This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 26, 2022, 08:02:53 pm »
Hi turalyon and thanks for looking into my post with this endless logfile.
I did this now:
Attached is the output of the zentyal check script.
Thanks for looking into it! Alex
I did this now:
- The user 'dns-zen7adc' could not be found in the database. Is this user always called the same for Zentyal 7?
- I downloaded and ran the script. It found quite some errors. How can i fox them?
- The mentioned users are inside the 'Users' container.
- I checked on the errors with:
Code: [Select]
samba-tool dbcheck --cross-ncs
Code: [Select]
samba-tool dbcheck --cross-ncs --fix
Attached is the output of the zentyal check script.
Thanks for looking into it! Alex
Quote
Subject: System report
##################
# GENERAL CHECKS #
##################
########
## Hostname
########
largo.foo.bar.xyz
########
## Hosts
########
127.0.0.1 localhost.localdomain localhost
127.0.1.1 largo.foo.bar.xyz largo
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
########
## Resolv
########
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(
# and managed by Zentyal.
#
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
#
nameserver 127.0.0.1
search foo.bar.xyz
########
## Version of Zentyal and Ubuntu
########
Zentyal 5.1.3
Ubuntu 16.04.6 LTS
########
## Zentyal's modules installed
########
ii zentyal-antivirus 5.1.1
ii zentyal-ca 5.1
ii zentyal-common 5.0.12
ii zentyal-core 5.1.3
ii zentyal-dhcp 5.1.1
ii zentyal-dns 5.1
ii zentyal-firewall 5.1
ii zentyal-mail 5.1
ii zentyal-mailfilter 5.1
ii zentyal-network 5.1
ii zentyal-ntp 5.1
ii zentyal-objects 5.0.10
ii zentyal-openchange 5.0.3
ii zentyal-samba 5.1.2
ii zentyal-services 5.0.10
ii zentyal-software 5.1
ii zentyal-sogo 5.1
########
## Modules which are enabled
########
Zentyal module network: [ ENABLED ]
Zentyal module firewall: [ ENABLED ]
Zentyal module antivirus: [ ENABLED ]
Zentyal module audit: [ DISABLED ]
Zentyal module ca: [ ENABLED ]
Zentyal module dhcp: [ ENABLED ]
Zentyal module dns: [ ENABLED ]
Zentyal module logs: [ ENABLED ]
Zentyal module mail: [ ENABLED ]
Zentyal module mailfilter: [ ENABLED ]
Zentyal module ntp: [ ENABLED ]
Zentyal module samba: [ ENABLED ]
Zentyal module sogo: [ ENABLED ]
Zentyal module webadmin: [ ENABLED ]
########
## Zentyal Commercial Edition
########
The server doesn't have a license key.
########
## Uptime
########
Uptime's server: up 13 hours, 6 minutes
########
## Memory
########
Total memory: 1839 MB
Memory usage: 50.84%
SWAP usage: 2035 MB
########
## CPU
########
Total cores: 2
CPU load average (1m,5m,15m): 2.08. 1.85. 1.69
########
## Hard Drives and partitions
########
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sr0 11:0 1 1024M 0 rom
vda 253:0 0 64G 0 disk
├─vda1 253:1 0 243M 0 part /boot
├─vda2 253:2 0 1K 0 part
└─vda5 253:5 0 63.8G 0 part
├─largo--vg-root 252:0 0 59.8G 0 lvm /
└─largo--vg-swap_1 252:1 0 4G 0 lvm [SWAP]
## Disk usage:
Filesystem Type Size Used Avail Use% Mounted on
/dev/mapper/largo--vg-root ext4 59G 6.0G 50G 11% /
/dev/vda1 ext2 236M 169M 55M 76% /boot
########
## Network Interfaces
########
## Interfaces available:
eth0
## IPs configured:
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth0
## Network Interfaces where were 'Down': 0
########
## Server packages
########
Broken packages: 0
Upgradable packages:
157 packages can be updated.
127 updates are security updates.
