the output below kind off says it all. I connect to the dc master and replication starts then it fails at this point every time. I did have a working samba4 dc a couple of months ago but a drive failure wiped it out. The only differance I can remember is i did a exchange server trial so my schema on the dc has changed alot. I am going to do a virt machine with a clean 2008r2 install and see if that fixes it (which should tell me if exchange broke it?). I will post any changes. one more point-I went through the schema with asdi edit and ldp and the CN=Sam-Doamin object does show top as a subclassOF and objectClass top,classSchema so maybe samba just cant' handle it? the master dc is 2008r2 sp1 the linux box is debian 6.0.3 with samba4 Version 4.0.0alpha18-GIT-d4e834e (command used:) ./samba-tool domain join mxdog.net DC -U administrator --realm=mxdog (OUTPUT-partial) Schema-DN[CN=Schema,CN=Configuration,DC=mxdog,DC=net] objects[4192] linked_values[0] Analyze and apply schema objects ERROR: no subClassOf 'top' for 'samDomain' Failed to create schema-cache indexes! Join failed - cleaning up checking samaccountname Deleted CN=MXDEBIAN,OU=Domain Controllers,DC=mxdog,DC=net Deleted CN=NTDS Settings,CN=MXDEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mxdog,DC=net
Exactly the same issue on Arch Linux with Samba4 Version 4.0.0alpha18.
Same happens with samba-4.0.0-rc4 Analyze and apply schema objects ERROR: no subClassOf 'top' for 'samDomain' Failed to create schema-cache indexes! Join failed - cleaning up checking sAMAccountName Deleted CN=SHARE01,OU=Domain Controllers,DC=(and so on) Deleted CN=NTDS Settings,CN=SHARE01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=(and so on) Deleted CN=SHARE01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=(and so on) ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_INTERNAL_ERROR File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 555, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1009, in do_join ctx.join_replicate() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 731, in join_replicate replica_flags=ctx.replica_flags) File "/usr/lib64/python2.7/site-packages/samba/drs_utils.py", line 252, in replicate schema=schema, req_level=req_level, req=req)
Same here with Samba 4.0.0 Source DC is Windows 2012 Server # net join domain <...> dc -UAdministrator --realm=<...> [...] Analyze and apply schema objects ERROR: no subClassOf 'top' for 'samDomain' Failed to create schema-cache indexes! Join failed - cleaning up checking sAMAccountName
you can try this patch: http://git.samba.org/mat/?p=mat/samba.git;a=commit;h=aed43d78055cda3e3ba5f68c57cc365e788ea30a I think it will do the job, but be careful it's not 100% tested.
Patch applies cleanly, however: (DC1 is the domain controller, running Windows Server 2012). # cd samba-4.0.0 # patch -p1 < ../patch-libnet-vampire.c Hmm... Looks like a unified diff to me... [...] Patching file source4/libnet/libnet_vampire.c using Plan A... Hunk #1 succeeded at 216. Hunk #2 succeeded at 364. Hunk #3 succeeded at 423. Hunk #4 succeeded at 430. Hunk #5 succeeded at 444. Hmm... Ignoring the trailing garbage. done (configure, make, make install) # kinit Administrator [...] # samba-tool domain join DNSDOMAIN DC -k yes --use-ntvfs Finding a writeable DC for domain 'DNSDOMAIN' Found DC DC1.DNSDOMAIN workgroup is DOMAIN realm is DNSDOMAIN checking sAMAccountName Adding CN=<host>,OU=Domain Controllers,... Adding CN=<host>,CN=Servers,CN=<site>,CN=Sites,CN=Configuration,... Adding CN=NTDS Settings,CN=<host>,CN=Servers,CN=<site>,CN=Sites,CN=Configuration,... Adding SPNs to CN=<host>,OU=Domain Controllers,... Setting account password for <host>$ Enabling account Calling bare provision More than one IPv4 address found. Using <...> More than one IPv6 address found. Using <...