missing /usr/local/samba/private/dns
Amitay Isaacs
amitay at gmail.com
Wed Apr 4 20:24:33 MDT 2012
On Wed, Apr 4, 2012 at 8:30 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
> Hi Amitay,
>
> On Tue, 2012-04-03 at 09:58 +1000, Amitay Isaacs wrote:
>> On Mon, Apr 2, 2012 at 7:45 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> > Hi Amitay,
>> >
>> > On Mon, 2012-04-02 at 12:51 +1000, Amitay Isaacs wrote:
>> >> On Sat, Mar 31, 2012 at 12:03 AM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> >> > On Tue, 2012-03-27 at 09:27 +1100, Amitay Isaacs wrote:
>> >> >> On Mon, Mar 26, 2012 at 10:44 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> >> >> > Hi Amitay,
>> >> >> >
>> >> >> > On Tue, 2012-03-13 at 20:03 +1100, Amitay Isaacs wrote:
>> >> >> >> Hi Daniele,
>> >> >> >>
>> >> >> >> On Tue, Mar 13, 2012 at 6:40 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
>> >> >> >> > Hi Amitay,
>> >> >> >> >
>> >> >> >> > On Tue, 2012-03-13 at 12:13 +1100, Amitay Isaacs wrote:
>> >> >> >> >> Hi Greg,
>> >> >> >> >>
>> >> >> >> >> On Sat, Mar 10, 2012 at 2:45 PM, Greg Dickie <greg at justaguy.ca> wrote:
>> >> >> >> >> >
>> >> >> >> >> > Sounds great. Totally ready to be the guinea pig, just let me know what
>> >> >> >> >> > you need. One small question though. Is the ultimate goal to use a
>> >> >> >> >> > builtin DNS server? I thought this bind9 implementation was pretty cool.
>> >> >> >> >> > Is it missing anything that's required?
>> >> >> >> >> >
>> >> >> >> >> > Thanks for the quick response guys,
>> >> >> >> >> > Greg
>> >> >> >> >>
>> >> >> >> >> I have updated samba_upgradedns script now to handle upgrading dns
>> >> >> >> >> provision even after domain join. The new code is in my dns-wip
>> >> >> >> >> branch.
>> >> >> >> >>
>> >> >> >> >> git://git.samba.org/amitay/samba.git
>> >> >> >> >>
>> >> >> >> >> You can run samba_upgradedns multiple times without any side effects.
>> >> >> >> >> Let me know if that works for you.
>> >> >> >> >>
>> >> >> >> >> The ultimate goal is to use built-in dns server, so that samba does
>> >> >> >> >> not have to depend on external programs (BIND) for running. For time
>> >> >> >> >> being, BIND9 option is supported till built-in dns server becomes
>> >> >> >> >> fully operational.
>> >> >> >> >>
>> >> >> >> >> Amitay.
>> >> >> >> >
>> >> >> >> > do you mean that is possible to use upgradedns to provision the dns
>> >> >> >> > partitions on a samba4 DC already joined to a domain?
>> >> >> >>
>> >> >> >> Yes, that's correct. You can run samba_upgradedns on any provision and
>> >> >> >> it should upgrade it to use AD based backend.
>> >> >> >>
>> >> >> >> >
>> >> >> >> > If I catched I will use it on my secondary DC (primary is also samba4)
>> >> >> >> > to have also a secondary DNS. Does it also start replication of the dns
>> >> >> >> > partitions between the DCs?
>> >> >> >>
>> >> >> >> DNS partitions do get replicated, but you might have to restart the
>> >> >> >> secondary DC to get them correctly replicating. There is an issue
>> >> >> >> regarding msDs-hasMasterNCs attribute, which has yet to be resolved. I
>> >> >> >> haven't tried to set up a DNS server on a secondary DC using
>> >> >> >> replicated DNS as yet.
>> >> >> >>
>> >> >> >> > If yes, which is the best way to proceed?
>> >> >> >> > My idea is to upgrade secondary DC to latest git source, pull your
>> >> >> >> > branch to obtain upgradedns than run it from the secondary DC.
