samba4 and

Matthieu Patou mat at
Fri Jul 8 00:43:11 MDT 2011

On 08/07/2011 00:20, Gémes Géza wrote:
> 2011-07-07 20:10 keltezéssel, Denis Cardon írta:
>> Hi Kai,
>>>> However I'm not very sure how to and where to create the dns zone. I'm
>>>> have the cn=MicrosoftDNS,cn=System,dc=tranquilit,dc=local with the
>>>> RootDNSServers entries. I've found the corresponding ldif script in the
>>>> samba source code for provising, but nothing about creating the DNS
>>>> zone
>>>> for binddlz.
>>>> Should I copy it from an existing MS AD? How can I debug the libdlz to
>>>> be sure that the libdlz module is called (like a slapd -d 320) and to
>>>> see which ldap call it is making?
>>> As of yesterday night, my DNS provisioning patches are in the master
>>> branch of samba.git. New provisions should now create the required DNS
>>> entries while the AD is being set up.
>> thanks a lot for your patches Kai. I pulled out the git master branch
>> this afternoon, compiled merrily, provisioned eagerly, and there are
>> indeed DNS entries which looks quite fine in the
>> cn=MicrosoftDNS,cn=System,<base_dn>  ldap branch. Great!
>> However, I still couldn't resolve dns entries. Looking at samba4 debug
>> trace, it seems that it is looking at
>> dn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  for dnsZone, and not in
>> the cn=MicrosoftDNS,cn=System,<base_dn>  where the entries have been
>> created.
>> Moreover, looking at an existing MS AD install, the forward dns
>> entries where actually in the
>> dn=CN=MicrosoftDNS,DC=DomainDnsZones,<base_dn>  and it seems to me that
>> it should be in a separate partition.
>> Thanks a lot for your efforts !
>> Denis
>>> Cheers,
>>> Kai
>>> - -- 
>>> Kai Blin
>>> Worldforge developer
>>> Wine developer
>>> Samba team member
>>> Version: GnuPG v1.4.10 (GNU/Linux)
>>> Comment: Using GnuPG with Mozilla -
>>> syEAoJP4uOxbHUKP4OnfcYTnXimFhz/A
>>> =6Rpa
>>> -----END PGP SIGNATURE-----
> Please try to re-provision after applying the attached patch.
That's not the correct kind of Fix.

A more correct fix could be that the DLZ module check in the 2003 
container first and if it didn't find anything in it then in the 2008. 
Provision should also add the new containers

mat at ares:/usr/local/src/samba4$ ./bin/ldbsearch -H 
~/workspace/samba/w2k8r2/private/sam.ldb '(CN=MicrosoftDNS)'  dn --cross-ncs

# record 1
dn: CN=MicrosoftDNS,DC=DomainDnsZones,DC=w2k8r2,DC=home,DC=matws,DC=net

# record 2
dn: CN=MicrosoftDNS,DC=ForestDnsZones,DC=w2k8r2,DC=home,DC=matws,DC=net

# record 3
dn: CN=MicrosoftDNS,CN=System,DC=w2k8r2,DC=home,DC=matws,DC=net

mat at ares:/usr/local/src/samba4$ ./bin/ldbsearch -H 
~/workspace/samba/w2k3r2/private/sam.ldb '(CN=MicrosoftDNS)'  dn --cross-ncs

# record 1
dn: CN=MicrosoftDNS,CN=System,DC=w2k3r2,DC=home,DC=matws,DC=net

# returned 1 records
# 1 entries
# 0 referrals

I'm wondering what's happening if you have a w2k3r2 server with a 2003 
forest level and then you join a w2k8r2 then leave the w2k3 and raise 
the forest level, will the dns container will be changed or not ?


Matthieu Patou
Samba Team
Private repo;a=summary

More information about the samba-technical mailing list