[Samba] Win 2008srv to Samba4 DNS problems
Sam
sr42354 at gmail.com
Thu Apr 2 06:25:35 MDT 2015
Hello,
After a lot of different approachs, my last try seems nearly good now...
I did this :
- Preparing the old DC with adprep commands
- add DNS and AD roles in a new temporary win 2003srv
- add this new server as an AD controller
- transfer all roles to win2003 with ntdsutil command
- demote win2000
- put the AD domain and forest functional level to 2003
- move _msdcs in the DNS management tool as described here
(http://support.microsoft.com/kb/817470/en-us)
- adjust all zones with "Nonsecure and secure" Dynamic updates
- adjust all zones with Replication "To all DNS servers in the active
directory forest ariane.intra"
- join a new sernet samba4 server.
Now here is the problem:
We can see that there is a problem with this zone. But not with the
others... Reverse Lookup and _msdcs are ok.
And If I create a new zone in W2003, It's well replicate to the S4, but
not in the other way.
...If I go here on W2003 server and try to do a "Replicate now" command
here it doesn't work... ( but it work for S4 )
from S4 "samba-tool drs showrepl" command seems ok :
root at S4:~# samba-tool drs showrepl
Premier-Site-par-defaut\S4
DSA Options: 0x00000001
DSA object GUID: 822824f8-d950-4f90-9d59-524918f2d552
DSA invocationId: 1a2ead9d-43be-44e0-abd1-dfee1ed447ef
==== INBOUND NEIGHBORS ====
DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 12:03:17 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 12:03:17 2015 CEST
DC=DomainDnsZones,DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 12:03:17 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 12:03:17 2015 CEST
CN=Configuration,DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 12:03:17 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 12:03:17 2015 CEST
CN=Schema,CN=Configuration,DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 12:03:17 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 12:03:17 2015 CEST
DC=ForestDnsZones,DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 12:03:17 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 12:03:17 2015 CEST
==== OUTBOUND NEIGHBORS ====
DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 11:03:07 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 11:03:07 2015 CEST
CN=Configuration,DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 11:03:07 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 11:03:07 2015 CEST
CN=Schema,CN=Configuration,DC=ariane,DC=intra
Premier-Site-par-defaut\W2003 via RPC
DSA object GUID: 6939e9d0-1c85-4600-9b7f-18ab35e6775d
Last attempt @ Thu Apr 2 11:03:07 2015 CEST was successful
0 consecutive failure(s).
Last success @ Thu Apr 2 11:03:07 2015 CEST
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 57d7d53a-33a4-4cbb-a801-7d4836bd375f
Enabled : TRUE
Server DNS name : w2003.ariane.intra
Server DN name : CN=NTDS
Settings,CN=W2003,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=ariane,DC=intra
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
in syslog I can see some error :
Apr 2 11:08:12 S4 samba[2873]: dnsserver: Found Unhandled DNS record
type=65281
...
Apr 2 12:05:42 S4 named[2301]: samba b9_putrr: unhandled record type 65281
...
Apr 2 11:28:41 S4 named[2301]: samba b9_putrr: unhandled record type 0
...
Apr 2 14:10:40 S4 samba[2778]: Failed to bind to uuid
12345678-1234-abcd-ef00-01234567cffb for
12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED
Maybe a record in the zone is preventing things to be replicated but how
to find it?...
