# Second domain controller with Samba 4.13 + FreeBSD Release 12.2



## cesar_mabel (Nov 5, 2020)

Hi guys,

I've installed a FreeBSD 12.2 Release with Samba 4.13 as a primary domain controller, and everything works fine on it. 

I need to add a secondary controller to the domain, but when I try do this, I have a problem (on the secondary):

```
root@server2:/var/db/samba4 # samba-tool domain join meudominio.info DC -U"MEUDOMINIO\administrator" --option='idmap_ldb:use rfc2307=yes' --option="vfs objects=zfsacl dfs_samba4 acl_xattr"
INFO 2020-11-05 15:06:01,087 pid:84133 /usr/local/lib/python3.7/site-packages/samba/join.py #107: Finding a writeable DC for domain 'meudominio.info'
INFO 2020-11-05 15:06:01,114 pid:84133 /usr/local/lib/python3.7/site-packages/samba/join.py #109: Found DC server1.meudominio.info
Failed to connect to ldap URL 'ldap://server1.meudominio.info' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://server1.meudominio.info' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
ERROR(ldb): uncaught exception - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 186, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/lib/python3.7/site-packages/samba/netcmd/domain.py", line 668, in run
    backend_store_size=backend_store_size)
  File "/usr/local/lib/python3.7/site-packages/samba/join.py", line 1539, in join_DC
    backend_store_size=backend_store_size)
  File "/usr/local/lib/python3.7/site-packages/samba/join.py", line 112, in __init__
    credentials=ctx.creds, lp=ctx.lp)
  File "/usr/local/lib/python3.7/site-packages/samba/samdb.py", line 67, in __init__
    options=options)
  File "/usr/local/lib/python3.7/site-packages/samba/__init__.py", line 115, in __init__
    self.connect(url, flags, options)
  File "/usr/local/lib/python3.7/site-packages/samba/samdb.py", line 82, in connect
    options=options)
```

When I just remove the Samba 4.13 from the secondary, without change any configurations, and use the version 4.12.7, everything works fine.

Can anybody help me?


----------



## pduh (Dec 12, 2020)

I am having exact the same issue and have fought for a week with no luck. 
- 12.2-RELEASE FreeBSD 12.2-RELEASE r366954 GENERIC  amd64
- samba413-4.13.1_1
- ZFS
- Jail

I dumped out ldb module as below found out it is a .so file:

