[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet
Davor Vusir
davortvusir at gmail.com
Mon Jun 30 12:55:21 MDT 2014
2014-06-30 14:17 GMT+02:00 Chris Alavoine <chrisa at acs-info.co.uk>:
> Hi Davor,
>
> I have tried that but unfortunately doesn't work in my setup.
>
> I currently only have a PTR zone for my main subnet with a record for the
> FSMO roles DC. Do you think that adding PTR zones for my other subnet and
> PTR records for the other DC's could help?
>
No. I don't think it will. Sorry. I think that the way is to, at least
during the transition, use BIND9_FLATFILE.
Regards
Davor
> c:)
>
>
> On 27 June 2014 12:14, Davor Vusir <davortvusir at gmail.com> wrote:
>>
>>
>> Den 27 jun 2014 12:42 skrev "Chris Alavoine" <chrisa at acs-info.co.uk>:
>>
>>
>> >
>> > Yeah, the MMC is necessary at this stage as a few different folks manage
>> > the DNS for the domain. I guess the Site movement doesn't work with
>> > BIND_DLZ?
>> >
>> > c:)
>> >
>> One idea is to create a site, assign a ip-subnet and restart Samba.
>> Hopefully it moves into the right site...
>>
>> >
>> > On 26 June 2014 18:42, Davor Vusir <davortvusir at gmail.com> wrote:
>> >>
>> >>
>> >> Den 26 jun 2014 19:21 skrev "Chris Alavoine" <chrisa at acs-info.co.uk>:
>> >>
>> >>
>> >> >
>> >> > Hi,
>> >> >
>> >> > Yes, have seen that wiki page, seems straightforward enough, but I
>> >> > didn't think FLATFILE was supported any more?
>> >> >
>> >> > c:)
>> >> >
>> >> It does work with both 4.1.8 and 4.1.9. But please be aware of that the
>> >> DNS management MMC does not work with this setup.
>> >>
>> >> Regards
>> >> Davor
>> >>
>> >> >
>> >> > On 26 June 2014 17:41, lp101 <lingpanda101 at gmail.com> wrote:
>> >> >>
>> >> >> Chris,
>> >> >>
>> >> >> Have you seen this link from the wiki or do you need to know how
>> >> >> to setup Bind9_FlatFile first?
>> >> >>
>> >> >> https://wiki.samba.org/index.php/Changing_the_DNS_backend
>> >> >>
>> >> >>
>> >> >>
>> >> >> On 6/26/2014 8:35 AM, Chris Alavoine wrote:
>> >> >>>
>> >> >>> I'm running 4.1.5 at present on all my DC's. Will BIND9_FLATFILE
>> >> >>> work with this release - I can't find any documentation on how to change
>> >> >>> from Internal DNS to BIND9_FLATFILE.
>> >> >>>
>> >> >>> Thanks,
>> >> >>> Chris.
>> >> >>>
>> >> >>>
>> >> >>> On 24 June 2014 19:14, Davor Vusir <davortvusir at gmail.com> wrote:
>> >> >>>>
>> >> >>>> Sorry. Don't know. Haven't tested internal DNS. Maybe the recpie
>> >> >>>> is
>> >> >>>> to use BIND9_FLATFILE.
>> >> >>>>
>> >> >>>> /Davor
>> >> >>>>
>> >> >>>> 2014-06-24 20:07 GMT+02:00 lp101 <lingpanda101 at gmail.com>:
>> >> >>>> > Any workaround if using the internal DNS to move sites?
>> >> >>>> >
>> >> >>>> >
>> >> >>>> > On 6/24/2014 1:08 PM, Davor Vusir wrote:
>> >> >>>> >>
>> >> >>>> >> Hi again!
>> >> >>>> >>
>> >> >>>> >> If you use BIND9_DLZ, try change/convert to BIND9_FLATFILE and
>> >> >>>> >> you
>> >> >>>> >> will be able to create and rename Sites and move DC:s to the
>> >> >>>> >> newly
>> >> >>>> >> created Site.
