missing /usr/local/samba/private/dns

Amitay Isaacs amitay at gmail.com
Sun Apr 1 20:51:32 MDT 2012


On Sat, Mar 31, 2012 at 12:03 AM, Daniele Dario <d.dario76 at gmail.com> wrote:
> On Tue, 2012-03-27 at 09:27 +1100, Amitay Isaacs wrote:
>> On Mon, Mar 26, 2012 at 10:44 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> > Hi Amitay,
>> >
>> > On Tue, 2012-03-13 at 20:03 +1100, Amitay Isaacs wrote:
>> >> Hi Daniele,
>> >>
>> >> On Tue, Mar 13, 2012 at 6:40 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> >> > Hi Amitay,
>> >> >
>> >> > On Tue, 2012-03-13 at 12:13 +1100, Amitay Isaacs wrote:
>> >> >> Hi Greg,
>> >> >>
>> >> >> On Sat, Mar 10, 2012 at 2:45 PM, Greg Dickie <greg at justaguy.ca> wrote:
>> >> >> >
>> >> >> > Sounds great. Totally ready to be the guinea pig, just let me know what
>> >> >> > you need. One small question though. Is the ultimate goal to use a
>> >> >> > builtin DNS server? I thought this bind9 implementation was pretty cool.
>> >> >> > Is it missing anything that's required?
>> >> >> >
>> >> >> > Thanks for the quick response guys,
>> >> >> > Greg
>> >> >>
>> >> >> I have updated samba_upgradedns script now to handle upgrading dns
>> >> >> provision even after domain join. The new code is in my dns-wip
>> >> >> branch.
>> >> >>
>> >> >>   git://git.samba.org/amitay/samba.git
>> >> >>
>> >> >> You can run samba_upgradedns multiple times without any side effects.
>> >> >> Let me know if that works for you.
>> >> >>
>> >> >> The ultimate goal is to use built-in dns server, so that samba does
>> >> >> not have to depend on external programs (BIND) for running. For time
>> >> >> being, BIND9 option is supported till built-in dns server becomes
>> >> >> fully operational.
>> >> >>
>> >> >> Amitay.
>> >> >
>> >> > do you mean that is possible to use upgradedns to provision the dns
>> >> > partitions on a samba4 DC already joined to a domain?
>> >>
>> >> Yes, that's correct. You can run samba_upgradedns on any provision and
>> >> it should upgrade it to use AD based backend.
>> >>
>> >> >
>> >> > If I catched I will use it on my secondary DC (primary is also samba4)
>> >> > to have also a secondary DNS. Does it also start replication of the dns
>> >> > partitions between the DCs?
>> >>
>> >> DNS partitions do get replicated, but you might have to restart the
>> >> secondary DC to get them correctly replicating. There is an issue
>> >> regarding msDs-hasMasterNCs attribute, which has yet to be resolved. I
>> >> haven't tried to set up a DNS server on a secondary DC using
>> >> replicated DNS as yet.
>> >>
>> >> > If yes, which is the best way to proceed?
>> >> > My idea is to upgrade secondary DC to latest git source, pull your
>> >> > branch to obtain upgradedns than run it from the secondary DC.
>> >>
>> >> You can use my dns-wip branch. First make sure that the partitions are
>> >> getting replicated. Once you confirm that, run samba_dnsupgrade on the
>> >> secondary DC to setup a AD database for BIND in dns/ directory.
>> >> Finally run BIND with DLZ on secondary DC. Obviously this hasn't been
>> >> tested, so your feedback is most welcome. :)
>> >>
>> >> Amitay.
>> >
> ...
>> You shouldn't have to install anything manually. All the binaries and
>> shared libraries are re-linked for install with correct rpath. So do
>> not copy any binaries/libraries from the bin/ in source directory to
>> install locations. Use make install to install all the files. If
>> something is not being installed correctly then it might be a problem
>> that needs to be fixed.
>>
>> Amitay.
>
> OK,
> I found that the problem was that problems in loading modules from the
> upgradedns script was due to the fact that PYTHONPATH does not
> contain /usr/local/samba/lib/python2.7/site-packages. Adding the path of
> the modules all seems to start.
>
> Anyway, with Version 4.0.0alpha19-GIT-e36622f this is what I get
>
> [root at kdc02:/usr/local/samba/private/dns]# samba_upgradedns
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Reading domain information
> lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
> params.c:pm_process() - Processing configuration file
> "/usr/local/samba/etc/smb.conf"
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> DNS accounts already exist
> No zone file /usr/local/samba/private/dns/saitelitalia.local.zone
> DNS records will be automatically created
> Creating DNS partitions
> DN: DC=DomainDnsZones,DC=saitelitalia,DC=local is a NC
> Traceback (most recent call last):
>  File "/usr/local/samba/sbin/samba_upgradedns", line 355, in <module>
>    dnsadmins_sid)
>  File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/sambadns.py", line 876, in create_dns_partitions
>    names.configdn, names.serverdn)
>  File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/sambadns.py", line 206, in setup_dns_partitions
>    "SECDESC"      : b64encode(descriptor)
>  File
> "/usr/local/samba/lib/python2.7/site-packages/samba/provision/common.py", line 52, in setup_add_ldif
>    ldb.add_ldif(data, controls)
>  File "/usr/local/samba/lib/python2.7/site-packages/samba/__init__.py",
> line 224, in add_ldif
>    self.add(msg, controls)
> _ldb.LdbError: (68, 'ldb_wait: Entry already exists (68)')
>
> Daniele
>

It looks like the check for existing DNS partitions did not succeed,
and samba_upgradedns script tries to create those partitions even
though they exist. The logic here is to check if the Configuration
schema has information about the DNS partitions. If it does not, then
assume that the partitions do not exist. This is clearly not working
in your case. Can you elaborate on how the AD database was created?
Was it from fresh provision, or joining domain? And was there any
replication involved?

Amitay.


More information about the samba-technical mailing list