Last update by Zentyal:
########
## Repositories
########
## Repositorios configured:
deb http://de.archive.ubuntu.com/ubuntu/ xenial main restricted
deb http://de.archive.ubuntu.com/ubuntu/ xenial-updates main restricted
deb http://de.archive.ubuntu.com/ubuntu/ xenial universe
deb http://de.archive.ubuntu.com/ubuntu/ xenial-updates universe
deb http://de.archive.ubuntu.com/ubuntu/ xenial multiverse
deb http://de.archive.ubuntu.com/ubuntu/ xenial-updates multiverse
deb http://de.archive.ubuntu.com/ubuntu/ xenial-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb http://security.ubuntu.com/ubuntu xenial-security universe
deb http://security.ubuntu.com/ubuntu xenial-security multiverse
## Custom repositories:
/etc/apt/sources.list.d/zentyal-archive.list
deb http://archive.zentyal.org/zentyal 5.1 main
########
## System emails
########
Number of emails for user 'amavis': 24
Number of emails for user 'root': 74543
########
## Mysql daemon
########
active
########
## Mysql databases
########
## Databases available:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| openchange |
| performance_schema |
| sogo |
| spamassassin |
| sys |
| zentyal |
+--------------------+
## Mysql databases check:
mysql.columns_priv OK
mysql.db OK
mysql.engine_cost OK
mysql.event OK
mysql.func OK
mysql.general_log OK
mysql.gtid_executed OK
mysql.help_category OK
mysql.help_keyword OK
mysql.help_relation OK
mysql.help_topic OK
mysql.host OK
mysql.innodb_index_stats OK
mysql.innodb_table_stats OK
mysql.ndb_binlog_index OK
mysql.plugin OK
mysql.proc OK
mysql.procs_priv OK
mysql.proxies_priv OK
mysql.server_cost OK
mysql.servers OK
mysql.slave_master_info OK
mysql.slave_relay_log_info OK
mysql.slave_worker_info OK
mysql.slow_log OK
mysql.tables_priv OK
mysql.time_zone OK
mysql.time_zone_leap_second OK
mysql.time_zone_name OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
openchange.folders OK
openchange.folders_properties OK
openchange.mailboxes OK
openchange.mailboxes_properties OK
openchange.messages OK
openchange.messages_properties OK
openchange.migrations OK
mysql.time_zone_transition OK
mysql.time_zone_transition_type OK
mysql.user OK
openchange.folders OK
openchange.folders_properties OK
openchange.mailboxes OK
openchange.mailboxes_properties OK
openchange.messages OK
openchange.messages_properties OK
openchange.migrations OK
openchange.named_properties OK
openchange.organizational_units OK
openchange.provisioning_folders OK
openchange.provisioning_special_folders OK
openchange.public_folders OK
openchange.replica_mapping OK
openchange.servers OK
sogo.sogo_folder_info OK
sogo.sogo_sessions_folder OK
sogo.sogo_user_profile OK
sogo.sogoapfeiffe0010c43d696 OK
sogo.sogoapfeiffe0010c43d696_acl OK
sogo.sogoapfeiffe0010c43d696_quick OK
sogo.sogoapfeiffe0012e76f3d9 OK
sogo.sogoapfeiffe0012e76f3d9_acl OK
sogo.sogoapfeiffe0012e76f3d9_quick OK
sogo.sogoapfeiffe00140f33cb4 OK
sogo.sogoapfeiffe00140f33cb4_acl OK
sogo.sogoapfeiffe00140f33cb4_quick OK
sogo.sogocglauerd001005f4af6 OK
sogo.sogocglauerd001005f4af6_acl OK
sogo.sogocglauerd001005f4af6_quick OK
sogo.sogocglauerd0011be37158 OK
sogo.sogocglauerd0011be37158_acl OK
sogo.sogocglauerd0011be37158_quick OK
spamassassin.bayes_expire OK
spamassassin.bayes_global_vars OK
spamassassin.bayes_seen OK
spamassassin.bayes_token OK
spamassassin.bayes_vars OK
sys.sys_config OK
zentyal.audit_actions OK
zentyal.audit_sessions OK
zentyal.av_db_updates OK
zentyal.firewall OK
zentyal.firewall_report OK
zentyal.leases OK
zentyal.mail_message OK
zentyal.mailfilter_pop OK
zentyal.mailfilter_smtp OK
zentyal.samba_access OK
zentyal.samba_access_report OK
zentyal.samba_disk_usage OK
zentyal.samba_disk_usage_report OK
zentyal.samba_quarantine OK
zentyal.samba_virus OK
zentyal.samba_virus_report OK
zentyal.samba_virus_share_report OK
###################
# Login accesses #
###################
Successful accesses to the Zentyal Admin Interface: 181
Failed accesses to the Zentyal Admin Interface: 0
Successful accesses from SSH: 0
Failed accesses from SSH: 0
Successful accesses to Sogo Web Interface: 0
Failed accesses to Sogo Web Interface: 0
#####################
# ZENTYAL LOG FILE #
#####################
## Errors and Warnings found from '2017/06/28' to '2022/01/26'
## Errors found:
sogo 0
ejabber 0
ntp 1
dhcp 0
openvpn 0
logs 0
dns 21
mail 0
network 0
ipsec 0
squid 0
firewall 0
mysql 1
samba 12
## Warnings found:
sogo 0
ejabber 0
ntp 1
dhcp 0
openvpn 0
logs 1
dns 0
mail 0
network 0
ipsec 0
squid 0
firewall 0
mysql 0
samba 9941
###################
# Antivirus module #
###################
Last update of the 'main' database file:
Last update of the 'daily' database file: Wed Jan 26
Last update of the 'bytecode' database file:
Number of Virus detected: 0
############################
# DOMAIN CONTROLLER CHECKS #
############################
########
## DNS user
########
dns-largo
## DNS users on DnsAdmins:
dns-largo
########
## DNS user password flags
########
Usuario: dns-largo -> U
########
## DNS user ticket
########
Skipping the check for Kerberos ticket for 'dns-largo' because its password isn't set as 'noexpiry'.
