[Samba] missing DomainDnsZones and ForestDnsZones ?

Rowland penny rpenny at samba.org
Fri Mar 18 18:48:37 UTC 2016 

On 18/03/16 18:19, Robert Moulton wrote:
> Greetings - On our samba 4 (4.3.3) AD controller I just noticed 
> something odd. When I run 'samba-tool fsmo show' I get an error:
>
> # samba-tool fsmo show
> ERROR(ldb): uncaught exception - No such Base DN: 
> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>   File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", 
> line 395, in run
>     domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>   File 
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", 
> line 40, in get_fsmo_roleowner
>     scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>
> And 'ldbsearch' verifies that DomainDnsZones is missing:
>
> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb 
> '(fsmoroleowner=*)' | grep 'dn:'
> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu
> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu
> dn: DC=biostat,DC=washington,DC=edu
> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu
> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu
>
> What might explain this anomaly, and more importantly, what should be 
> done to address it?
>
> thanks,
> -r
>

OK, as for how did you get to here, how was the domain provisioned ??

You are actually missing two fsmo roleowners, your ldbsearch should 
return these as well as the other 5:

dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
dn: CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu

Do the 'DNs' exist ?

try this:

ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b 
'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub 
'(cn=Infrastructure)'

Does it return anything ?

Run it again, but replace 'DC=DomainDnsZones' with 'DC=ForestDnsZones', 
does this return anything ?

If the objects exist, then you need to add the fsmo roleowners with 
ldbmodify

You need to create an ldif

dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
changetype: modify
add: fSMORoleOwner
fSMORoleOwner: CN=NTDS 
Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu

Then use ldbmodify to add the ldif, repeat for the ForestDnsZones

Rowland

More information about the samba mailing list