On Sat, 20 Apr 2013, Matthieu Patou wrote:
On 04/13/2013 04:38 PM, simon+sa...@matthews.eu wrote:
I have my Samba4 up and running. I was able to get a Windows 2012 server
to join the samba4 domain.
However, I have not been able to get the Windows server to promote itself
to a secondary DC.
I would appreciate any suggestions on debugging this issue.
One the Server 2012 machine, in the "prerequisites check", I see the
following message:
"Verification or prerequisites for Active Directory preparation failed
......
Exception: THe RPC server is unavailable. ....."
Adprep could not retrieve data from the server <servername> ..."
The servername is correct and resolves to my samba4 server.
On the Samba4 server, I see the following in the logs:
[2013/04/12 12:02:30, 3]
../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
Got NTLMSSP neg_flags=0xe2088235
[2013/04/12 12:02:30, 3]
../source4/rpc_server/dcerpc_server.c:961(dcesrv_request)
Warning: 60 extra bytes in incoming RPC request
[2013/04/12 12:02:30, 3]
../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74(dcesrv_drsuapi_DsBind)
../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:74: doing DsBind with
system_session
[2013/04/12 12:02:33, 3]
../source4/smbd/service_stream.c:63(stream_terminate_connection)
Terminating connection - 'NT_STATUS_CONNECTION_DISCONNECTED'
[2013/04/12 12:02:33, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[NT_STATUS_CONNECTION_DISCONNECTED]
Any ideas?
We don't support Windows 2012 yet, for multiple reasons:
In order to have a Windows 2012 DC you must have a 2012 compliant schema, up
to Windows 2008R2 included the way to do was to run programs provided by
Microsoft on existing DC to upgrade the schema and do some adaptation to the
database. With windows 2012 they have introduced a way to do it also remotely
via webservices that we don't support and we dont' plan to support. So usual
upgrade path is not possible.
Up to now we have asked and received new schema from Microsoft after each new
AD product but for 2012 we didn't really asked so we haven't received it yet,
*if* we had it the way to go would be to run something like
samba_upgradeprovision so that we would be able to add missing schema entries
and modify needed objects, but this is not yet a solution (although it might
be a much shorter delay before getting it).
Last would be to add an older version of Windows (2003, 2008, 2008R2) to the
domain and run the program to upgrade the schema, it won't work until you
migrate schema master role to the newly added Windows DC. Then you might run
into problems while synchronizing this is a known problem that we are working
on and you'll face for sure if you try to join samba to a domain with a
Windows 2012 schema.
Are you saying that, in addition to not being able to join a Windows 2012
server to a samba domain, the reverse will not work as well? I can't join
a Linux box to a Windows 2012 domain as a client (not as a DC, but just a
domain member)?
Simon
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