########
## Status of old Samba daemon
########
## Daemons' information:
Status of the daemon: 'smbd': active
State of the daemon: 'smbd': enabled
Status of the daemon: 'nmbd': active
State of the daemon: 'nmbd': enabled
Status of the daemon: 'winbind': active
State of the daemon: 'winbind': enabled
Status of the daemon: 'sssd': inactive
State of the daemon: 'sssd':
########
## Samba database check
########
Checked 5041 objects (4702 errors)
########
## FSMO OWNER
########
SchemaMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
DomainDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
ForestDnsZonesMasterRole owner: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
########
## Domain Controllers configured
########
dn: CN=NTDS Settings,CN=LARGO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
objectGUID: ff01cd9f-e4a8-4c70-be96-98a4dce4fbfa
########
## DNS alias
########
ff01cd9f-e4a8-4c70-be96-98a4dce4fbfa._msdcs.foo.bar.xyz is an alias for largo.foo.bar.xyz.
########
## DNS Errors on log file
########
--
2017/07/10 16:48:32 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
2017/07/10 16:48:32 ERROR> Service.pm:962 EBox::Module::Service::restartService - Error restarting service: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
Error output: Password has expired
dns-largo@foo.bar.xyz's Password:
--
2017/07/10 16:48:32 ERROR> Service.pm:964 EBox::Module::Service::restartService - root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
2017/07/10 16:48:32 ERROR> RestartService.pm:61 EBox::SysInfo::CGI::RestartService::_process - Restart of DNS from dashboard failed: root command kinit -k -t /var/lib/samba/private/dns.keytab dns-largo failed.
Error output: Password has expired
dns-largo@foo.bar.xyz's Password:
################
# Mails status #
################
## Status of the emails that were sent and received between the dates: 'Jan 23 07:35:03' and 'Jan 26 06:10:43' :
Mail queue:
Mail queue is empty
Mails sent: 14
Mails rejected: 0
Mails bounced: 0
Mails analized by Mailfilter: 7
Mails with virus: 0
Mails block by SPAM: 0
Mails block by File Type: 0
2
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 24, 2022, 11:46:24 am »
Part 3
Quote
Exit value: 255 at /usr/share/perl5/EBox/Sudo.pm line 240
EBox::Sudo::_rootError('/usr/bin/sudo -p sudo: /var/lib/zentyal/tmp/F3cb8Zxsrj.cmd 2> /var/lib/zentyal/tmp/stderr', 'samba-tool domain join foo.bar.xyz DC --username=\'domainadmin\' --workgroup=\'foo\' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server=\'192.168.0.2\' --dns-backend=BIND9_DLZ --realm=\'foo.bar.xyz\' --site=\'Default-First-Site-Name\' ', 65280, 'ARRAY(0x55c578d74ed0)', 'ARRAY(0x55c573fe0d40)') called at /usr/share/perl5/EBox/Sudo.pm line 210
EBox::Sudo::_root(1, 'samba-tool domain join foo.bar.xyz DC --username=\'domainadmin\' --workgroup=\'foo\' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server=\'192.168.0.2\' --dns-backend=BIND9_DLZ --realm=\'foo.bar.xyz\' --site=\'Default-First-Site-Name\' ') called at /usr/share/perl5/EBox/Sudo.pm line 153
EBox::Sudo::root('samba-tool domain join foo.bar.xyz DC --username=\'domainadmin\' --workgroup=\'foo\' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server=\'192.168.0.2\' --dns-backend=BIND9_DLZ --realm=\'foo.bar.xyz\' --site=\'Default-First-Site-Name\' ') called at /usr/share/perl5/EBox/Samba/Provision.pm line 1319
eval {...} at /usr/share/perl5/EBox/Samba/Provision.pm line 1285
EBox::Samba::Provision::provisionADC('EBox::Samba::Provision=HASH(0x55c578a444b8)') called at /usr/share/perl5/EBox/Samba/Provision.pm line 369
EBox::Samba::Provision::provision('EBox::Samba::Provision=HASH(0x55c578a444b8)') called at /usr/share/perl5/EBox/Samba.pm line 694
EBox::Samba::_setConf('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Module/Base.pm line 995
EBox::Module::Base::_regenConfig('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Module/Service.pm line 940
EBox::Module::Service::_regenConfig('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Samba.pm line 667
