No RID Set found for this server

Running samba-tool dbcheck --cross-ncs --fix generates this message. I cannot find a solution.

root@ucskvm1:~# samba-tool dbcheck --cross-ncs --fix
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[UVMM-Pool1]"
pm_process() returned Yes
schema_fsmo_init: we are master[no] updates allowed[no]
schema_fsmo_init: we are master[no] updates allowed[no]
Checking 3608 objects
No RID Set found for this server: CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local, and we are not the RID Master (so can not self-allocate)
Checked 3608 objects (1 errors)

Hey,

what’s the server’s role (see ucr get server/role)? Please also post the output of the following commands:

univention-s4search -b 'CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local' | ldapsearch-wrapper | grep -Ei '^dn:|^rid'
univention-check-join-status

Kind regards,
mosu

root@ucskvm1:~# univention-s4search -b 'CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local' | ldapsearch-wrapper | grep -Ei '^dn:|^rid'
dn: CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local

root@ucskvm2:~# univention-check-join-status
Joined successfully

However 98univention-samba4-dns will not run.

Hey,

Hmm, there’s definitely content missing. it’s possible that this is due to a known issue with Samba on KVM systems due to Samba being configured to only listen on the automatically-created bridge interface but not on the local loopback interface anymore. What’s the output of ucr search --brief 'samba.*interface' ?

Kind regards,
mosu

The RID master is UCSMASTER but apperently no RID pool is allocated to UCSKVM1 (slave DC). Checked with the other two DC slaves and they have a RID pool

root@ucskvm1:~# ucr search --brief 'samba.*interface'
samba/interfaces/bindonly: yes
samba/interfaces: lo <interfaces/primary>
samba/register/exclude/interfaces: docker0

OK, it’s definitely not due to the bug I was thinking about. The settings are fine.

I guess at this point the first thing you should try is to re-join the server by running univention-join. If any of the join scripts fail, please post the corresponding output from /var/log/univention/join.log.

m.

Already done that without success. Question is: should I also remove all UCSKVM1 entries in LDAP before rejoining?

univention-run-join-scripts started
Fri Feb 16 21:24:40 CET 2018

RUNNING 98univention-samba4-dns.inst
2018-02-16 21:24:40.672453266+01:00 (in joinscript_init)
Waiting for RID Pool replication: ..............................................................$
Error no rIDSetReferences replicated for ucskvm1
EXITCODE=1

Fri Feb 16 21:28:32 CET 2018
univention-run-join-scripts finished

Well actually the univention-join is executed without error except for for 98univention-samba4-dns.inst

Hey,

right, so this still looks like an issue with the interfaces Samba listens on. What does grep interface /etc/samba/smb.conf say?

Kind regards,
mosu

…and while you’re at it, the output of:

ucr get interfaces/primary
ip link
root@ucskvm1:~# grep interface /etc/samba/smb.conf
        interfaces      = lo br0
        bind interfaces only    = yes

root@ucskvm1:~# ucr get interfaces/primary
br0
root@ucskvm1:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 1000
    link/ether 48:4d:7e:ce:a6:c5 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 48:4d:7e:ce:a6:c5 brd ff:ff:ff:ff:ff:ff
4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:54:00:7f:45:d7 brd ff:ff:ff:ff:ff:ff
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default
    link/ether 02:42:27:ab:03:43 brd ff:ff:ff:ff:ff:ff
6: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:54:00:71:b8:ad brd ff:ff:ff:ff:ff:ff

Looks like I am running in circles here and I have been doing so for a long time.

It has apperently nothing to with interfaces. It has been doublechecked. I am leaning towards the SAM database, there got to be something wrong here. Can it be a schema error?

This is out of my realm and I am guessing,

Hey,

Not really. The RID attributes are handled solely on the Samba4 side whereas schema extensions are usually only installed on OpenLDAP’s side.

Is your DC Master perchance running as a virtual machine on the same machine?

To me it still looks like a communication failure between the DC Master’s Samba instance and the one running on your KVM server. Maybe you could try the following:

  1. Configure Samba to listen on all interfaces via ucr set samba/interfaces/bindonly=no followed by systemctl restart samba
  2. Make sure Samba listens on all interfaces, e.g. via lsof -PniTCP:445 -sTCP:LISTEN
  3. Re-join the machine via univention-join

Kind regards,
mosu

Followed your suggestion and now the join breaks on 96univention-samba4.inst.