> Provision OK for domain DN ... Starting replication Schema-DN[CN=Schema,CN=Configuration,... Schema-DN[CN=Schema,CN=Configuration,... Schema-DN[CN=Schema,CN=Configuration,... Schema-DN[CN=Schema,CN=Configuration,... Schema-DN[CN=Schema,CN=Configuration,... Analyze and apply schema objects ERROR: no subClassOf 'top' for 'samDomain' Failed to create schema-cache indexes! Join failed - cleaning up checking sAMAccountName Deleted CN=<host>,OU=Domain Controllers,... Deleted CN=NTDS Settings,CN=<host>,CN=Servers,CN=<site>,CN=Sites,CN=Configuration,... Deleted CN=<host>,CN=Servers,CN=<site>,CN=Sites,CN=Configuration,... ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_INTERNAL_ERROR File "/opt/samba-4.0.0/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/opt/samba-4.0.0/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/opt/samba-4.0.0/lib/python2.7/site-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/opt/samba-4.0.0/lib/python2.7/site-packages/samba/join.py", line 1009, in do_join ctx.join_replicate() File "/opt/samba-4.0.0/lib/python2.7/site-packages/samba/join.py", line 731, in join_replicate replica_flags=ctx.replica_flags) File "/opt/samba-4.0.0/lib/python2.7/site-packages/samba/drs_utils.py", line 252, in replicate schema=schema, req_level=req_level, req=req)
Same issue with Samba 4.0.1 running on Debian 7.0 Is this an issue with the schema or a bug with the Samba scripts?
What is (In reply to comment #7) > Same issue with Samba 4.0.1 running on Debian 7.0 > > Is this an issue with the schema or a bug with the Samba scripts? What is your higest version of the Windows DC ? do you have additional schemas ?
Patch referenced in other user's comments does not work for me either.
can I have an output with the patch and loglevel = 4 ? (specify -d 4 on the command line).
The issue reproduces very easily using 'make test TESTS="drs fsmo schema"' on my fix-drs-testing-2 branch. https://git.samba.org/abartlet/samba.git/?p=abartlet/samba.git/.git;a=shortlog;h=refs/heads/fix-drs-testing-2 (I'm sure you probably only need the schema tests, but that's the command I've been running).
Created attachment 8469 [details] Proposed patch to fix the problem I tested this new version of the patch against a windows 2012 schema and it works. Previous version was messing the linked list of attributes so that not all new attributes were added, it was also lacking the new classes that might be needed too.
Can people with problems test this patch it was fixing the issues with a windows 2012 schema, and I suspect it will also fix replication of a windows 200x + exchange schema.
(In reply to comment #13) > Can people with problems test this patch it was fixing the issues with a > windows 2012 schema, and I suspect it will also fix replication of a windows > 200x + exchange schema. I have tested the patch and it WORKED on a domain where joining previously failed with the "ERROR: no subClassOf 'top' for 'samDomain'". The domain in question had in the past had a Windows 2012 DC in it has never been upgraded beyond a 2003 functional level.
(In reply to comment #14) > (In reply to comment #13) > > Can people with problems test this patch it was fixing the issues with a > > windows 2012 schema, and I suspect it will also fix replication of a windows > > 200x + exchange schema. > > I have tested the patch and it WORKED on a domain where joining previously > failed with the "ERROR: no subClassOf 'top' for 'samDomain'". Good > > The domain in question had in the past had a Windows 2012 DC in it has never > been upgraded beyond a 2003 functional level. The forest level isn't very important (also we don't support FL2012 yet) the key is that when promoting a windows 2012 to DC it will update the AD to add new schema entries and objects (a la adprep /forestprep). So even not present anymore schema is changed and so far our code didn't handle the cases where critical classes were having attributes that were unknown in the bootstrap schema. The patch that you tested change this situation by adding new attributes and classes to the bootstrap schema so that they can used to translate critical classes.