/usr/local/lib/python3.7/site-packages/ldb.so

```
module::<class 'module'> <<
    __dict__ :: {
        '__name__': 'ldb' 
        '__doc__': 'An interface to LDB, a LDAP-like API that can either to talk an embedded database (TDB-based) or a standards-compliant LDAP server.' 
        '__package__': '' 
        '__loader__': ExtensionFileLoader::<class '_frozen_importlib_external.ExtensionFileLoader'> <<
            __dict__ :: {
                'name': 'ldb' 
                'path': '/usr/local/lib/python3.7/site-packages/ldb.so'
            }
        >> 
        '__spec__': ModuleSpec::<class '_frozen_importlib.ModuleSpec'> <<
            __dict__ :: {
                'name': 'ldb' 
                'loader': ExtensionFileLoader::<class '_frozen_importlib_external.ExtensionFileLoader'> <<...>> 
                'origin': '/usr/local/lib/python3.7/site-packages/ldb.so' 
                'loader_state': None 
                'submodule_search_locations': None 
                '_set_fileattr': bool::<class 'bool'> <<
                >> 
                '_cached': None 
                '_initializing': bool::<class 'bool'> <<
                >>
            }
        >> 
        'register_module': builtin_function_or_method::<class 'builtin_function_or_method'> <<
        >> 
        'timestring': builtin_function_or_method::<class 'builtin_function_or_method'> <<
        >> 
        'string_to_time': builtin_function_or_method::<class 'builtin_function_or_method'> <<
        >> 
        'valid_attr_name': builtin_function_or_method::<class 'builtin_function_or_method'> <<
        >> 
        'binary_encode': builtin_function_or_method::<class 'builtin_function_or_method'> <<
        >> 
        'binary_decode': builtin_function_or_method::<class 'builtin_function_or_method'> <<
        >> 
        'SEQ_HIGHEST_SEQ': 0 
        'SEQ_HIGHEST_TIMESTAMP': 1 
        'SEQ_NEXT': 2 
        'SCOPE_DEFAULT': -1 
        'SCOPE_BASE': 0 
        'SCOPE_ONELEVEL': 1 
        'SCOPE_SUBTREE': 2 
        'CHANGETYPE_NONE': 0 
        'CHANGETYPE_ADD': 1 
        'CHANGETYPE_DELETE': 2 
        'CHANGETYPE_MODIFY': 3 
        'FLAG_MOD_ADD': 1 
        'FLAG_MOD_REPLACE': 2 
        'FLAG_MOD_DELETE': 3 
        'FLAG_FORCE_NO_BASE64_LDIF': 4 
        'ATTR_FLAG_HIDDEN': 1 
        'ATTR_FLAG_UNIQUE_INDEX': 8 
        'ATTR_FLAG_SINGLE_VALUE': 16 
        'ATTR_FLAG_FORCE_BASE64_LDIF': 32 
        'SUCCESS': 0 
        'ERR_OPERATIONS_ERROR': 1 
        'ERR_PROTOCOL_ERROR': 2 
        'ERR_TIME_LIMIT_EXCEEDED': 3 
        'ERR_SIZE_LIMIT_EXCEEDED': 4 
        'ERR_COMPARE_FALSE': 5 
        'ERR_COMPARE_TRUE': 6 
        'ERR_AUTH_METHOD_NOT_SUPPORTED': 7 
        'ERR_STRONG_AUTH_REQUIRED': 8 
        'ERR_REFERRAL': 10 
        'ERR_ADMIN_LIMIT_EXCEEDED': 11 
        'ERR_UNSUPPORTED_CRITICAL_EXTENSION': 12 
        'ERR_CONFIDENTIALITY_REQUIRED': 13 
        'ERR_SASL_BIND_IN_PROGRESS': 14 
        'ERR_NO_SUCH_ATTRIBUTE': 16 
        'ERR_UNDEFINED_ATTRIBUTE_TYPE': 17 
        'ERR_INAPPROPRIATE_MATCHING': 18 
        'ERR_CONSTRAINT_VIOLATION': 19 
        'ERR_ATTRIBUTE_OR_VALUE_EXISTS': 20 
        'ERR_INVALID_ATTRIBUTE_SYNTAX': 21 
        'ERR_NO_SUCH_OBJECT': 32 
        'ERR_ALIAS_PROBLEM': 33 
        'ERR_INVALID_DN_SYNTAX': 34 
        'ERR_ALIAS_DEREFERENCING_PROBLEM': 36 
        'ERR_INAPPROPRIATE_AUTHENTICATION': 48 
        'ERR_INVALID_CREDENTIALS': 49 
        'ERR_INSUFFICIENT_ACCESS_RIGHTS': 50 
        'ERR_BUSY': 51 
        'ERR_UNAVAILABLE': 52 
        'ERR_UNWILLING_TO_PERFORM': 53 
        'ERR_LOOP_DETECT': 54 
        'ERR_NAMING_VIOLATION': 64 
        'ERR_OBJECT_CLASS_VIOLATION': 65 
        'ERR_NOT_ALLOWED_ON_NON_LEAF': 66 
        'ERR_NOT_ALLOWED_ON_RDN': 67 
        'ERR_ENTRY_ALREADY_EXISTS': 68 
        'ERR_OBJECT_CLASS_MODS_PROHIBITED': 69 
        'ERR_AFFECTS_MULTIPLE_DSAS': 71 
        'ERR_OTHER': 80 
        'FLG_RDONLY': 1 
        'FLG_NOSYNC': 2 
        'FLG_RECONNECT': 4 
        'FLG_NOMMAP': 8 
        'FLG_SHOW_BINARY': 16 
        'FLG_ENABLE_TRACING': 32 
        'FLG_DONT_CREATE_DB': 64 
        'PACKING_FORMAT': 637606247 
        'PACKING_FORMAT_V2': 637606248 
        'ERR_ALIAS_DEREFERINCING_PROBLEM': 36 
        '__docformat__': 'restructuredText' 
        'LdbError': type::<class 'type'> <<
            __dict__ :: {
                '__module__': '_ldb' 
                '__weakref__': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                '__doc__': None
            }
        >> 
        'Ldb': type::<class 'type'> <<
            __dict__ :: {
                '__repr__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__getattribute__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__init__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__contains__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__new__': builtin_function_or_method::<class 'builtin_function_or_method'> <<
                >> 
                'set_debug': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'set_create_perms': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'set_modules_dir': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'transaction_start': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'transaction_prepare_commit': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'transaction_commit': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'transaction_cancel': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'setup_wellknown_attributes': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_root_basedn': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_schema_basedn': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_default_basedn': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_config_basedn': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'connect': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'modify': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'add': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'delete': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'rename': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'search': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'search_iterator': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'schema_attribute_remove': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'schema_attribute_add': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'schema_format_value': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'parse_ldif': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'write_ldif': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'msg_diff': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_opaque': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'set_opaque': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'modules': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'sequence_number': method_descriptor::<class 'method_descriptor'> <<
                >> 
                '_register_test_extensions': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'firstmodule': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                '__doc__': 'Connection to a LDB database.'
            }
        >> 
        'Dn': type::<class 'type'> <<
            __dict__ :: {
