(url, flags, options)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 71, in connect
     options=options)
2012/10/04 11:22:00 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/10/04 11:22:01 INFO> DNS.pm:87 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2012/10/04 11:22:04 ERROR> Service.pm:721 EBox::Module::Service::__ANON__ - Error restarting service: Error joining to domain: Failed to connect to ldap URL 'ldap://ubuntu5.pvk.local' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldap://ubuntu5.pvk.local' with backend 'ldap': (null)
 ERROR(ldb): uncaught exception - None
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
     machinepass, use_ntvfs, dns_backend, promote_existing)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 82, in __init__
     credentials=ctx.creds, lp=ctx.lp)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 56, in __init__
     options=options)
   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 114, in __init__
     self.connect(url, flags, options)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 71, in connect
     options=options)
2012/10/04 11:22:04 ERROR> RestartService.pm:67 EBox::CGI::SysInfo::RestartService::__ANON__ - Restart of File Sharing from dashboard failed: Error joining to domain: Failed to connect to ldap URL 'ldap://ubuntu5.pvk.local' - LDAP client internal error: NT_STATUS_CONNECTION_REFUSED
 Failed to connect to 'ldap://ubuntu5.pvk.local' with backend 'ldap': (null)
 ERROR(ldb): uncaught exception - None
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 256, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1057, in join_DC
     machinepass, use_ntvfs, dns_backend, promote_existing)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 82, in __init__
     credentials=ctx.creds, lp=ctx.lp)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 56, in __init__
     options=options)
   File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 114, in __init__
     self.connect(url, flags, options)
   File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 71, in connect
     options=options)

what i must do?
Title: Re: Joining Zentyal 3 to existing active directory domain.
Post by: r27 on November 11, 2012, 04:57:42 am
Anybody can help with this ? I have the same error, can't join zentyal do AD. Tried everything I found around.

2012/11/10 22:46:05 INFO> GlobalImpl.pm:604 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall samba dns logs
2012/11/10 22:46:05 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: firewall
2012/11/10 22:46:06 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: samba
2012/11/10 22:46:07 INFO> Samba.pm:943 EBox::Samba::__ANON__ - Joining to domain 'test.local' as DC
2012/11/10 22:46:22 ERROR> Samba.pm:980 EBox::Samba::__ANON__ - Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[402] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[804] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[1206] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[1608] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[2010] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[2412] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[2814] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[3216] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[3618] linked_values[0]
 Schema-DN[CN=Schema,CN=Configuration,DC=test,DC=local] objects[3763] linked_values[0]
 Analyze and apply schema objects
 Partition[CN=Configuration,DC=test,DC=local] objects[402] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[804] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[1206] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[1608] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2010] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2412] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2771] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[2932] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3096] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3270] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3445] linked_values[0]
 Partition[CN=Configuration,DC=test,DC=local] objects[3724] linked_values[0]
 Failed to apply records: Failed to find GUID for (null): Invalid DN syntax
 Failed to commit objects: WERR_GENERAL_FAILURE
 ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 168, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 555, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1090, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 995, in do_join
     ctx.join_replicate()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 733, in join_replicate
2012/11/10 22:46:22 INFO> Base.pm:229 EBox::Module::Base::save - Restarting service for module: dns
2012/11/10 22:46:22 WARN> DNS.pm:1762 EBox::DNS::switchToReverseInfoData - Domain 'test.local' already mapped to IP group '1.168.192', domain test.local skipped
2012/11/10 22:46:24 ERROR> GlobalImpl.pm:642 EBox::GlobalImpl::__ANON__ - Failed to save changes in module samba: Error joining to domain: Schema-DN[CN=Schema,CN=Configuration,D$