EBox::Samba::_regenConfig('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/Module/Base.pm line 234
eval {...} at /usr/share/perl5/EBox/Module/Base.pm line 233
EBox::Module::Base::save('EBox::Samba=HASH(0x55c577705cb8)') called at /usr/share/perl5/EBox/GlobalImpl.pm line 649
eval {...} at /usr/share/perl5/EBox/GlobalImpl.pm line 648
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55c572af4bb0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55c575ff6f80)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
2022/01/23 14:57:52 INFO> Provision.pm:299 EBox::Samba::Provision::setupKerberos - Setting up kerberos
2022/01/23 14:57:52 INFO> Provision.pm:276 EBox::Samba::Provision::setupDNS - Setting up DNS
2022/01/23 14:57:52 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2022/01/23 14:57:53 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2022/01/23 14:57:57 ERROR> GlobalImpl.pm:653 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command samba-tool domain join foo.bar.xyz DC --username='domainadmin' --workgroup='foo' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server='192.168.0.2' --dns-backend=BIND9_DLZ --realm='foo.bar.xyz' --site='Default-First-Site-Name' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
Analyze and apply schema objects
Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for FOO from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
ctx.join_replicate()
File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
Command output: Adding CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Adding CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Adding CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Adding SPNs to CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Setting account password for ZENTYALDC$
Enabling account
Adding DNS account CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz with dns/ SPN
Setting account password for dns-ZENTYALDC
Calling bare provision
Provision OK for domain DN DC=foo,DC=bar,DC=xyz
Starting replication
Join failed - cleaning up
Deleted CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Deleted CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz
Deleted CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Deleted CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
.
Exit value: 255
2022/01/23 14:57:57 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: logs
2022/01/23 14:57:57 ERROR> GlobalImpl.pm:728 EBox::GlobalImpl::saveAllModules - The following modules failed while saving their changes, their state is unknown: samba at The following modules failed while saving their changes, their state is unknown: samba at /usr/share/perl5/EBox/GlobalImpl.pm line 728
EBox::GlobalImpl::saveAllModules('EBox::GlobalImpl=HASH(0x55c572af4bb0)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/perl5/EBox/Global.pm line 95
EBox::Global::AUTOLOAD('EBox::Global=HASH(0x55c575ff6f80)', 'progress', 'EBox::ProgressIndicator=HASH(0x55c5760cc1f0)') called at /usr/share/zentyal/global-action line 32
eval {...} at /usr/share/zentyal/global-action line 30
3
Directory and Authentication / Re: Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 24, 2022, 11:46:00 am »
Part 2
Quote
Command output: Adding CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Adding CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Adding CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Adding SPNs to CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Setting account password for ZENTYALDC$
Enabling account
Adding DNS account CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz with dns/ SPN
Setting account password for dns-ZENTYALDC
Calling bare provision
Provision OK for domain DN DC=foo,DC=bar,DC=xyz
Starting replication
Join failed - cleaning up
Deleted CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Deleted CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz
Deleted CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Deleted CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
.