                '__repr__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__str__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__lt__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__le__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__eq__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__ne__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__gt__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__ge__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__len__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__add__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__new__': builtin_function_or_method::<class 'builtin_function_or_method'> <<
                >> 
                'validate': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'is_valid': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'is_special': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'is_null': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_casefold': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_linearized': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'canonical_str': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'is_child_of': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'canonical_ex_str': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'extended_str': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'parent': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'add_child': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'add_base': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'remove_base_components': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'check_special': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_extended_component': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'set_extended_component': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_component_name': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_component_value': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'set_component': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_rdn_name': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get_rdn_value': method_descriptor::<class 'method_descriptor'> <<
                >> 
                '__doc__': 'A LDB distinguished name.' 
                '__hash__': None
            }
        >> 
        'Message': type::<class 'type'> <<
            __dict__ :: {
                '__repr__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__lt__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__le__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__eq__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__ne__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__gt__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__ge__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__iter__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__len__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__getitem__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__setitem__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__delitem__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__new__': builtin_function_or_method::<class 'builtin_function_or_method'> <<
                >> 
                'from_dict': classmethod_descriptor::<class 'classmethod_descriptor'> <<
                >> 
                'keys': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'remove': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'get': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'items': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'elements': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'add': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'dn': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                'text': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                '__doc__': 'A LDB Message' 
                '__hash__': None
            }
        >> 
        'MessageElement': type::<class 'type'> <<
            __dict__ :: {
                '__repr__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__str__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__lt__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__le__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__eq__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__ne__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__gt__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__ge__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__iter__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__len__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__getitem__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__new__': builtin_function_or_method::<class 'builtin_function_or_method'> <<
                >> 
                'get': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'set_flags': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'flags': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'text': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                '__doc__': 'An element of a Message' 
                '__hash__': None
            }
        >> 
        'Module': type::<class 'type'> <<
            __dict__ :: {
                '__repr__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__str__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                'search': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'add': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'modify': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'rename': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'delete': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'start_transaction': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'end_transaction': method_descriptor::<class 'method_descriptor'> <<
                >> 
                'del_transaction': method_descriptor::<class 'method_descriptor'> <<
                >> 
                '__doc__': 'LDB module (extension)'
            }
        >> 
        'Tree': type::<class 'type'> <<
            __dict__ :: {
                '__doc__': 'A search tree'
            }
        >> 
        'Control': type::<class 'type'> <<
            __dict__ :: {
                '__str__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__getattribute__': wrapper_descriptor::<class 'wrapper_descriptor'> <<
                >> 
                '__new__': builtin_function_or_method::<class 'builtin_function_or_method'> <<
                >> 
                'oid': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                'critical': getset_descriptor::<class 'getset_descriptor'> <<
                >> 
                '__doc__': 'LDB control.'
            }
        >> 
        '__version__': '2.2.0' 
        'SYNTAX_DN': '1.3.6.1.4.1.1466.115.121.1.12' 
        'SYNTAX_DIRECTORY_STRING': '1.3.6.1.4.1.1466.115.121.1.15' 
        'SYNTAX_INTEGER': '1.3.6.1.4.1.1466.115.121.1.27' 
        'SYNTAX_ORDERED_INTEGER': 'LDB_SYNTAX_ORDERED_INTEGER' 
        'SYNTAX_BOOLEAN': '1.3.6.1.4.1.1466.115.121.1.7' 
        'SYNTAX_OCTET_STRING': '1.3.6.1.4.1.1466.115.121.1.40' 
        'SYNTAX_UTC_TIME': '1.3.6.1.4.1.1466.115.121.1.53' 
        'OID_COMPARATOR_AND': '1.2.840.113556.1.4.803' 
        'OID_COMPARATOR_OR': '1.2.840.113556.1.4.804' 
        '__file__': '/usr/local/lib/python3.7/site-packages/ldb.so'
    }
>>
```


