[samba-jp:22670] domain joinで失敗

[広瀬 晃清]

ｔｈです。

現在、CentOS6.6＋Samba4.1.11でADサーバーを９カ所で連携しています。
新しくADサーバーをドメインに参加させようとしましたら、参加ができません。
[root ＠ test-main ~]# samba-tool domain join intra.jp DC -Uadministrator 
--realm=intra.jp --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'intra.jp'
Found DC yamato.intra.jp
Password for [WORKGROUP\administrator]:
workgroup is INTRA
realm is intra.jp
checking sAMAccountName
Deleted CN=TEST-MAIN,OU=Domain Controllers,DC=intra,DC=jp
Deleted CN=dns-TEST-MAIN,CN=Users,DC=intra,DC=jp
Deleted CN=NTDS 
Settings,CN=TEST-MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp
Deleted 
CN=TEST-MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp
Adding CN=TEST-MAIN,OU=Domain Controllers,DC=intra,DC=jp
Adding 
CN=TEST-MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp
Adding CN=NTDS 
Settings,CN=TEST-MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp
Adding SPNs to CN=TEST-MAIN,OU=Domain Controllers,DC=intra,DC=jp
Setting account password for TEST-MAIN$
Enabling account
Adding DNS account CN=dns-TEST-MAIN,CN=Users,DC=intra,DC=jp with dns/ SPN
Setting account password for dns-TEST-MAIN
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=intra,DC=jp
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=jp] objects[402/1550] 
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=jp] objects[804/1550] 
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=jp] objects[1206/1550] 
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=intra,DC=jp] objects[1550/1550] 
linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=intra,DC=jp] objects[402/1947] 
linked_values[0/0]
Partition[CN=Configuration,DC=intra,DC=jp] objects[804/1947] 
linked_values[0/0]
Partition[CN=Configuration,DC=intra,DC=jp] objects[1206/1947] 
linked_values[0/0]
Partition[CN=Configuration,DC=intra,DC=jp] objects[1608/1947] 
linked_values[0/0]
Partition[CN=Configuration,DC=intra,DC=jp] objects[1945/1947] 
linked_values[101/0]
Replicating critical objects from the base DN of the domain
Partition[DC=intra,DC=jp] objects[105/105] linked_values[37/0]
Partition[DC=intra,DC=jp] objects[507/566] linked_values[0/0]
Partition[DC=intra,DC=jp] objects[671/566] linked_values[520/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=intra,DC=jp
Partition[DC=DomainDnsZones,DC=intra,DC=jp] objects[132/132] 
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=intra,DC=jp
Partition[DC=ForestDnsZones,DC=intra,DC=jp] objects[39/39] 
linked_values[0/0]
Partition[DC=ForestDnsZones,DC=intra,DC=jp] objects[78/39] 
linked_values[0/0]
Committing SAM database
descriptor_modify: Could not find SD for CN=NTDS 
Settings\0ADEL:9b5f6e71-62ec-4bf0-893c-30f63bf8d4e2,CN=BACKUP\0ADEL:ce951ba5-2759-40f3-be31-321cb3215f21,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp

Join failed - cleaning up
checking sAMAccountName
Deleted CN=TEST-MAIN,OU=Domain Controllers,DC=intra,DC=jp
Deleted CN=dns-TEST-MAIN,CN=Users,DC=intra,DC=jp
Deleted CN=NTDS 
Settings,CN=TEST-MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp
Deleted 
CN=TEST-MAIN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=intra,DC=jp
ERROR(ldb): uncaught exception - operations error at 
../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", 
line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", 
line 555, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1172, 
in join_DC
     ctx.do_join()
   File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1077, 
in do_join
     ctx.join_replicate()
   File "/usr/lib64/python2.7/site-packages/samba/join.py", line 851, in 
join_replicate
     ctx.local_samdb.transaction_commit()

9個のADサーバー全てで「samba-tool dbcheck」をさせてもエラーはありません。
また、見つからないSDとして,CN=BACKUPがありますが、過去にADサーバーとして 
参加していましたが、現在はメンバーサーバーとして参 加しています。
また、showreplで見てもエラー及びBACKUPのエントリーも見当たりません。
たぶん、どこかのエントリーにゴミが残っていると思うのですがどうすれば解決 
できるでしょうか？
よろしくお願いします。