>> >> >> >>
>> >> >> >> You can use my dns-wip branch. First make sure that the partitions are
>> >> >> >> getting replicated. Once you confirm that, run samba_dnsupgrade on the
>> >> >> >> secondary DC to setup a AD database for BIND in dns/ directory.
>> >> >> >> Finally run BIND with DLZ on secondary DC. Obviously this hasn't been
>> >> >> >> tested, so your feedback is most welcome. :)
>> >> >> >>
>> >> >> >> Amitay.
>> >> >> >
>> >> > ...
>> >> >> You shouldn't have to install anything manually. All the binaries and
>> >> >> shared libraries are re-linked for install with correct rpath. So do
>> >> >> not copy any binaries/libraries from the bin/ in source directory to
>> >> >> install locations. Use make install to install all the files. If
>> >> >> something is not being installed correctly then it might be a problem
>> >> >> that needs to be fixed.
>> >> >>
>> >> >> Amitay.
>> >> >
>> >> > OK,
>> >> > I found that the problem was that problems in loading modules from the
>> >> > upgradedns script was due to the fact that PYTHONPATH does not
>> >> > contain /usr/local/samba/lib/python2.7/site-packages. Adding the path of
>> >> > the modules all seems to start.
>> >> >
>> >> > Anyway, with Version 4.0.0alpha19-GIT-e36622f this is what I get
>> >> >
>> >> > [root at kdc02:/usr/local/samba/private/dns]# samba_upgradedns
>> >> > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
>> >> > params.c:pm_process() - Processing configuration file
>> >> > "/usr/local/samba/etc/smb.conf"
>> >> > Reading domain information
>> >> > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
>> >> > params.c:pm_process() - Processing configuration file
>> >> > "/usr/local/samba/etc/smb.conf"
>> >> > Looking up IPv4 addresses
>> >> > Looking up IPv6 addresses
>> >> > DNS accounts already exist
>> >> > No zone file /usr/local/samba/private/dns/saitelitalia.local.zone
>> >> > DNS records will be automatically created
>> >> > Creating DNS partitions
>> >> > DN: DC=DomainDnsZones,DC=saitelitalia,DC=local is a NC
>> >> > Traceback (most recent call last):
>> >> > File "/usr/local/samba/sbin/samba_upgradedns", line 355, in <module>
>> >> > dnsadmins_sid)
>> >> > File
>> >> > "/usr/local/samba/lib/python2.7/site-packages/samba/provision/sambadns.py", line 876, in create_dns_partitions
>> >> > names.configdn, names.serverdn)
>> >> > File
>> >> > "/usr/local/samba/lib/python2.7/site-packages/samba/provision/sambadns.py", line 206, in setup_dns_partitions
>> >> > "SECDESC" : b64encode(descriptor)
>> >> > File
>> >> > "/usr/local/samba/lib/python2.7/site-packages/samba/provision/common.py", line 52, in setup_add_ldif
>> >> > ldb.add_ldif(data, controls)
>> >> > File "/usr/local/samba/lib/python2.7/site-packages/samba/__init__.py",
>> >> > line 224, in add_ldif
>> >> > self.add(msg, controls)
>> >> > _ldb.LdbError: (68, 'ldb_wait: Entry already exists (68)')
>> >> >
>> >> > Daniele
>> >> >
>> >>
>> >> It looks like the check for existing DNS partitions did not succeed,
>> >> and samba_upgradedns script tries to create those partitions even
>> >> though they exist. The logic here is to check if the Configuration
>> >> schema has information about the DNS partitions. If it does not, then
>> >> assume that the partitions do not exist. This is clearly not working
>> >> in your case. Can you elaborate on how the AD database was created?
>> >> Was it from fresh provision, or joining domain? And was there any
>> >> replication involved?
>> >>
>> >> Amitay.
>> >
>> > first time I tryed samba4 I joined it to an SBS2003 domain. On december
>> > 2011 it crashed and with samba4 I was not able to keep dns partitions
>> > working so I provisioned a new samba4 installation from scratch
>> >
>> > