Reporting success this past year + new Issues Adding a new Samba 4 DC to existing Samba 4 AD
Andrew Bartlett
abartlet at samba.org
Thu Dec 1 14:35:11 MST 2011
On Wed, 2011-11-30 at 12:50 -0500, Aubrey Ekstrom wrote:
> Hi Ted and everyone,
>
> Thanks again Ted for your help and suggestions.
>
> Hosts file is fine on new DC. DNS resolves both DCs fine. Same error still:
>
> newdc0:/usr/local/samba/sbin# ./samba-tool drs showrepl
> ERROR(runtime): DRS connection to newdc0.not.our.domain failed -
> (-1073741772, 'NT_STATUS_OBJECT_NAME_NOT_FOUND')
>
> I did not set up the Bind/DNS server on the new DC since that was not
> indicated in the join domain instructions, and the necessary files get
> generated from running the provisioning. It occurs to me though that for
> the kerberos stuff, that is probably needed, at least on the existing PDC
> DNS server if not on both. When I look at the DNS files for the current PDC
> though, there are 2 entries that look like GUIDs (the exact same format and
> number of characters), but are not the actual GUID of the server (the
> actual GUID of both servers I was able to locate in the Windows GUI):
>
> #1: b36cf7ca-5d1f-4720-9cc1-3034b87312c4._msdcs IN CNAME
> #2: _ldap._tcp.a3d53761-ad10-49af-9c68-9f08ebf3fb88.domains._msdcs
> IN SRV 0 100 389
>
> Does anyone know how I can find those equivalent entries (or
> generate/populate them) for the new DC? Based on the above error I am
> thinking that it may just be the kerberos and other services are not
> resolving to the new server correctly. If that is the case then it should
> be fixable by me if I can get those GUID like strings for the new server,
> whereas an ldap db corruption from replicating OS X schema, probably not
> fixable by me (if that is the problem).
>
> As always, any ideas or suggestion are most welcome and appriciated. Thanks!
When Samba starts it will spawn a child samba_dnsupdate which will
update DNS using kerberos, creating the entries. If that does not work,
perhaps the DNS server on your original DC is not accepting kerberos
updates.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical
mailing list