Configure 96univention-samba4.inst Tue Mar 13 14:16:39 CET 2018
2018-03-13 14:16:39.730131119+01:00 (in joinscript_init)
13.03.18 14:16:40.087  DEBUG_INIT
UNIVENTION_DEBUG_BEGIN  : uldap.__open host=ucsmaster.sunhut.local port=7389 base=dc=sunhut,dc=local
UNIVENTION_DEBUG_END    : uldap.__open host=ucsmaster.sunhut.local port=7389 base=dc=sunhut,dc=local
Not updating samba4/role
sv status returns no running listener, don't need to restart. ... (warning).
Multifile: /etc/samba/smb.conf
Object exists: cn=Builtin,dc=sunhut,dc=local
WARNING: cannot append cn=DC Backup Hosts,cn=groups,dc=sunhut,dc=local to nestedGroup, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=sunhut,dc=local
WARNING: cannot append cn=ucskvm1,cn=dc,cn=computers,dc=sunhut,dc=local to hosts, value exists
No modification: cn=Enterprise Domain Controllers,cn=groups,dc=sunhut,dc=local
Stopping samba-ad-dc (via systemctl): samba-ad-dc.service.
Stopping smbd (via systemctl): smbd.service.
Stopping nmbd (via systemctl): nmbd.service.
Setting kerberos/kdc
Setting kerberos/kpasswdserver
File: /etc/krb5.conf
Setting slapd/port
File: /etc/init.d/slapd
Setting slapd/port/ldaps
File: /etc/init.d/slapd
Restarting slapd (via systemctl): slapd.serviceWarning: Unit file of slapd.service changed on disk, 'systemctl daemon-reload' recommended.
.
Object removed: relativeDomainName=a19ca94d-0268-44b8-b73b-422ca02c0d86._msdcs,zoneName=sunhut.local,cn=dns,dc=sunhut,dc=local
extract_rIDNextRID: Attribute rIDSetReferences not found
Not updating windows/wins-support
Join against S4 Connector server: ucsmaster
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[UVMM-Pool1]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
finddcs: response 0 at '192.168.0.20'
finddcs: performing CLDAP query on 192.168.0.20
finddcs: Found matching DC 192.168.0.20 with server_type=0x000013fd
Forest           : sunhut.local
Domain           : sunhut.local
Netbios domain   : SUNHUT
DC name          : ucsmaster.sunhut.local
DC netbios name  : UCSMASTER
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[UVMM-Pool1]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
workgroup is SUNHUT
realm is sunhut.local
tdb(/var/lib/samba/private/secrets.tdb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.tdb: No such file or directory
Could not open tdb: No such file or directory
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: Could not find entry to match filter: '(&(flatname=SUNHUT)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4576 and failed to open /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(<class 'samba.join.DCJoinException'>): uncaught exception - Can't join, error: Not removing account dns-UCSKVM1 which looks like a Samba DNS service account but does not have servicePrincipalName=dns/ucskvm1.sunhut.local
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 668, in run
    keep_existing=keep_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1276, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1178, in do_join
    ctx.cleanup_old_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 262, in cleanup_old_join
    ctx.cleanup_old_accounts()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 255, in cleanup_old_accounts
    ldb.binary_encode("dns/%s" % ctx.dnshostname)))
removing samaccount: CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local
Deleted CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local
Failed to join against the S4 Connector server ucsmaster.
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[UVMM-Pool1]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
finddcs: response 0 at '192.168.0.22'
finddcs: response 1 at '192.168.0.23'
finddcs: response 2 at '192.168.0.20'
finddcs: response 3 at '192.168.0.28'
finddcs: response 4 at '192.168.0.38'
finddcs: performing CLDAP query on 192.168.0.22
finddcs: performing CLDAP query on 192.168.0.23
finddcs: Found matching DC 192.168.0.23 with server_type=0x000013fc
Forest           : sunhut.local
Domain           : sunhut.local
Netbios domain   : SUNHUT
DC name          : ucskvm2.sunhut.local
DC netbios name  : UCSKVM2
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name
INFO: Current debug levels:
  all: 5
  tdb: 5
  printdrivers: 5