With the patch works for me as well. DC is Win2012; originally Win2008 R2
(In reply to comment #16) > With the patch works for me as well. DC is Win2012; originally Win2008 R2 Hello, I tried the proposed path and the error "ERROR: no subClassOf 'top' for 'samDomain'" was gone. I Initiated a clean Win2k12 setup (CDIGITAL.INTRANET Domain), that is operating at Win2k8 Forest Level and I Created a Child Domain caled RF01, that is operating at Win2k12 Domain Level. When i Try to promote the samba 4 as a DC of the CDIGITAL.INTRANET domain, the following error occurs: Refusing to replicate DC=RF01,DC=CDIGITAL,DC=INTRANET from a read-only repilca into a read-write replica! Failed to convert object DC=RF01,DC=CDIGITAL,DC=INTRANET: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Join failed - cleaning up checking sAMAccountName Deleted CN=RFOC-AD01,OU=Domain Controllers,DC=CDIGITAL,DC=INTRANET Deleted CN=NTDS Settings,CN=RFOC-AD01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CDIGITAL,DC=INTRANET Deleted CN=RFOC-AD01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=CDIGITAL,DC=INTRANET ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT code 0xc0002111 Samba Version: 4.0.2 OS: Debian Wheezy Method: Compilation Thank you in advance. Your job is amazing! Gabriel Abdalla PS: Is there any documentation about to insert the samba4 DC as a new subdomain?
It looks like the Patch works so I'm marking this as resolved. Thanks much for the patch Mattieu. I hope this makes it upstream if it hasnt already.
This should be marked resolved when it's in a release
Why isn't it included in samba 4.0.4 (released March 19, 2013) if we know it is working?
I have this problem on latest git itvpn@pdc:~/samba-master$ /usr/local/samba/sbin/samba --version Version 4.1.0pre1-GIT-26b6e28 Analyze and apply schema objects ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x000908BA Warning: Failed to convert schema object CN=Computer,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090852 Warning: Failed to convert schema object CN=Dns-Zone,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090877 Warning: Failed to convert schema object CN=Group,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090886 Warning: Failed to convert schema object CN=Organizational-Person,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x000908A5 Warning: Failed to convert schema object CN=RID-Manager,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090838 Warning: Failed to convert schema object CN=Top,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x0009088F Warning: Failed to convert schema object CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090877 Warning: Failed to convert schema object CN=User,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090831 Warning: Failed to convert schema object CN=ms-DS-Claim-Type-Property-Base,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID 0x000A010D Warning: Failed to convert schema object CN=ms-DS-Claim-Type,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1021: Unknown governsID 0x000A010D Warning: Failed to convert schema object CN=ms-DS-Resource-Property,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090837 Warning: Failed to convert schema object CN=ms-DS-Resource-Property-List,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090823 Warning: Failed to convert schema object CN=ms-SPP-Activation-Object,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x0009083B Warning: Failed to convert schema object CN=ms-TPM-Information-Object,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090850 Warning: Failed to convert schema object CN=ms-DNS-Server-Settings,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090866 Warning: Failed to convert schema object CN=ms-Authz-Central-Access-Rule,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x0009086A Warning: Failed to convert schema object CN=ms-Authz-Central-Access-Policy,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090879 Warning: Failed to convert schema object CN=ms-Kds-Prov-ServerConfiguration,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x0009087A Warning: Failed to convert schema object CN=ms-Kds-Prov-RootKey,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090894 Warning: Failed to convert schema object CN=ms-DS-Group-Managed-Service-Account,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x00090832 Warning: Failed to convert schema object CN=ms-DS-Value-Type,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg ../source4/dsdb/schema/schema_syntax.c:1076: Unknown attributeID_id 0x0009088D Warning: Failed to convert schema object CN=ms-DS-Claims-Transformation-Policy-Type,CN=Schema,CN=Configuration,DC=ITVPN,DC=local into ldb msg Schema load pass 1: 22/1666 of 1688 objects left to be converted. ERROR: no subClassOf 'top' for 'samDomain' Failed to create schema-cache indexes! Join failed - cleaning up DC win2012 standart, ad level 2008Domain
Did not completely fix it for us. However, the error "ERROR: no subClassOf 'top' for 'samDomain'" is gone. We now have these errors instead, Failed to apply records: Failed to find GUID for (null): Invalid DN syntax Failed to commit objects: WERR_GENERAL_FAILURE Does this patch applies to version 4.0.6?
