[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet
Davor Vusir
davortvusir at gmail.com
Tue Jun 24 11:08:35 MDT 2014
Hi again!
If you use BIND9_DLZ, try change/convert to BIND9_FLATFILE and you
will be able to create and rename Sites and move DC:s to the newly
created Site.
Regards
Davor
2014-06-18 20:40 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
> 2014-06-18 10:28 GMT+02:00 Chris Alavoine <chrisa at acs-info.co.uk>:
>> Hi all,
>>
>> Am having problems adding a new DC to a Site that doesn't already have a DC
>> in the same subnet. Whenever I try and do a domain join specifying a nearby
>> DC in a different subnet I get this:
>>
>> ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT')
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>> return self.run(*args, **kwargs)
>> File
>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
>> 552, in run
>> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
>> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 1172, in join_DC
>> ctx.do_join()
>> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 1082, in do_join
>> ctx.join_finalise()
>> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 881, in join_finalise
>> ctx.send_DsReplicaUpdateRefs(nc)
>> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
>> 866, in send_DsReplicaUpdateRefs
>> ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>>
>> I have managed to join a DC to a Site that already has a DC in that subnet
>> (although not in that Site).
>>
>> Can anyone think of a workaround for this?
>>
>> This is my join statement (names changed to protect the innocent):
>>
>> /usr/local/samba/bin/samba-tool domain join essence.internal.com DC
>> -UAdministrator --realm=example.com --server=remotedc.example.com
>> --site=local
>>
>>
>> I am trying to do this due to the bug that doesn't allow the manual moving
>> of DC's to new Sites by using the ADSS drag and drop method.
>>
>
> Hi Chris!
>
> Actually there is a way. If you use a DNS that does not reside on the
> DC's but standalone, the manual moving works.
>
> As a start I put the following RRs in a static dns: A, ptr and 'basic' SRV RR
> _gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
> _kpasswd._tcp, _kpasswd._udp, _ldap._tcp, _ldap._tcp.dc._msdcs,
> _ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.
>
> That ended in following errors in syslog (amongst others):
>
> [2014/06/18 11:56:36.078267, 3]
> ../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
> dns child failed to find name
> '5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of type A.
>
> All SRV RR for a DC have to be present in DNS. But I have had no time
> to test it. And I have not tested multiple subnets.
>
> My guess is that the bug is DNS related or the account that makes the
> changes cannot edit the AD database. And that results in that no SRV
> RR are added/changed and the MMC eventually times out.
>
> Regards
> Davor
>
> Thanks,
>> Chris.
>>
>>
>>
>> --
>> ACS (Alavoine Computer Services Ltd)
>> Chris Alavoine
>> mob +44 (0)7724 710 730
>> www.alavoinecs.co.uk
>> http://twitter.com/#!/alavoinecs
>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list