Last thing, here is the syslog file when samba start :
Apr 2 14:10:33 S4 named[2269]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u
bind -4
Apr 2 14:10:33 S4 named[2269]: built with '--prefix=/usr'
'--mandir=/usr/share/man' '--infodir=/usr/share/info'
'--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared'
'--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
'--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6'
'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
Apr 2 14:10:33 S4 named[2269]:
----------------------------------------------------
Apr 2 14:10:33 S4 named[2269]: BIND 9 is maintained by Internet Systems
Consortium,
Apr 2 14:10:33 S4 named[2269]: Inc. (ISC), a non-profit 501(c)(3)
public-benefit
Apr 2 14:10:33 S4 named[2269]: corporation. Support and training for
BIND 9 are
Apr 2 14:10:33 S4 named[2269]: available at https://www.isc.org/support
Apr 2 14:10:33 S4 named[2269]:
----------------------------------------------------
Apr 2 14:10:33 S4 named[2269]: adjusted limit on open files from 4096
to 1048576
Apr 2 14:10:33 S4 named[2269]: found 2 CPUs, using 2 worker threads
Apr 2 14:10:33 S4 named[2269]: using up to 4096 sockets
Apr 2 14:10:33 S4 named[2269]: loading configuration from
'/etc/bind/named.conf'
Apr 2 14:10:33 S4 named[2269]: reading built-in trusted keys from file
'/etc/bind/bind.keys'
Apr 2 14:10:33 S4 named[2269]: using default UDP/IPv4 port range:
[1024, 65535]
Apr 2 14:10:33 S4 named[2269]: using default UDP/IPv6 port range:
[1024, 65535]
Apr 2 14:10:33 S4 named[2269]: no IPv6 interfaces found
Apr 2 14:10:33 S4 named[2269]: listening on IPv4 interface lo, 127.0.0.1#53
Apr 2 14:10:33 S4 named[2269]: listening on IPv4 interface eth0,
172.20.2.2#53
Apr 2 14:10:33 S4 named[2269]: generating session key for dynamic DNS
Apr 2 14:10:33 S4 named[2269]: sizing zone task pool based on 5 zones
Apr 2 14:10:33 S4 named[2269]: Loading 'AD DNS Zone' using driver dlopen
Apr 2 14:10:35 S4 ntpd[2345]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48
UTC 2015 (1)
Apr 2 14:10:35 S4 ntpd[2347]: proto: precision = 0.108 usec
Apr 2 14:10:35 S4 ntpd[2347]: Listen normally on 0 lo 127.0.0.1 UDP 123
Apr 2 14:10:35 S4 ntpd[2347]: Listen normally on 1 eth0 172.20.2.2 UDP 123
Apr 2 14:10:35 S4 ntpd[2347]: peers refreshed
Apr 2 14:10:35 S4 ntpd[2347]: Listening on routing socket on fd #18 for
interface updates
Apr 2 14:10:35 S4 ntpd[2347]: MS-SNTP signd operations currently block
ntpd degrading service to all clients.
Apr 2 14:10:35 S4 samba[2380]: [2015/04/02 14:10:35.670893, 0]
../source4/smbd/server.c:370(binary_smbd_main)
Apr 2 14:10:35 S4 samba[2380]: samba version
4.1.17-SerNet-Debian-10.wheezy started.
Apr 2 14:10:35 S4 samba[2380]: Copyright Andrew Tridgell and the
Samba Team 1992-2013
Apr 2 14:10:37 S4 named[2269]: samba_dlz: started for DN DC=ariane,DC=intra
Apr 2 14:10:37 S4 named[2269]: samba_dlz: starting configure
Apr 2 14:10:37 S4 named[2269]: samba_dlz: configured writeable zone
'21.172.in-addr.arpa'
Apr 2 14:10:37 S4 named[2269]: samba_dlz: configured writeable zone
'20.172.in-addr.arpa'
*Apr 2 14:10:37 S4 named[2269]: samba b9_putrr: unhandled record type
65281**
**Apr 2 14:10:37 S4 named[2269]: samba b9_putrr: unhandled record type
65281*
Apr 2 14:10:37 S4 named[2269]: samba_dlz: configured writeable zone
'ariane.intra'
Apr 2 14:10:37 S4 named[2269]: samba_dlz: configured writeable zone
'test2.test'
Apr 2 14:10:37 S4 named[2269]: samba_dlz: configured writeable zone
'_msdcs.ariane.intra'