Created attachment 8965 [details] Patches for v4-0-test
(In reply to comment #22) > Did not completely fix it for us. However, the error "ERROR: no subClassOf > 'top' for 'samDomain'" is gone. We now have these errors instead, > > Failed to apply records: Failed to find GUID for (null): Invalid DN syntax > Failed to commit objects: WERR_GENERAL_FAILURE > > Does this patch applies to version 4.0.6? Can you test the attached patch for v4-0-test?
(In reply to comment #22) > Did not completely fix it for us. However, the error "ERROR: no subClassOf > 'top' for 'samDomain'" is gone. We now have these errors instead, > > Does this patch applies to version 4.0.6? I've applied the specified patch to samba 4.0.6 and it seems that subClassOf error has gone. Samba successfully joined a domain. I tested with Windows Server 2003. I also have to add, that I used "git apply patch_name" because usual patch -p1 failed. So my actions was: a) apply patch b) build and install c) rm /etc/samba/smb.conf d) run samba-tool domain join my.domain DC -Uadministrator --realm=my.domain
(In reply to comment #24) > (In reply to comment #22) > > Did not completely fix it for us. However, the error "ERROR: no subClassOf > > 'top' for 'samDomain'" is gone. We now have these errors instead, > > > > Failed to apply records: Failed to find GUID for (null): Invalid DN syntax > > Failed to commit objects: WERR_GENERAL_FAILURE > > > > Does this patch applies to version 4.0.6? > > Can you test the attached patch for v4-0-test? Yes, tried v4-0-test, but the same problem
(In reply to comment #25) > (In reply to comment #22) > > Did not completely fix it for us. However, the error "ERROR: no subClassOf > > 'top' for 'samDomain'" is gone. We now have these errors instead, > > > > Does this patch applies to version 4.0.6? > > I've applied the specified patch to samba 4.0.6 and it seems that subClassOf > error has gone. Samba successfully joined a domain. I tested with Windows > Server 2003. I also have to add, that I used "git apply patch_name" because > usual patch -p1 failed. So my actions was: > > a) apply patch > b) build and install > c) rm /etc/samba/smb.conf > d) run samba-tool domain join my.domain DC -Uadministrator --realm=my.domain Tired using "git apply ..." to patch, but got these errors. Did you have these errors? error: patch failed: source4/dsdb/repl/replicated_objects.c:150 error: source4/dsdb/repl/replicated_objects.c: patch does not apply error: patch failed: source4/dsdb/repl/replicated_objects.c:209 error: source4/dsdb/repl/replicated_objects.c: patch does not apply error: patch failed: source4/dsdb/schema/schema_inferiors.c:201 error: source4/dsdb/schema/schema_inferiors.c: patch does not apply error: patch failed: source4/libnet/libnet_vampire.c:527 error: source4/libnet/libnet_vampire.c: patch does not apply error: patch failed: source4/libnet/libnet_vampire.c:288 error: source4/libnet/libnet_vampire.c: patch does not apply error: patch failed: source4/libnet/libnet_vampire.c:643 error: source4/libnet/libnet_vampire.c: patch does not apply error: patch failed: source4/dsdb/schema/schema_inferiors.c:201 error: source4/dsdb/schema/schema_inferiors.c: patch does not apply error: patch failed: source4/dsdb/schema/schema.h:221 error: source4/dsdb/schema/schema.h: patch does not apply error: patch failed: source4/dsdb/schema/schema_init.c:699 error: source4/dsdb/schema/schema_init.c: patch does not apply error: patch failed: source4/dsdb/schema/schema_set.c:329 error: source4/dsdb/schema/schema_set.c: patch does not apply error: patch failed: source4/libnet/libnet_vampire.c:321 error: source4/libnet/libnet_vampire.c: patch does not apply error: patch failed: source4/dsdb/repl/replicated_objects.c:133 error: source4/dsdb/repl/replicated_objects.c: patch does not apply error: patch failed: source4/dsdb/repl/replicated_objects.c:31 error: source4/dsdb/repl/replicated_objects.c: patch does not apply error: patch failed: source4/dsdb/repl/replicated_objects.c:31 error: source4/dsdb/repl/replicated_objects.c: patch does not apply error: patch failed: source4/libnet/libnet_vampire.c:216 error: source4/libnet/libnet_vampire.c: patch does not apply error: patch failed: source4/dsdb/repl/replicated_objects.c:58 error: source4/dsdb/repl/replicated_objects.c: patch does not apply error: patch failed: source4/dsdb/schema/schema_set.c:338 error: source4/dsdb/schema/schema_set.c: patch does not apply
nick, can you receck with a fresh checkout ? If need seek for support on the mailing / irc on how to apply this patch to 4.0.6 it should apply cleanly.
