Thanks for providing ac dc support with MIT. Finally I can migrate my ad boxes from debian to fedora again :) While trying on the first box I get the following error. There are no old tdb/ldb files in private and prior to executing the join there is not DC2$ user etc. However after bailing out there is the generated DC2$ user. Everything can be cleaned up with --remove-other-dead from another dc... It seems like the join does create the user and tries to do it again before failing. samba-4.7.0-0.9.rc3.fc27.armv7hl [root@dc2 /]# samba-tool domain join BIERFERT.LAN DC -U"BIERFERT.LAN\administrator" --dns-backend=BIND9_DLZ Finding a writeable DC for domain 'BIERFERT.LAN' Found DC raspi1.bierfert.lan Password for [BIERFERT.LAN\administrator]: workgroup is BIERFERT realm is bierfert.lan Adding CN=DC2,OU=Domain Controllers,DC=bierfert,DC=lan Adding CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bierfert,DC=lan Adding CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bierfert,DC=lan Adding SPNs to CN=DC2,OU=Domain Controllers,DC=bierfert,DC=lan Setting account password for DC2$ Enabling account Adding DNS account CN=dns-DC2,CN=Users,DC=bierfert,DC=lan with dns/ SPN Setting account password for dns-DC2 Calling bare provision Looking up IPv4 addresses Looking up IPv6 addresses No IPv6 address will be assigned Setting up share.ldb Setting up secrets.ldb Setting up the registry Setting up the privileges database Setting up idmap db Setting up SAM db Setting up sam.ldb partitions and settings Setting up sam.ldb rootDSE Pre-loading the Samba 4 and AD schema The Kerberos KDC configuration for Samba AD is located at /var/lib/samba/private/kdc.conf A Kerberos configuration suitable for Samba AD has been generated at /var/lib/samba/private/krb5.conf Provision OK for domain DN DC=bierfert,DC=lan Starting replication Schema-DN[CN=Schema,CN=Configuration,DC=bierfert,DC=lan] objects[402/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=bierfert,DC=lan] objects[804/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=bierfert,DC=lan] objects[1206/1550] linked_values[0/0] Schema-DN[CN=Schema,CN=Configuration,DC=bierfert,DC=lan] objects[1550/1550] linked_values[0/0] Analyze and apply schema objects Partition[CN=Configuration,DC=bierfert,DC=lan] objects[402/1637] linked_values[0/0] Partition[CN=Configuration,DC=bierfert,DC=lan] objects[804/1637] linked_values[0/0] Partition[CN=Configuration,DC=bierfert,DC=lan] objects[1206/1637] linked_values[0/0] Partition[CN=Configuration,DC=bierfert,DC=lan] objects[1608/1637] linked_values[0/2] Partition[CN=Configuration,DC=bierfert,DC=lan] objects[1637/1637] linked_values[39/39] Replicating critical objects from the base DN of the domain Partition[DC=bierfert,DC=lan] objects[98/98] linked_values[32/32] Partition[DC=bierfert,DC=lan] objects[411/313] linked_values[46/46] Done with always replicated NC (base, config, schema) Replicating DC=DomainDnsZones,DC=bierfert,DC=lan Partition[DC=DomainDnsZones,DC=bierfert,DC=lan] objects[106/106] linked_values[0/0] Replicating DC=ForestDnsZones,DC=bierfert,DC=lan Partition[DC=ForestDnsZones,DC=bierfert,DC=lan] objects[25/25] linked_values[0/0] WARNING: Unable to replicate own RID Set, as server raspi1.bierfert.lan (the server we joined) is not the RID Master. NOTE: This is normal and expected, Samba will be able to create users after it contacts the RID Master at first startup. Committing SAM database Adding 1 remote DNS records for DC2.bierfert.lan Adding DNS A record DC2.bierfert.lan for IPv4 IP: 10.11.1.3 Adding DNS CNAME record 65ae438f-7038-4908-ad23-caae8cdd8876._msdcs.bierfert.lan for DC2.bierfert.lan All other DNS records (like _ldap SRV records) will be created samba_dnsupdate on first startup Replicating new DNS records in DC=DomainDnsZones,DC=bierfert,DC=lan Partition[DC=DomainDnsZones,DC=bierfert,DC=lan] objects[2/2] linked_values[0/0] Replicating new DNS records in DC=ForestDnsZones,DC=bierfert,DC=lan Partition[DC=ForestDnsZones,DC=bierfert,DC=lan] objects[2/2] linked_values[0/0] Sending DsReplicaUpdateRefs for all the replicated partitions Setting isSynchronized and dsServiceName Setting up secrets database Failed to setup database for BIND, AD based DNS cannot be used Join failed - cleaning up ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't join, error: Not removing account DC2$ which looks like a Samba DC account maching the password we already have. To override, remove secrets.ldb and secrets.tdb File "/usr/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/site-packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib/python2.7/site-packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib/python2.7/site-packages/samba/join.py", line 1394, in do_join ctx.cleanup_old_join() File "/usr/lib/python2.7/site-packages/samba/join.py", line 270, in cleanup_old_join ctx.cleanup_old_accounts(force=force) File "/usr/lib/python2.7/site-packages/samba/join.py", line 239, in cleanup_old_accounts % ctx.samname)
*** This bug has been marked as a duplicate of bug 1476175 ***