Apr 2 14:10:37 S4 named[2269]: using built-in root key for view _default
Apr 2 14:10:37 S4 named[2269]: set up managed keys zone for view
_default, file 'managed-keys.bind'
Apr 2 14:10:37 S4 named[2269]: command channel listening on 127.0.0.1#953
Apr 2 14:10:37 S4 named[2269]: zone 0.in-addr.arpa/IN: loaded serial 1
Apr 2 14:10:37 S4 named[2269]: zone 127.in-addr.arpa/IN: loaded serial 1
Apr 2 14:10:37 S4 named[2269]: zone 255.in-addr.arpa/IN: loaded serial 1
Apr 2 14:10:37 S4 named[2269]: zone localhost/IN: loaded serial 2
Apr 2 14:10:37 S4 named[2269]: managed-keys-zone ./IN: loaded serial 2
Apr 2 14:10:37 S4 named[2269]: running
Apr 2 14:10:37 S4 ntpdate[1693]: the NTP socket is in use, exiting
Apr 2 14:10:37 S4 ntpdate[1718]: the NTP socket is in use, exiting
Apr 2 14:10:37 S4 ntpdate[1690]: the NTP socket is in use, exiting
Apr 2 14:10:37 S4 /usr/sbin/cron[2564]: (CRON) INFO (pidfile fd = 3)
Apr 2 14:10:37 S4 /usr/sbin/cron[2584]: (CRON) STARTUP (fork ok)
Apr 2 14:10:37 S4 /usr/sbin/cron[2584]: (CRON) INFO (Running @reboot jobs)
Apr 2 14:10:37 S4 samba[2455]: [2015/04/02 14:10:37.725312, 0]
../source4/smbd/server.c:488(binary_smbd_main)
Apr 2 14:10:37 S4 samba[2455]: samba: using 'standard' process model
Apr 2 14:10:37 S4 samba[2455]: [2015/04/02 14:10:37.763328, 0]
../lib/util/become_daemon.c:136(daemon_ready)
Apr 2 14:10:40 S4 samba[2778]: [2015/04/02 14:10:40.663066, 0]
../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
Apr 2 14:10:40 S4 samba[2778]: *Failed to bind to uuid
12345678-1234-abcd-ef00-01234567cffb for
12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal] NT_STATUS_ACCESS_DENIED*
Apr 2 14:10:40 S4 smbd[2760]: [2015/04/02 14:10:40.898516, 0]
../lib/util/become_daemon.c:136(daemon_ready)
Apr 2 14:10:41 S4 kernel: [ 18.341693] eth0: no IPv6 routers present
Apr 2 14:10:41 S4 kernel: [ 18.674502] eth1: no IPv6 routers present
Any ideas?
Thanks !
Le 30/03/2015 16:28, Sam a écrit :
> Maybe this KB 817470 MUST be done only on windows 2003 srv?
> I don't find the KB for 2008... and 2008 is not on the APPLIES TO
> section...
> I think I'm going to test this KB on a 2003... ( window2000 -> windows
> 2003 -> KB 817470 -> Samba4 join )
> I Hope it will rocks!
>
> Le 30/03/2015 11:17, Denis Cardon a écrit :
>> Hi Sam,
>>
>>> I try to migrate form an old windows AD ( win 2000 )
>>> So I use a temporary windows2008R2 to move AD from win2000 to S4.
>>> Forest and domain level are W2008R2.
>>> Now I have some problems with the dns in samba4. I have no answers even
>>> in local from samba4.
>>>
>>> If I try to move from a new empty windows 2008 ad, The service start
>>> and
>>> answer well...
>>> So I think something in my old DNS database is missing or disturbing...
>>
>> You may check if it is not an issue with the _msdcs zone: in win2k,
>> the _msdcs zone was a subzone under the domain.lan zone. From win2k3
>> onward, it is a separate zone because it is located in a separate AD
>> partition. The change from dc=domain,dc=lan partition to the
>> dc=ForestDNSZones,dc=domain,dc=lan partition is not automatic.
>>
>> You may take a look at http://support.microsoft.com/en-us/kb/817470
>>
>> Cheers,
>>
>> Denis
>>
>>>
>>> I just have done this on the dns :
>>> (http://support.microsoft.com/fr-fr/kb/817470)
>>>
>>>
>>> But in the new Windows 2008, I can see something that I don't have in
>>> the old:
>>>
>>>
>>> What I am missing? Is there a best practice guide for preparing DNS to
>>> follow before joining a samba4? ( remove windows 2000 AD compatibility
>>> for instance...)
>>>
>>> Thanks all!