(In reply to comment #29) > nick, can you receck with a fresh checkout ? If need seek for support on the > mailing / irc on how to apply this patch to 4.0.6 it should apply cleanly. Mathieu, I have tried on a new install, not getting the patching error, but still getting this error Failed to apply records: Failed to find GUID for (null): Invalid DN syntax Failed to commit objects: WERR_GENERAL_FAILURE I'm relatively new to linux, not sure if what I did to patch and install samba is the right way... here are the steps I follow cd /tmp wget http://www.samba.org/samba/ftp/stable/samba-4.0.6.tar.gz tar zxvf samba-4.0.6.tar.gz cd /tmp/samba-4.0.6 git apply patch-file ./configure make make install rm /usr/local/samba/etc/smb.conf cd /usr/local/samba/bin sudo ./samba-tool domain join domain.local RODC -U administrator@domain.local (also tried with DC instead of RODC)
(In reply to comment #30) > (In reply to comment #29) > > nick, can you receck with a fresh checkout ? If need seek for support on the > > mailing / irc on how to apply this patch to 4.0.6 it should apply cleanly. > > Mathieu, I have tried on a new install, not getting the patching error, but > still getting this error > > Failed to apply records: Failed to find GUID for (null): Invalid DN syntax > Failed to commit objects: WERR_GENERAL_FAILURE > Can you share some detail on that ? it didn't looks like the usual symptoms for the schema replication. Can you paste the log of the replication ?
(In reply to comment #31) > (In reply to comment #30) > > (In reply to comment #29) > > > nick, can you receck with a fresh checkout ? If need seek for support on the > > > mailing / irc on how to apply this patch to 4.0.6 it should apply cleanly. > > > > Mathieu, I have tried on a new install, not getting the patching error, but > > still getting this error > > > > Failed to apply records: Failed to find GUID for (null): Invalid DN syntax > > Failed to commit objects: WERR_GENERAL_FAILURE > > > Can you share some detail on that ? it didn't looks like the usual symptoms for > the schema replication. > > Can you paste the log of the replication ? Here is the screen output. Let me know if need other logs. [root@rodc01 bin]# sudo ./samba-tool domain join pronet.com.au RODC -U administrator@pronet.com.au Finding a writeable DC for domain 'pronet.com.au' Found DC DC01.pronet.com.au Password for [administrator@pronet.com.au]: workgroup is PNET realm is pronet.com.au checking sAMAccountName Adding CN=RODC01,OU=Domain Controllers,DC=pronet,DC=com,DC=au Adding CN=krbtgt_RODC01,CN=Users,DC=pronet,DC=com,DC=au Got krbtgt_name=krbtgt_60350 Renaming CN=krbtgt_RODC01,CN=Users,DC=pronet,DC=com,DC=au to CN=krbtgt_60350,CN=Users,DC=pronet,DC=com,DC=au Adding CN=RODC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pronet,DC=com,DC=au Adding CN=NTDS Settings,CN=RODC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pronet,DC=com,DC=au Adding CN=RODC Connection (FRS),CN=NTDS Settings,CN=RODC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pronet,DC=com,DC=au Adding SPNs to CN=RODC01,OU=Domain Controllers,DC=pronet,DC=com,DC=au Setting account password for RODC01$ Enabling account Calling bare provision No IPv6 address will be assigned Provision OK for domain DN DC=pronet,DC=com,DC=au Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[402] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[804] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[1206] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[1608] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[2010] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[2412] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[2814] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[3216] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[3618] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[4020] linked_values[0] Schema-DN[CN=Schema,CN=Configuration,DC=pronet,DC=com,DC=au] objects[4081] linked_values[0] Analyze and apply schema