echochio

linux AD 加 windows AD 加不進去 

root@linux-ad1:~# samba-tool domain join tw3.ad DC  -Uadministrator
Finding a writeable DC for domain 'tw3.ad'
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'tw3.ad'
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 621, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1148, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 79, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 267, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)
root@linux-ad1:~#
root@linux-ad1:~#
root@linux-ad1:~#
root@linux-ad1:~# samba-tool domain join tw3.ad DC  -Uadministrator  --debuglevel=10
INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
  scavenger: 10
  dns: 10
  ldb: 10
  tevent: 10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface ens160 ip=192.168.0.68 bcast=192.168.0.255 netmask=255.255.255.0
added interface ens160 ip=192.168.0.68 bcast=192.168.0.255 netmask=255.255.255.0
added interface ens160 ip=192.168.0.68 bcast=192.168.0.255 netmask=255.255.255.0
added interface ens160 ip=192.168.0.68 bcast=192.168.0.255 netmask=255.255.255.0
Finding a writeable DC for domain 'tw3.ad'
added interface ens160 ip=192.168.0.68 bcast=192.168.0.255 netmask=255.255.255.0
added interface ens160 ip=192.168.0.68 bcast=192.168.0.255 netmask=255.255.255.0
finddcs: searching for a DC by DNS domain tw3.ad
finddcs: looking for SRV records for _ldap._tcp.tw3.ad
resolve_lmhosts: Attempting lmhosts lookup for name _ldap._tcp.tw3.ad<0x0>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such file or directory
dns_send_req: Failed to resolve _ldap._tcp.tw3.ad. (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns child failed to find name '_ldap._tcp.tw3.ad' of type SRV
finddcs: Failed to find SRV record for _ldap._tcp.tw3.ad
ERROR(exception): uncaught exception - Failed to find a writeable DC for domain 'tw3.ad'
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 621, in run
    machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1148, in join_DC
    machinepass, use_ntvfs, dns_backend, promote_existing)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 79, in __init__
    ctx.server = ctx.find_dc(domain)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 267, in find_dc
    raise Exception("Failed to find a writeable DC for domain '%s'" % domain)
 

原來是  windows 的 DNS 異常 ...重建 windows DNS 

http://echochio.pixnet.net/blog/post/44399650

正常了

root@linux-ad1:~#  samba-tool domain join  TW3.AD DC -U"TW3\administrator" --realm=TW3.AD --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'TW3.AD'
Found DC AD1.TW3.AD
Password for [TW3\administrator]:
workgroup is TW3
realm is TW3.AD
checking sAMAccountName
Adding CN=LINUX-AD1,OU=Domain Controllers,DC=TW3,DC=AD
Adding CN=LINUX-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TW3,DC=AD
Adding CN=NTDS Settings,CN=LINUX-AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=TW3,DC=AD
Adding SPNs to CN=LINUX-AD1,OU=Domain Controllers,DC=TW3,DC=AD
Setting account password for LINUX-AD1$
Enabling account
Adding DNS account CN=dns-LINUX-AD1,CN=Users,DC=TW3,DC=AD with dns/ SPN
Setting account password for dns-LINUX-AD1
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at /var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=TW3,DC=AD
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=TW3,DC=AD] objects[402] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW3,DC=AD] objects[804] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW3,DC=AD] objects[1206] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW3,DC=AD] objects[1608] linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=TW3,DC=AD] objects[1743] linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=TW3,DC=AD] objects[402] linked_values[0]
Partition[CN=Configuration,DC=TW3,DC=AD] objects[804] linked_values[0]
Partition[CN=Configuration,DC=TW3,DC=AD] objects[1206] linked_values[0]
Partition[CN=Configuration,DC=TW3,DC=AD] objects[1608] linked_values[0]
Partition[CN=Configuration,DC=TW3,DC=AD] objects[1754] linked_values[22]
Replicating critical objects from the base DN of the domain
Partition[DC=TW3,DC=AD] objects[109] linked_values[23]
Partition[DC=TW3,DC=AD] objects[354] linked_values[26]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=TW3,DC=AD
Partition[DC=DomainDnsZones,DC=TW3,DC=AD] objects[81] linked_values[0]
Replicating DC=ForestDnsZones,DC=TW3,DC=AD
Partition[DC=ForestDnsZones,DC=TW3,DC=AD] objects[10] linked_values[0]
Committing SAM database
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=TW3,DC=AD not found under DC=TW3,DC=AD
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=TW3,DC=AD not found under DC=TW3,DC=AD
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Unable to find group id for BIND,
                set permissions to sam.ldb* files manually
BIND version unknown, please modify /var/lib/samba/private/named.conf manually.
See /var/lib/samba/private/named.conf for an example configuration include file for BIND
and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates
Joined domain TW3 (SID S-1-5-21-3805229290-2645941028-766662377) as a DC