>> >> >>>> >>
>> >> >>>> >> Regards
>> >> >>>> >> Davor
>> >> >>>> >>
>> >> >>>> >>
>> >> >>>> >> 2014-06-18 20:40 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
>> >> >>>> >>>
>> >> >>>> >>> 2014-06-18 10:28 GMT+02:00 Chris Alavoine
>> >> >>>> >>> <chrisa at acs-info.co.uk>:
>> >> >>>> >>>>
>> >> >>>> >>>> Hi all,
>> >> >>>> >>>>
>> >> >>>> >>>> Am having problems adding a new DC to a Site that doesn't
>> >> >>>> >>>> already have a
>> >> >>>> >>>> DC
>> >> >>>> >>>> in the same subnet. Whenever I try and do a domain join
>> >> >>>> >>>> specifying a
>> >> >>>> >>>> nearby
>> >> >>>> >>>> DC in a different subnet I get this:
>> >> >>>> >>>>
>> >> >>>> >>>> ERROR(runtime): uncaught exception - (-1073741643,
>> >> >>>> >>>> 'NT_STATUS_IO_TIMEOUT')
>> >> >>>> >>>> File
>> >> >>>> >>>>
>> >> >>>> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>> >> >>>> >>>> line 175, in _run
>> >> >>>> >>>> return self.run(*args, **kwargs)
>> >> >>>> >>>> File
>> >> >>>> >>>>
>> >> >>>> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>> >> >>>> >>>> line
>> >> >>>> >>>> 552, in run
>> >> >>>> >>>> machinepass=machinepass, use_ntvfs=use_ntvfs,
>> >> >>>> >>>> dns_backend=dns_backend)
>> >> >>>> >>>> File
>> >> >>>> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>> >> >>>> >>>> line
>> >> >>>> >>>> 1172, in join_DC
>> >> >>>> >>>> ctx.do_join()
>> >> >>>> >>>> File
>> >> >>>> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>> >> >>>> >>>> line
>> >> >>>> >>>> 1082, in do_join
>> >> >>>> >>>> ctx.join_finalise()
>> >> >>>> >>>> File
>> >> >>>> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>> >> >>>> >>>> line
>> >> >>>> >>>> 881, in join_finalise
>> >> >>>> >>>> ctx.send_DsReplicaUpdateRefs(nc)
>> >> >>>> >>>> File
>> >> >>>> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>> >> >>>> >>>> line
>> >> >>>> >>>> 866, in send_DsReplicaUpdateRefs
>> >> >>>> >>>> ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1,
>> >> >>>> >>>> r)
>> >> >>>> >>>>
>> >> >>>> >>>> I have managed to join a DC to a Site that already has a DC
>> >> >>>> >>>> in that
>> >> >>>> >>>> subnet
>> >> >>>> >>>> (although not in that Site).
>> >> >>>> >>>>
>> >> >>>> >>>> Can anyone think of a workaround for this?
>> >> >>>> >>>>
>> >> >>>> >>>> This is my join statement (names changed to protect the
>> >> >>>> >>>> innocent):
>> >> >>>> >>>>
>> >> >>>> >>>> /usr/local/samba/bin/samba-tool domain join
>> >> >>>> >>>> essence.internal.com DC
>> >> >>>> >>>> -UAdministrator --realm=example.com
>> >> >>>> >>>> --server=remotedc.example.com
>> >> >>>> >>>> --site=local
>> >> >>>> >>>>
>> >> >>>> >>>>
>> >> >>>> >>>> I am trying to do this due to the bug that doesn't allow the
>> >> >>>> >>>> manual
>> >> >>>> >>>> moving
>> >> >>>> >>>> of DC's to new Sites by using the ADSS drag and drop method.
>> >> >>>> >>>>
>> >> >>>> >>> Hi Chris!