objects Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[402] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[804] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[1206] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[1608] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[2010] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[2412] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[2769] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[3170] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[3572] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[3974] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[4239] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[4398] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[4551] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[4709] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[4875] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[5071] linked_values[0] Partition[CN=Configuration,DC=pronet,DC=com,DC=au] objects[5255] linked_values[1] Failed to apply records: Failed to find GUID for (null): Invalid DN syntax Failed to commit objects: WERR_GENERAL_FAILURE Join failed - cleaning up checking sAMAccountName Deleted CN=RODC01,OU=Domain Controllers,DC=pronet,DC=com,DC=au Deleted CN=RODC Connection (FRS),CN=NTDS Settings,CN=RODC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pronet,DC=com,DC=au Deleted CN=NTDS Settings,CN=RODC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pronet,DC=com,DC=au Deleted CN=RODC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pronet,DC=com,DC=au ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",line 558, in run dns_backend=dns_backend) File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1071, in join_RODC ctx.do_join() File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 1009, in do_join ctx.join_replicate() File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py", line 734, in join_replicate replica_flags=ctx.replica_flags) File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", line 252, in replicate schema=schema, req_level=req_level, req=req)
I'm working on it, it's definetly not a schema issue but some weird stuff with object having linked attribute pointing to themselves
Just tested the new patch with Samba 4.0.8 (HEAD failed to compile on FreeBSD for reasons I have not yet tried to dig in) Master Domain Controller: Windows Server 2012; Domain initially created with: Windows Server 2008 R2. Patch applies cleanly and compiles. The error is different this time: # samba-tool domain join example.org DC --use-ntvfs --kerberos yes --debug 3 [...] Partition[DC=kinf,DC=wiai,DC=uni-bamberg,DC=de] objects[730] linked_values[210] Refusing to replicate DC=DomainDnsZones,DC=example,DC=org from a read-only repilca into a read-write replica! Failed to convert object DC=DomainDnsZones,DC=example,DC=org: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Failed to convert objects: WERR_DS_DRA_SOURCE_IS_PARTIAL_REPLICA Join failed - cleaning up checking sAMAccountName Deleted CN=IODAME,OU=Domain Controllers,DC=example,DC=org Deleted CN=NTDS Settings,CN=IODAME,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=example,DC=org Deleted CN=IODAME,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=example,DC=org ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT code 0xc0002111 File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/local/lib/python2.7/site-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/usr/local/lib/python2.7/site-packages/samba/join.py", line 1009, in do_join ctx.join_replicate() File "/usr/local/lib/python2.7/site-packages/samba/join.py", line 748, in join_replicate replica_flags=ctx.domain_replica_flags) File "/usr/local/lib/python2.7/site-packages/samba/drs_utils.py", line 252, in replicate schema=schema, req_level=req_level, req=req) However, I might guess that this error is now because the domain controller is not hosting DNS by itself, but is using two external, UNIX (isc bind) DNS servers with the appropriate DNS entries for the AD domain installed manually. So, this seems to either be an inconsistency in the local installation or a different bug.
