Zentyal Forum, Linux Small Business Server

Zentyal Server => Directory and Authentication => Topic started by: Shadow507 on August 14, 2016, 01:23:28 am

Title: Joining Zentyal server 4.2.2 to existing Zentyal server 4.2.2 as secondary DC
Post by: Shadow507 on August 14, 2016, 01:23:28 am
Hello all

I am having difficulty adding a second DC to my existing Zentyal based domain,

the configuration I have set is detailed in attached image  dcsettings.PNG

however upon saving configuration I get the error attached image dcerror.PNG

upon looking in '/var/log/zentyal/zentyal.log' I see

------------

2016/08/13 23:56:57 INFO> GlobalImpl.pm:624 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2016/08/13 23:56:57 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2016/08/13 23:56:57 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2016/08/13 23:57:00 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2016/08/13 23:57:00 INFO> Provision.pm:810 EBox::Samba::Provision::checkAddress - Resolving psnmarsvmdc01.int.p-s-e.tk to an IP address
2016/08/13 23:57:01 INFO> Provision.pm:830 EBox::Samba::Provision::checkAddress - The DC psnmarsvmdc01.int.p-s-e.tk has been resolved to 192.168.2.16
2016/08/13 23:57:01 INFO> Provision.pm:833 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.2.16'...
2016/08/13 23:57:01 INFO> Provision.pm:857 EBox::Samba::Provision::checkAddress - The IP address 192.168.2.16 does not have associated PTR record
2016/08/13 23:57:01 INFO> Provision.pm:756 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.2.16' is online...
2016/08/13 23:57:01 INFO> Provision.pm:866 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2016/08/13 23:57:01 INFO> Provision.pm:894 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2016/08/13 23:57:01 INFO> Provision.pm:775 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2016/08/13 23:57:01 INFO> Provision.pm:968 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2016/08/13 23:57:01 INFO> Provision.pm:989 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2016/08/13 23:57:01 INFO> Provision.pm:675 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2016/08/13 23:57:01 INFO> Provision.pm:722 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2016/08/13 23:57:01 INFO> Provision.pm:928 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2016/08/13 23:57:01 INFO> Provision.pm:1030 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2016/08/13 23:57:01 INFO> Provision.pm:1038 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named MARSDEN
2016/08/13 23:57:01 INFO> Provision.pm:1055 EBox::Samba::Provision::checkADNebiosName - Checking domain netbios name...
2016/08/13 23:57:01 INFO> Provision.pm:1278 EBox::Samba::Provision::provisionADC - Joining to domain 'int.p-s-e.tk' as DC
2016/08/13 23:57:01 INFO> Provision.pm:1291 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'ea-jcrowther@INT.P-S-E.TK'
2016/08/13 23:57:01 INFO> Provision.pm:1300 EBox::Samba::Provision::provisionADC - Executing domain join
2016/08/13 23:57:01 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join int.p-s-e.tk DC  --username='ea-jcrowther'  --workgroup='int'  --password=`cat /var/lib/zentyal/tmp/8orOhy`  --server='192.168.2.16'  --dns-backend=BIND9_DLZ  --realm='INT.P-S-E.TK'  --site='MARSDEN'  failed.
Error output:
Command output: Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] [options]

.
Exit value: 255 at root command samba-tool domain join int.p-s-e.tk DC  --username='ea-jcrowther'  --workgroup='int'  --password=`cat /var/lib/zentyal/tmp/8orOhy`  --server='192.168.2.16'  --dns-backend=BIND9_DLZ  --realm='INT.P-S-E.TK'  --site='MARSDEN'  failed.
Error output:
Command output: Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] [options]

.
Exit value: 255 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/Xos1VGeJkE.cmd 2> /var/lib/zentyal/tmp/stderr', 'samba-tool domain join int.p-s-e.tk DC  --username=\'ea-jcrowther\'  --workgroup=\'int\'  --password=`cat /var/lib/zentyal/tmp/8orOhy`  --server=\'192.168.2.16\'  --dns-backend=BIND9_DLZ  --realm=\'INT.P-S-E.TK\'  --site=\'MARSDEN\' ', 65280, 'ARRAY(0x794bee8)', 'ARRAY(0x3184538)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'samba-tool domain join int.p-s-e.tk DC  --username=\'ea-jcrowther\'  --workgroup=\'int\'  --password=`cat /var/lib/zentyal/tmp/8orOhy`  --server=\'192.168.2.16\'  --dns-backend=BIND9_DLZ  --realm=\'INT.P-S-E.TK\'  --site=\'MARSDEN\' ') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('samba-tool domain join int.p-s-e.tk DC  --username=\'ea-jcrowther\'  --workgroup=\'int\'  --password=`cat /var/lib/zentyal/tmp/8orOhy`  --server=\'192.168.2.16\'  --dns-backend=BIND9_DLZ  --realm=\'INT.P-S-E.TK\'  --site=\'MARSDEN\' ') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1311
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 1277
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x764d9a8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 372
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x764d9a8)') called at /usr/share/perl5/EBox/Samba.pm line 722
EBox::Samba::_setConf('EBox::Samba=HASH(0x5c8ab90)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x5c8ab90)') called at /usr/share/perl5/EBox/Module/Service.pm line 972
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x5c8ab90)') called at /usr/share/perl5/EBox/Samba.pm line 688
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x5c8ab90)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x5c8ab90)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 656
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 655
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x4ac4f08)', 'progress', 'EBox::ProgressIndicator=HASH(0x248a558)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4aeee70)', 'progress', 'EBox::ProgressIndicator=HASH(0x248a558)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2016/08/13 23:57:01 INFO> Provision.pm:299 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2016/08/13 23:57:01 INFO> Provision.pm:276 EBox::Samba::Provision::setupDNS - Setting up DNS
2016/08/13 23:57:01 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2016/08/13 23:57:05 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command samba-tool domain join int.p-s-e.tk DC  --username='ea-jcrowther'  --workgroup='int'  --password=`cat /var/lib/zentyal/tmp/8orOhy`  --server='192.168.2.16'  --dns-backend=BIND9_DLZ  --realm='INT.P-S-E.TK'  --site='MARSDEN'  failed.
Error output:
Command output: Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] [options]

.
Exit value: 255
2016/08/13 23:57:05 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2016/08/13 23:57:05 ERROR> GlobalImpl.pm:735 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba  at The following modules failed while saving their changes, their state is unknown: samba  at /usr/share/perl5/EBox/GlobalImpl.pm line 735
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x4ac4f08)', 'progress', 'EBox::ProgressIndicator=HASH(0x248a558)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x4aeee70)', 'progress', 'EBox::ProgressIndicator=HASH(0x248a558)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30

------------

however manually executing
 
samba-tool domain join int.p-s-e.tk DC  --username='ea-jcrowther'  --workgroup='int'  --server='192.168.2.16'  --dns-backend=BIND9_DLZ  --realm='INT.P-S-E.TK'  --site='MARSDEN'

and entering the password does join the system to the domain however it does not act as a DC and the 'Users and Computers' page states 'You need to enable Domain Controller and File Sharing module in the module status section and save changes in order to use it.'

Also note that the domain join does not survive settings save or system reboot, my guess is that the Zentyal software overwrites any config that it did not make so that the config matches its view of the world

please can anyone provide help with this issue.