About a year ago I added a secondary domain controller to my AD setup, unfortunatly this died and I had to build a redeploy another.

When joining this system to the PDC I saw the following issue in the zentyal.log

“Unable to open tdb ‘/var/lib/samba/private/sam.ldb’: Permission denied”)

Could not find machine account in secrets database: Failed to fetch machine account password for DISCWORLD from both secrets.ldb

I discovered that I had to clean the AD schema before it would allow me to add the system back into the AD

samba-tool ntacl sysvolreset

samba-tool dbcheck –cross-ncs –fix