Monday 4 March 2024

Adding Samba to a Windows Domain as a server

My notes for adding SAMBA 4.20 on a Raspberry Pi 5 to a Windows 2019 Domain.

  1. Build SAMBA 4.20 from source (see my previous post).
  2. Setup kerberos
    kinit admin@DOMAIN.EX.INTERNAL
    kinit
    Replace DOMAIN.EX.INTERNAL with the uppercase version of the domain
  3. Join to the domain
    sudo samba-tool domain join domain.ex.internal DC -U"DOMAIN\administrator"
    Also remember to change DOMAIN\administrator to the name of an administrator for the DOMAIN domain/workgroup.

The problem is it fails with the error: 

Adding CN=PI-AD-SERVER,OU=Domain Controllers,DC=development,DC=4mation,DC=internal
Adding CN=PI-AD-SERVER,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=ex,DC=internal
Adding CN=NTDS Settings,CN=PI-AD-SERVER,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=ex,DC=internal
Join failed - cleaning up
Deleted CN=PI-AD-SERVER,OU=Domain Controllers,DC=domain,DC=ex,DC=internal
Deleted CN=PI-AD-SERVER,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=domain,DC=ex,DC=internal
ERROR(exception): uncaught exception - File [/usr/share/samba/setup/ad-schema/AD_DS_Attributes__Windows_Server_2012_R2.ldf] not found. Please install samba-ad-provision package
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185, in _run
    return self.run(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 702, in run
    join_DC(logger=logger, server=server, creds=creds, lp=lp, domain=domain,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1598, in join_DC
    ctx.do_join()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1486, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 668, in join_add_objects
    ctx.join_add_ntdsdsa()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 593, in join_add_ntdsdsa
    ctx.DsAddEntry([rec])
  File "/usr/lib/python3/dist-packages/samba/join.py", line 479, in DsAddEntry
    ctx.create_tmp_samdb()
  File "/usr/lib/python3/dist-packages/samba/join.py", line 461, in create_tmp_samdb
    ctx.tmp_schema = Schema(ctx.domsid,
                     ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/samba/schema.py", line 110, in __init__
    setup_path('ad-schema/%s' % Schema.base_schemas[base_schema][0]),
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/samba/provision/common.py", line 44, in setup_path
    raise Exception("File [%s] not found. Please install samba-ad-provision package" % path)

Trying pulling the latest version from git and rebuilding it

This didn't work but I discovered that there were some samba packages installed via apt so I removed them and this fixed the above error message when I tried to install.

Now I have the issue of incompatible schema versions which was the reason I tried using the latest version of SAMBA in the first place.

I guess I need to try and downgrade my Windows functional level.

After downgrading the functional level I still have issues but with different errors. Adding -d 3 gives more details about the errors encountered as shown below.

sudo /usr/local/samba/bin/samba-tool domain join domain.ex.internal DC -U"DOMAIN\administrator" -d 3
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)