Samba 4.0.8 on FreeBSD both with and without patch result in the following while joining to 2003-level domain w/Exchange: a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Administrat ive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN =Microsoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=local msExchOWATranscodingMimeTypes: S:130: a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=owa (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mic rosoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=local msExchOWATranscodingMimeTypes: S:142: a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=owa ( Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Adm inistrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organiz ation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=local msExchOWATranscodingMimeTypes: S:146: a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=o wa (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Org anization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=loca l msExchOWATranscodingFlags: 1 msExchVersion: 4535486012416 ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:164: Failed to find GUID for dn (null) replmd_op_callback failure. Error is: Invalid DN syntax Failed to apply records: Failed to find GUID for (null): Invalid DN syntax Failed to commit objects: WERR_GENERAL_FAILURE Join failed - cleaning up checking sAMAccountName Deleted CN=MARISSTOR,OU=Domain Controllers,DC=maris,DC=local Deleted CN=NTDS Settings,CN=MARISSTOR,CN=Servers,CN=Danholmen25,CN=Sites,CN=Configuration,DC=maris,DC=local Deleted CN=MARISSTOR,CN=Servers,CN=Danholmen25,CN=Sites,CN=Configuration,DC=maris,DC=local ERROR(<type 'exceptions.TypeError'>): uncaught exception - Failed to process chunk: NT_STATUS_UNSUCCESSFUL File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/lib/python2.7/site-packages/samba/netcmd/domain.py", line 552, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/local/lib/python2.7/site-packages/samba/join.py", line 1104, in join_DC ctx.do_join() File "/usr/local/lib/python2.7/site-packages/samba/join.py", line 1009, in do_join ctx.join_replicate() File "/usr/local/lib/python2.7/site-packages/samba/join.py", line 734, in join_replicate replica_flags=ctx.replica_flags) File "/usr/local/lib/python2.7/site-packages/samba/drs_utils.py", line 252, in replicate schema=schema, req_level=req_level, req=req)
(In reply to comment #34) > Just tested the new patch with Samba 4.0.8 (HEAD failed to compile on FreeBSD > for reasons I have not yet tried to dig in) > > Master Domain Controller: Windows Server 2012; Domain initially created with: > Windows Server 2008 R2. > > Patch applies cleanly and compiles. > > The error is different this time: > # samba-tool domain join example.org DC --use-ntvfs --kerberos yes --debug 3 > > [...] > Partition[DC=kinf,DC=wiai,DC=uni-bamberg,DC=de] objects[730] linked_values[210] > Refusing to replicate DC=DomainDnsZones,DC=example,DC=org from a read-only ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Did you really read the title of this bug It's obviously not related, please file another bug.
(In reply to comment #35) > Samba 4.0.8 on FreeBSD both with and without patch result in the following > while joining to 2003-level domain w/Exchange: > > a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=owa (Default > Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Administrat > ive Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN > =Microsoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=local > msExchOWATranscodingMimeTypes: S:130: > > a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=owa (Default Web > Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Administrative > Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organization,CN=Mic > rosoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=local > msExchOWATranscodingMimeTypes: S:142: > > a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=owa ( > Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange Adm > inistrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Organiz > ation,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=local > msExchOWATranscodingMimeTypes: S:146: > > a:<GUID=386a46e9-ea3e-44a5-809f-ae43f8ecb48c>;CN=o > wa (Default Web Site),CN=HTTP,CN=Protocols,CN=EXCHANGE,CN=Servers,CN=Exchange > Administrative Group (FYDIBOHF23SPDLT),CN=Administrative Groups,CN=First Org > anization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=maris,DC=loca > l > msExchOWATranscodingFlags: 1 > msExchVersion: 4535486012416 > > > ../source4/dsdb/samdb/ldb_modules/linked_attributes.c:164: Failed to find GUID > for dn (null) > replmd_op_callback failure. Error is: Invalid DN syntax ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Where is the link with the schema here ? None because your problem is not related to the schema your problem is in the bug report https://bugzilla.samba.org/show_bug.cgi?id=9998 Please stop polluting this bug report. Andrew can you review the patches so that we push them to next 4.0.x and we close this bug.
(In reply to comment #36) > (In reply to comment #34) > > Just tested the new patch with Samba 4.0.8 (HEAD failed to compile on FreeBSD > > for reasons I have not yet tried to dig in) > > > > Master Domain Controller: Windows Server 2012; Domain initially created with: > > Windows Server 2008 R2. > > > > Patch applies cleanly and compiles. > > > > The error is different this time: > > # samba-tool domain join example.org DC --use-ntvfs --kerberos yes --debug 3 > > > > [...] > > Partition[DC=kinf,DC=wiai,DC=uni-bamberg,DC=de] objects[730] linked_values[210] > > Refusing to replicate DC=DomainDnsZones,DC=example,DC=org from a read-only > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > Did you really read the title of this bug > It's obviously not related, please file another bug. Have you perhaps skipped over the end of my post: > So, this seems to either be an inconsistency in the local > installation or a different bug. Once I've verified, I can file another bug report (or not). My comment was just supposed to be feedback on the patch.
This patches are already in master and v4-1-test... Andrew, can we get this to v4-0-test also?
4.0 is in security only mode...