SAMBA4添加其他域控制器
我正在尝试将一个额外的域控制器添加到我的当前域NAS上设置的域。遵循各种文档(包括标准桑巴文档),我遇到以下问题:
调用以下命令:结果:
sudo samba-tool domain join home.intern DC --option="dsdb:schema update allowed = yes"
以下输出中的结果:
INFO 2022-07-02 15:57:30,583 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable DC for domain 'home.intern'
INFO 2022-07-02 15:57:30,603 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #109: Found DC nas.home.intern
INFO 2022-07-02 15:57:30,836 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is HOME
INFO 2022-07-02 15:57:30,836 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is home.intern
Adding CN=DC1,OU=Domain Controllers,DC=home,DC=intern
Adding CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
Adding CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
Adding SPNs to CN=DC1,OU=Domain Controllers,DC=home,DC=intern
Setting account password for DC1$
Enabling account
Calling bare provision
INFO 2022-07-02 15:57:47,388 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
INFO 2022-07-02 15:57:47,391 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
WARNING 2022-07-02 15:57:47,393 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
INFO 2022-07-02 15:57:48,950 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
INFO 2022-07-02 15:57:48,979 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
INFO 2022-07-02 15:57:49,007 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
INFO 2022-07-02 15:57:49,063 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
INFO 2022-07-02 15:57:49,100 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
INFO 2022-07-02 15:57:49,115 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2022-07-02 15:57:49,118 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2022-07-02 15:57:49,126 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-07-02 15:57:49,291 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-07-02 15:57:49,292 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink
Provision OK for domain DN DC=home,DC=intern
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[402/1573] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[804/1573] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[1206/1573] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[1573/1573] linked_values[0/0]
Analyze and apply schema objects
schema_data_modify: we are not master: reject modify request
Failed to commit objects: WERR_GEN_FAILURE
Join failed - cleaning up
Deleted CN=DC1,OU=Domain Controllers,DC=home,DC=intern
Deleted CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
Deleted CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
ERROR(runtime): uncaught exception - (31, "Failed to process 'chunk' of DRS replicated objects: WERR_GEN_FAILURE")
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
ctx.join_replicate()
File "/usr/lib/python3/dist-packages/samba/join.py", line 980, in join_replicate
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 356, in replicate
raise e
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 343, in replicate
self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 236, in process_chunk
self.net.replicate_chunk(self.replication_state, level, ctr,
任何人都知道为什么会发生此错误以及它的含义?
谢谢!
I am trying to add an additional domain controller to my current domain set up on a Synology NAS. Following various documentations (including standard samba doc) I am stuck with the following problem:
calling following command:
sudo samba-tool domain join home.intern DC --option="dsdb:schema update allowed = yes"
Results in the following output:
INFO 2022-07-02 15:57:30,583 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #107: Finding a writeable DC for domain 'home.intern'
INFO 2022-07-02 15:57:30,603 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #109: Found DC nas.home.intern
INFO 2022-07-02 15:57:30,836 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #1543: workgroup is HOME
INFO 2022-07-02 15:57:30,836 pid:17493 /usr/lib/python3/dist-packages/samba/join.py #1546: realm is home.intern
Adding CN=DC1,OU=Domain Controllers,DC=home,DC=intern
Adding CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
Adding CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
Adding SPNs to CN=DC1,OU=Domain Controllers,DC=home,DC=intern
Setting account password for DC1$
Enabling account
Calling bare provision
INFO 2022-07-02 15:57:47,388 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2122: Looking up IPv4 addresses
INFO 2022-07-02 15:57:47,391 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2139: Looking up IPv6 addresses
WARNING 2022-07-02 15:57:47,393 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2146: No IPv6 address will be assigned
INFO 2022-07-02 15:57:48,950 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2294: Setting up secrets.ldb
INFO 2022-07-02 15:57:48,979 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2299: Setting up the registry
INFO 2022-07-02 15:57:49,007 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2302: Setting up the privileges database
INFO 2022-07-02 15:57:49,063 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2305: Setting up idmap db
INFO 2022-07-02 15:57:49,100 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2312: Setting up SAM db
INFO 2022-07-02 15:57:49,115 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #897: Setting up sam.ldb partitions and settings
INFO 2022-07-02 15:57:49,118 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #909: Setting up sam.ldb rootDSE
INFO 2022-07-02 15:57:49,126 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #1322: Pre-loading the Samba 4 and AD schema
Unable to determine the DomainSID, can not enforce uniqueness constraint on local domainSIDs
INFO 2022-07-02 15:57:49,291 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2364: A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf
INFO 2022-07-02 15:57:49,292 pid:17493 /usr/lib/python3/dist-packages/samba/provision/__init__.py #2366: Merge the contents of this file with your system krb5.conf or replace it with this one. Do not create a symlink
Provision OK for domain DN DC=home,DC=intern
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[402/1573] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[804/1573] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[1206/1573] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=home,DC=intern] objects[1573/1573] linked_values[0/0]
Analyze and apply schema objects
schema_data_modify: we are not master: reject modify request
Failed to commit objects: WERR_GEN_FAILURE
Join failed - cleaning up
Deleted CN=DC1,OU=Domain Controllers,DC=home,DC=intern
Deleted CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
Deleted CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=home,DC=intern
ERROR(runtime): uncaught exception - (31, "Failed to process 'chunk' of DRS replicated objects: WERR_GEN_FAILURE")
File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 661, in run
join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
File "/usr/lib/python3/dist-packages/samba/join.py", line 1559, in join_DC
ctx.do_join()
File "/usr/lib/python3/dist-packages/samba/join.py", line 1449, in do_join
ctx.join_replicate()
File "/usr/lib/python3/dist-packages/samba/join.py", line 980, in join_replicate
repl.replicate(ctx.schema_dn, source_dsa_invocation_id,
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 356, in replicate
raise e
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 343, in replicate
self.process_chunk(level, ctr, schema, req_level, req, first_chunk)
File "/usr/lib/python3/dist-packages/samba/drs_utils.py", line 236, in process_chunk
self.net.replicate_chunk(self.replication_state, level, ctr,
Anybody knows why this error happens and what it means?
Thanks!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
问题是主要域控制器上的一些墓碑。供应过程试图删除那些不可能的,因为它不是架构主。在照顾了主DC上的“无效”条目后,配置正常。
如果其他人面临供应过程的问题,那么添加“ -d 3”参数始终是一个好主意,这会提高调试级别并提供更多(重要的)输出。
再见
the problem were some tombstones on the main domain controller. The provisioning process tried to delete those which is not possible because of the fact that it is not the schema master. After taking care of the "invalid" entries on the main dc the provisioning ran fine.
If somebody else faces issues with the provisioning process it is always a good idea to add "-d 3" parameter, which raises the debug level and gives much more (important) output.
Bye