>> >> >>>> >>>
>> >> >>>> >>> Actually there is a way. If you use a DNS that does not reside
>> >> >>>> >>> on the
>> >> >>>> >>> DC's but standalone, the manual moving works.
>> >> >>>> >>>
>> >> >>>> >>> As a start I put the following RRs in a static dns: A, ptr and
>> >> >>>> >>> 'basic'
>> >> >>>> >>> SRV RR
>> >> >>>> >>> _gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
>> >> >>>> >>> _kpasswd._tcp, _kpasswd._udp, _ldap._tcp,
>> >> >>>> >>> _ldap._tcp.dc._msdcs,
>> >> >>>> >>> _ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.
>> >> >>>> >>>
>> >> >>>> >>> That ended in following errors in syslog (amongst others):
>> >> >>>> >>>
>> >> >>>> >>> [2014/06/18 11:56:36.078267, 3]
>> >> >>>> >>> ../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
>> >> >>>> >>> dns child failed to find name
>> >> >>>> >>> '5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of
>> >> >>>> >>> type A.
>> >> >>>> >>>
>> >> >>>> >>> All SRV RR for a DC have to be present in DNS. But I have had
>> >> >>>> >>> no time
>> >> >>>> >>> to test it. And I have not tested multiple subnets.
>> >> >>>> >>>
>> >> >>>> >>> My guess is that the bug is DNS related or the account that
>> >> >>>> >>> makes the
>> >> >>>> >>> changes cannot edit the AD database. And that results in that
>> >> >>>> >>> no SRV
>> >> >>>> >>> RR are added/changed and the MMC eventually times out.
>> >> >>>> >>>
>> >> >>>> >>> Regards
>> >> >>>> >>> Davor
>> >> >>>> >>>
>> >> >>>> >>> Thanks,
>> >> >>>> >>>>
>> >> >>>> >>>> Chris.
>> >> >>>> >>>>
>> >> >>>> >>>>
>> >> >>>> >>>>
>> >> >>>> >>>> --
>> >> >>>> >>>> ACS (Alavoine Computer Services Ltd)
>> >> >>>> >>>> Chris Alavoine
>> >> >>>> >>>> mob +44 (0)7724 710 730
>> >> >>>> >>>> www.alavoinecs.co.uk
>> >> >>>> >>>> http://twitter.com/#!/alavoinecs
>> >> >>>> >>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>> >> >>>> >>>> --
>> >> >>>> >>>> To unsubscribe from this list go to the following URL and
>> >> >>>> >>>> read the
>> >> >>>> >>>> instructions: https://lists.samba.org/mailman/options/samba
>> >> >>>> >
>> >> >>>> >
>> >> >>>> > --
>> >> >>>> > -James
>> >> >>>> >
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>>
>> >> >>> --
>> >> >>> ACS (Alavoine Computer Services Ltd)
>> >> >>> Chris Alavoine
>> >> >>> mob +44 (0)7724 710 730
>> >> >>> www.alavoinecs.co.uk
>> >> >>> http://twitter.com/#!/alavoinecs
>> >> >>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>> >> >>
>> >> >>
>> >> >> --
>> >> >> -James
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > ACS (Alavoine Computer Services Ltd)
>> >> > Chris Alavoine
>> >> > mob +44 (0)7724 710 730
>> >> > www.alavoinecs.co.uk
>> >> > http://twitter.com/#!/alavoinecs
>> >> > http://www.linkedin.com/pub/chris-alavoine/39/606/192
>> >
>> >
>> >
>> >
>> > --
>> > ACS (Alavoine Computer Services Ltd)
>> > Chris Alavoine
>> > mob +44 (0)7724 710 730
>> > www.alavoinecs.co.uk
>> > http://twitter.com/#!/alavoinecs
>> > http://www.linkedin.com/pub/chris-alavoine/39/606/192
>
>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
More information about the samba
mailing list