Exit value: 255 at root command samba-tool domain join foo.bar.xyz DC --username='domainadmin' --workgroup='ac' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server='192.168.0.2' --dns-backend=BIND9_DLZ --realm='foo.bar.xyz' --site='Default-First-Site-Name' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
Analyze and apply schema objects
Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for FOO from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
ctx.join_replicate()
File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
Command output: Adding CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Adding CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Adding CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Adding SPNs to CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Setting account password for ZENTYALDC$
Enabling account
Adding DNS account CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz with dns/ SPN
Setting account password for dns-ZENTYALDC
Calling bare provision
Provision OK for domain DN DC=foo,DC=bar,DC=xyz
Starting replication
Join failed - cleaning up
Deleted CN=ZENTYALDC,OU=Domain Controllers,DC=foo,DC=bar,DC=xyz
Deleted CN=dns-ZENTYALDC,CN=Users,DC=foo,DC=bar,DC=xyz
Deleted CN=NTDS Settings,CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
Deleted CN=ZENTYALDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=foo,DC=bar,DC=xyz
4
Directory and Authentication / Errors joining Zentyal 7 as a secondary DC to Zentyal 5.1
« on: January 24, 2022, 11:45:22 am »
Hi all,
i am having problems joining a Zentyal 7 (Commercial Trial Edition) to our existing AD Controller Zentyal 5.1.3 (Community edition). The join is unsuccessful. I followed the official tutorial on Youtube.
The goal is to replace the old Zentyal 5 with the Version 7 Commercial. I tried upgrading the V5 to 6 before and it while the upgrade was still successful, our users were not able to log in to their machines any more.
I hope you can guide me to successfully join the domain or give me another advice how to migrate to the new commercial edition.
Here is the zentyal.log (split in three posts) of the unsuccessful join attempt - i masked our true domain values with foo.bar.xyz.
Thanks, Alex
i am having problems joining a Zentyal 7 (Commercial Trial Edition) to our existing AD Controller Zentyal 5.1.3 (Community edition). The join is unsuccessful. I followed the official tutorial on Youtube.
The goal is to replace the old Zentyal 5 with the Version 7 Commercial. I tried upgrading the V5 to 6 before and it while the upgrade was still successful, our users were not able to log in to their machines any more.
I hope you can guide me to successfully join the domain or give me another advice how to migrate to the new commercial edition.
Here is the zentyal.log (split in three posts) of the unsuccessful join attempt - i masked our true domain values with foo.bar.xyz.
Thanks, Alex
Quote
2022/01/23 14:57:40 INFO> GlobalImpl.pm:617 EBox::GlobalImpl::saveAllModules - Saving config and restarting services: firewall dns samba logs
2022/01/23 14:57:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: firewall
2022/01/23 14:57:40 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: dns
2022/01/23 14:57:40 INFO> DNS.pm:91 EBox::DNS::appArmorProfiles - Setting DNS apparmor profile
2022/01/23 14:57:43 INFO> Base.pm:231 EBox::Module::Base::save - Restarting service for module: samba
2022/01/23 14:57:45 INFO> Provision.pm:810 EBox::Samba::Provision::checkAddress - Resolving largo.foo.bar.xyz to an IP address
2022/01/23 14:57:45 INFO> Provision.pm:830 EBox::Samba::Provision::checkAddress - The DC largo.foo.bar.xyz has been resolved to 192.168.0.2
2022/01/23 14:57:45 INFO> Provision.pm:833 EBox::Samba::Provision::checkAddress - Checking reverse DNS resolution of '192.168.0.2'...
2022/01/23 14:57:45 INFO> Provision.pm:857 EBox::Samba::Provision::checkAddress - The IP address 192.168.0.2 does not have associated PTR record
2022/01/23 14:57:45 INFO> Provision.pm:756 EBox::Samba::Provision::checkServerReachable - Checking if AD server '192.168.0.2' is online...
2022/01/23 14:57:45 INFO> Provision.pm:866 EBox::Samba::Provision::checkFunctionalLevels - Checking forest and domain functional levels...
2022/01/23 14:57:45 INFO> Provision.pm:898 EBox::Samba::Provision::checkRfc2307 - Checking RFC2307 compliant schema...
2022/01/23 14:57:45 INFO> Provision.pm:775 EBox::Samba::Provision::checkLocalRealmAndDomain - Checking local domain and realm...
2022/01/23 14:57:45 INFO> Provision.pm:972 EBox::Samba::Provision::checkClockSkew - Checking clock skew with AD server...
2022/01/23 14:57:45 INFO> Provision.pm:993 EBox::Samba::Provision::checkClockSkew - Clock skew below two minutes, should be enough.