>>>
>>> Samuel
>>>
>>> ps : here is my syslog details :
>>>
>>> Mar 27 11:46:00 S4 named[2226]: starting BIND 9.8.4-rpz2+rl005.12-P1 -u
>>> bind -4
>>> Mar 27 11:46:00 S4 named[2226]: built with '--prefix=/usr'
>>> '--mandir=/usr/share/man' '--infodir=/usr/share/info'
>>> '--sysconfdir=/etc/bind' '--localstatedir=/var' '--enable-threads'
>>> '--enable-largefile' '--with-libtool' '--enable-shared'
>>> '--enable-static' '--with-openssl=/usr' '--with-gssapi=/usr'
>>> '--with-gnu-ld' '--with-geoip=/usr' '--enable-ipv6'
>>> 'CFLAGS=-fno-strict-aliasing -DDIG_SIGCHASE -O2'
>>> Mar 27 11:46:00 S4 named[2226]:
>>> ----------------------------------------------------
>>> Mar 27 11:46:00 S4 named[2226]: BIND 9 is maintained by Internet
>>> Systems
>>> Consortium,
>>> Mar 27 11:46:00 S4 named[2226]: Inc. (ISC), a non-profit 501(c)(3)
>>> public-benefit
>>> Mar 27 11:46:00 S4 named[2226]: corporation. Support and training for
>>> BIND 9 are
>>> Mar 27 11:46:00 S4 named[2226]: available at
>>> https://www.isc.org/support
>>> Mar 27 11:46:00 S4 named[2226]:
>>> ----------------------------------------------------
>>> Mar 27 11:46:00 S4 named[2226]: adjusted limit on open files from 4096
>>> to 1048576
>>> Mar 27 11:46:00 S4 named[2226]: found 2 CPUs, using 2 worker threads
>>> Mar 27 11:46:00 S4 named[2226]: using up to 4096 sockets
>>> Mar 27 11:46:00 S4 named[2226]: loading configuration from
>>> '/etc/bind/named.conf'
>>> Mar 27 11:46:00 S4 named[2226]: reading built-in trusted keys from file
>>> '/etc/bind/bind.keys'
>>> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv4 port range:
>>> [1024, 65535]
>>> Mar 27 11:46:00 S4 named[2226]: using default UDP/IPv6 port range:
>>> [1024, 65535]
>>> Mar 27 11:46:00 S4 named[2226]: no IPv6 interfaces found
>>> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface lo,
>>> 127.0.0.1#53
>>> Mar 27 11:46:00 S4 named[2226]: listening on IPv4 interface eth0,
>>> 172.20.2.2#53
>>> Mar 27 11:46:00 S4 named[2226]: generating session key for dynamic DNS
>>> Mar 27 11:46:00 S4 named[2226]: sizing zone task pool based on 5 zones
>>> Mar 27 11:46:01 S4 named[2226]: Loading 'AD DNS Zone' using driver
>>> dlopen
>>> Mar 27 11:46:01 S4 ntpd[2301]: ntpd 4.2.6p5 at 1.2349-o Sat Feb 7 11:05:48
>>> UTC 2015 (1)
>>> Mar 27 11:46:01 S4 ntpd[2302]: proto: precision = 0.100 usec
>>> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 0 lo 127.0.0.1 UDP
>>> 123
>>> Mar 27 11:46:01 S4 ntpd[2302]: Listen normally on 1 eth0 172.20.2.2
>>> UDP 123
>>> Mar 27 11:46:01 S4 ntpd[2302]: peers refreshed
>>> Mar 27 11:46:01 S4 ntpd[2302]: Listening on routing socket on fd #18
>>> for
>>> interface updates
>>> Mar 27 11:46:01 S4 ntpd[2302]: MS-SNTP signd operations currently block
>>> ntpd degrading service to all clients.
>>> Mar 27 11:46:02 S4 samba[2374]: [2015/03/27 11:46:02.896676, 0]
>>> ../source4/smbd/server.c:370(binary_smbd_main)
>>> Mar 27 11:46:02 S4 samba[2374]: samba version
>>> 4.1.17-SerNet-Debian-10.wheezy started.