----------



## NetBLOKS (Dec 14, 2020)

Yep, same for me.
Also, on my working setup, upgraded from Samba 4.12, replication and everything LDAP related seems to be dead:

```
[root@ad1 ~]# samba-tool ldapcmp ldap://AD1 ldap://AD2
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
Failed to connect to ldap URL 'ldap://AD1' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://AD1' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
ERROR(ldb): uncaught exception - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/__init__.py", line 186, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/ldapcmp.py", line 936, in run
outf=self.outf, errf=self.errf, skip_missing_dn=skip_missing_dn)
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/ldapcmp.py", line 64, in __init__
options=ldb_options)
File "/usr/local/lib/python3.7/site-packages/samba/__init__.py", line 115, in __init__
self.connect(url, flags, options)
```
Also replication:

```
[root@ad1 ~]# samba-tool drs replicate ad2.netbloks.local ad1.netbloks.local CN=Configuration,DC=netbloks,DC=local
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
smb2: 5
smb2_credits: 5
dsdb_audit: 5
dsdb_json_audit: 5
dsdb_password_audit: 5
dsdb_password_json_audit: 5
dsdb_transaction_audit: 5
dsdb_transaction_json_audit: 5
dsdb_group_audit: 5
dsdb_group_json_audit: 5
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:ad2.netbloks.local[,seal]
Mapped to DCERPC endpoint 135
added interface em0 ip=fd00::200 bcast= netmask=ffff:ffff:ffff:ffff::
added interface em0 ip=192.168.0.200 bcast=192.168.0.255 netmask=255.255.255.0
added interface em0 ip=fd00::200 bcast= netmask=ffff:ffff:ffff:ffff::
added interface em0 ip=192.168.0.200 bcast=192.168.0.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad2.netbloks.local<0x20>
getlmhostsent: lmhost entry: 192.168.0.200 AD1
getlmhostsent: lmhost entry: 192.168.0.201 AD2
getlmhostsent: lmhost entry: fd00::200 AD1
getlmhostsent: lmhost entry: fd00::201 AD2
Mapped to DCERPC endpoint 49153
added interface em0 ip=fd00::200 bcast= netmask=ffff:ffff:ffff:ffff::
added interface em0 ip=192.168.0.200 bcast=192.168.0.255 netmask=255.255.255.0
added interface em0 ip=fd00::200 bcast= netmask=ffff:ffff:ffff:ffff::
added interface em0 ip=192.168.0.200 bcast=192.168.0.255 netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name ad2.netbloks.local<0x20>
getlmhostsent: lmhost entry: 192.168.0.200 AD1
getlmhostsent: lmhost entry: 192.168.0.201 AD2
getlmhostsent: lmhost entry: fd00::200 AD1
getlmhostsent: lmhost entry: fd00::201 AD2
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 293
Received smb_krb5 packet of length 1399
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
Failed to connect to ldap URL 'ldap://ad2.netbloks.local' - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to 'ldap://ad2.netbloks.local' with backend 'ldap': LDAP client internal error: NT_STATUS_INVALID_PARAMETER
ERROR(ldb): LDAP connection to ad2.netbloks.local failed - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
File "/usr/local/lib/python3.7/site-packages/samba/netcmd/drs.py", line 65, in samdb_connect
credentials=ctx.creds, lp=ctx.lp)
File "/usr/local/lib/python3.7/site-packages/samba/samdb.py", line 67, in __init__
options=options)
File "/usr/local/lib/python3.7/site-packages/samba/__init__.py", line 115, in __init__
self.connect(url, flags, options)
File "/usr/local/lib/python3.7/site-packages/samba/samdb.py", line 82, in connect
options=options)
```