2022/01/23 14:57:45 INFO> Provision.pm:675 EBox::Samba::Provision::checkDnsZonesInMainPartition - Checking for old DNS zones stored in main domain partition...
2022/01/23 14:57:45 INFO> Provision.pm:722 EBox::Samba::Provision::checkForestDomains - Checking number of domains inside forest...
2022/01/23 14:57:45 INFO> Provision.pm:932 EBox::Samba::Provision::checkTrustDomainObjects - Checking for domain trust relationships...
2022/01/23 14:57:45 INFO> Provision.pm:1034 EBox::Samba::Provision::checkADServerSite - Checking the site where the specified server is located
2022/01/23 14:57:45 INFO> Provision.pm:1042 EBox::Samba::Provision::checkADServerSite - The specified server has been located at site named Default-First-Site-Name
2022/01/23 14:57:45 INFO> Provision.pm:1059 EBox::Samba::Provision::checkADNebiosName - Checking domain xyzbios name...
2022/01/23 14:57:46 INFO> Provision.pm:1286 EBox::Samba::Provision::provisionADC - Joining to domain 'foo.bar.xyz' as DC
2022/01/23 14:57:47 INFO> Provision.pm:1299 EBox::Samba::Provision::provisionADC - Trying to get a kerberos ticket for principal 'domainadmin@foo.bar.xyz'
2022/01/23 14:57:47 INFO> Provision.pm:1308 EBox::Samba::Provision::provisionADC - Executing domain join
2022/01/23 14:57:52 ERROR> Sudo.pm:240 EBox::Sudo::_rootError - root command samba-tool domain join foo.bar.xyz DC --username='domainadmin' --workgroup='ac' --password=`cat /var/lib/zentyal/tmp/0qjsOw` --server='192.168.0.2' --dns-backend=BIND9_DLZ --realm='foo.bar.xyz' --site='Default-First-Site-Name' failed.
Error output: GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is FOO
INFO 2022-01-23 14:57:47,766 pid:19999 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is foo.bar.xyz
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
INFO 2022-01-23 14:57:48,335 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
INFO 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
WARNING 2022-01-23 14:57:48,336 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
INFO 2022-01-23 14:57:48,514 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2290: Setting up share.ldb
INFO 2022-01-23 14:57:48,563 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
INFO 2022-01-23 14:57:48,590 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
ldb_wrap open of hklm.ldb
Key 'key=SOFTWARE,hive=NONE' not found
key added: key=SOFTWARE,hive=NONE
Key 'key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE' not found
key added: key=CurrentVersion,key=Windows NT,key=Microsoft,key=SOFTWARE,hive=NONE
Key 'key=SYSTEM,hive=NONE' not found
key added: key=SYSTEM,hive=NONE
Key 'key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=ProductOptions,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Print,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Terminal Server,key=Control,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=xyzlogon,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
Key 'key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE' not found
key added: key=Parameters,key=Alerter,key=Services,key=CurrentControlSet,key=SYSTEM,hive=NONE
INFO 2022-01-23 14:57:48,762 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
INFO 2022-01-23 14:57:48,828 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
INFO 2022-01-23 14:57:48,873 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2022-01-23 14:57:48,883 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2022-01-23 14:57:48,895 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb gave: No such Base DN: @INDEXLIST
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-01-23 14:57:48,934 pid:19999 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink!
Using binding ncacn_ip_tcp:192.168.0.2[,seal]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2010/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2412/2677] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[2677/2677] linked_values[0/0]
Analyze and apply schema objects
Replicated 2677 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[402/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[804/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1206/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
Partition[CN=Configuration,DC=foo,DC=bar,DC=xyz] objects[1608/1739] linked_values[0/1]
Replicated 402 objects (0 linked attributes) for CN=Configuration,DC=foo,DC=bar,DC=xyz
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password for AC from both secrets.ldb (Could not find entry to match filter: '(&(flatname=foo)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../../source4/dsdb/common/util.c:4771) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(runtime): uncaught exception - (8409, 'WERR_DS_DATABASE_ERROR')
File "/usr/lib/python3/dist-packages/samba/xyzcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/xyzcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
ctx.join_replicate()
File "/usr/lib/python3/dist-packages/samba/join.py", line 983, in join_replicate
repl.replicate(ctx.config_dn, source_dsa_invocation_id,
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 338, in replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
Pages: [1]