  lanman: 5
  smb: 5
  rpc_parse: 5
  rpc_srv: 5
  rpc_cli: 5
  passdb: 5
  sam: 5
  auth: 5
  winbind: 5
  vfs: 5
  idmap: 5
  quota: 5
  acls: 5
  locking: 5
  msdfs: 5
  dmapi: 5
  registry: 5
  scavenger: 5
  dns: 5
  ldb: 5
  tevent: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[homes]"
Processing section "[printers]"
Processing section "[print$]"
Processing section "[UVMM-Pool1]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
Finding a writeable DC for domain 'sunhut.local'
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
finddcs: searching for a DC by DNS domain sunhut.local
finddcs: looking for SRV records for _ldap._tcp.sunhut.local
ads_dns_lookup_srv: 5 records returned in the answer section.
finddcs: DNS SRV response 0 at '192.168.0.20'
finddcs: DNS SRV response 1 at '192.168.0.22'
finddcs: DNS SRV response 2 at '192.168.0.38'
finddcs: DNS SRV response 3 at '192.168.0.28'
finddcs: DNS SRV response 4 at '192.168.0.23'
finddcs: performing CLDAP query on 192.168.0.20
finddcs: Found matching DC 192.168.0.20 with server_type=0x000013fd
Found DC ucsmaster.sunhut.local
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
added interface lo ip=::1 bcast= netmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface br0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
interpret_string_addr_internal: getaddrinfo failed for name eth0 (flags 32) [Name or service not known]
interpret_interface: Can't find address for eth0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_TARGET_TYPE_DOMAIN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_TARGET_INFO
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088235
  NTLMSSP_NEGOTIATE_UNICODE
  NTLMSSP_REQUEST_TARGET
  NTLMSSP_NEGOTIATE_SIGN
  NTLMSSP_NEGOTIATE_SEAL
  NTLMSSP_NEGOTIATE_NTLM
  NTLMSSP_NEGOTIATE_ALWAYS_SIGN
  NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
  NTLMSSP_NEGOTIATE_VERSION
  NTLMSSP_NEGOTIATE_128
  NTLMSSP_NEGOTIATE_KEY_EXCH
workgroup is SUNHUT
realm is sunhut.local
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -  <00002071: ../ldb_tdb/ldb_index.c:1238: Failed to re-index objectSid in CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local - ../ldb_tdb/ldb_index.c:1158: unique index violation on objectSid in CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 668, in run
    keep_existing=keep_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1276, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1182, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 593, in join_add_objects
    ctx.samdb.add(rec)
Deleted CN=1049fb19-4483-4bf4-b660-75dcacd0947a,CN=NTDS Settings,CN=UCSKVM1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunhut,DC=local
Deleted CN=0eede720-73ce-4c12-8597-184d0761e4f4,CN=NTDS Settings,CN=UCSKVM1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunhut,DC=local
Deleted CN=c4b3c9b6-d77b-45ba-bd5d-d122b2c17447,CN=NTDS Settings,CN=UCSKVM1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunhut,DC=local
Deleted CN=d1d75e4e-4cdf-4796-b92a-149a7a40f357,CN=NTDS Settings,CN=UCSKVM1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunhut,DC=local
Deleted CN=NTDS Settings,CN=UCSKVM1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunhut,DC=local
Deleted CN=UCSKVM1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sunhut,DC=local
Adding CN=UCSKVM1,OU=Domain Controllers,DC=sunhut,DC=local
Join failed - cleaning up
Failed to join the domain sunhut.local.
Tue Mar 13 14:17:44 CET 2018: finish /usr/sbin/univention-join

Hmm… Well without the log I cannot say what the issue might be.

Why are you running Samba on a KVM host anyway? Technically there’s probably no need for it. A KVM host should probably just be a UCS member server without Samba — then you could simply circumvent all those issues.

The log is now available.

Need to access the KVM server and guests from Windows hence Samba.

I could of course move my guests of to another KVM host and create a KVM host with another name but then how do I solve the issue if it appear again on another machine. I have already reinstalled this server once and I hate to do it again it is a day and a half minimum to move guests and reinstall the server. My DC master is thankfully on another host.

Mastodon