----------



## SirDice (Dec 14, 2020)

Did any of you read the release notes?



> NT4-like 'classic' Samba domain controllers
> -------------------------------------------
> 
> Samba 4.13 deprecates Samba's original domain controller mode.
> ...





			Samba 4.13.0 - Release Notes


----------



## NetBLOKS (Dec 15, 2020)

SirDice said:


> Did any of you read the release notes?
> 
> 
> 
> ...


I´ve installed and used AD Mode (with AD backend, krb.conf etc.).
NT 4 mode would not be compatible with Win 10 etc.
Is there a command to check the running mode?

Here is my smb4.conf:


```
# Global parameters

[global]
netbios name = AD1
realm = NETBLOKS.LOCAL
workgroup = NETBLOKS
dns forwarder = 192.168.0.1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
nsupdate command = /usr/local/bin/samba-nsupdate -g
vfs objects = freebsd dfs_samba4 acl_xattr
allow dns updates = nonsecure

# Disable Offline-Folders:
csc policy = disable

# Disable Printer:
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = Yes

[netlogon]
path = /var/db/samba4/sysvol/netbloks.local/scripts
read only = No

[sysvol]
path = /var/db/samba4/sysvol
read only = No
```

The AD2 conf:

```
# Global parameters

[global]
netbios name = AD2
realm = NETBLOKS.LOCAL
workgroup = NETBLOKS
dns forwarder = 192.168.0.1
# dns forwarder = fd00::0:1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
nsupdate command = /usr/local/bin/samba-nsupdate -g
vfs objects = freebsd dfs_samba4 acl_xattr
allow dns updates = nonsecure

# Disable Offline-Folders:
csc policy = disable

# Disable Printer:
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = Yes

[netlogon]
path = /var/db/samba4/sysvol/netbloks.local/scripts
read only = No

[sysvol]
path = /var/db/samba4/sysvol
read only = No
```


----------



## darkpixel (Dec 21, 2020)

samba413 is completely broken for me.  I blast out a config file managed by salt.  It's the same on 25 machines other than the hostname.
Browsing a 413 server (i.e. \\myserver) shows a connection under smbstatus, but no folders are displayed.  I can manually access subfolders (i.e. \\myserver\myshare) and see files, but browsing the root of the server doesn't work.  samba-tool fails to join the domain and replication fails all over the place under 413.

Downgraded to samba412 and everything magically started working again.


----------



## rdunkle (Jan 3, 2021)

I am using Samba413.   I noticed the same problem trying to add a second DC.  I think there is something wrong with the ldap server on the DC.  I cannot seem to run any ldapsearch commands on the DC.  I also tried to connect with Apache Directory Studio.  I cannot make a connection.  I get a credential error:
[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]


----------



## radi-sh (Mar 6, 2021)

Please try this.





						252385 – net/samba413: ldapsearch Invalid credentials
					






					bugs.freebsd.org


----------



## NetBLOKS (Mar 8, 2021)

radi-sh said:


> Please try this.
> 
> 
> 
> ...


Looks like there is some advancement.
I will test again when the patch is integrated into the packages.


----------