>>> Mar 27 11:46:02 S4 samba[2374]: Copyright Andrew Tridgell and the
>>> Samba Team 1992-2013
>>> Mar 27 11:46:03 S4 named[2226]: samba_dlz: started for DN
>>> DC=ariane,DC=intra
>>> Mar 27 11:46:03 S4 named[2226]: samba_dlz: starting configure
>>> Mar 27 11:46:03 S4 named[2226]: samba_dlz: configured writeable zone
>>> '_msdcs.ariane.intra'
>>> Mar 27 11:46:03 S4 named[2226]: using built-in root key for view
>>> _default
>>> Mar 27 11:46:03 S4 named[2226]: set up managed keys zone for view
>>> _default, file 'managed-keys.bind'
>>> Mar 27 11:46:03 S4 named[2226]: command channel listening on
>>> 127.0.0.1#953
>>> Mar 27 11:46:03 S4 named[2226]: zone 0.in-addr.arpa/IN: loaded serial 1
>>> Mar 27 11:46:03 S4 named[2226]: zone 127.in-addr.arpa/IN: loaded
>>> serial 1
>>> Mar 27 11:46:03 S4 named[2226]: zone 255.in-addr.arpa/IN: loaded
>>> serial 1
>>> Mar 27 11:46:03 S4 named[2226]: zone localhost/IN: loaded serial 2
>>> Mar 27 11:46:03 S4 named[2226]: managed-keys-zone ./IN: loaded serial 2
>>> Mar 27 11:46:03 S4 named[2226]: running
>>> Mar 27 11:46:04 S4 ntpdate[1701]: the NTP socket is in use, exiting
>>> Mar 27 11:46:04 S4 ntpdate[1670]: the NTP socket is in use, exiting
>>> Mar 27 11:46:04 S4 ntpdate[1668]: the NTP socket is in use, exiting
>>> Mar 27 11:46:04 S4 /usr/sbin/cron[2525]: (CRON) INFO (pidfile fd = 3)
>>> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) STARTUP (fork ok)
>>> Mar 27 11:46:04 S4 /usr/sbin/cron[2527]: (CRON) INFO (Running
>>> @reboot jobs)
>>> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.862709, 0]
>>> ../source4/smbd/server.c:488(binary_smbd_main)
>>> Mar 27 11:46:04 S4 samba[2376]: samba: using 'standard' process model
>>> Mar 27 11:46:04 S4 samba[2376]: [2015/03/27 11:46:04.885661, 0]
>>> ../lib/util/become_daemon.c:136(daemon_ready)
>>> Mar 27 11:46:07 S4 kernel: [ 17.220877] eth0: no IPv6 routers present
>>> Mar 27 11:46:07 S4 samba[2792]: [2015/03/27 11:46:07.388008, 0]
>>> ../source4/librpc/rpc/dcerpc_util.c:681(dcerpc_pipe_auth_recv)
>>> Mar 27 11:46:07 S4 samba[2792]: Failed to bind to uuid
>>> 12345678-1234-abcd-ef00-01234567cffb for
>>> 12345678-1234-abcd-ef00-01234567cffb at ncalrpc:127.0.0.1[DEFAULT,sign,seal]
>>> NT_STATUS_ACCESS_DENIED
>>>
>>> Mar 27 11:46:07 S4 smbd[2785]: [2015/03/27 11:46:07.551928, 0]
>>> ../lib/util/become_daemon.c:136(daemon_ready)
>>> Mar 27 11:46:08 S4 kernel: [ 17.940675] eth1: no IPv6 routers present
>>> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.280522, 0]
>>> ../source4/dsdb/repl/replicated_objects.c:818(dsdb_replicated_objects_commit)
>>>
>>>
>>> Mar 27 11:46:21 S4 samba[2791]:
>>> ../source4/dsdb/repl/replicated_objects.c:818 Failed to prepare commit
>>> of transaction: operations error at
>>> ../source4/dsdb/samdb/ldb_modules/descriptor.c:1147
>>> Mar 27 11:46:21 S4 samba[2791]: [2015/03/27 11:46:21.283141, 0]
>>> ../source4/dsdb/repl/drepl_out_helpers.c:758(dreplsrv_op_pull_source_apply_changes_trigger)
>>>
>>>
>>> Mar 27 11:46:21 S4 samba[2791]: Failed to commit objects:
>>> WERR_GENERAL_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE
>>>
>>
>
More information about the samba
mailing list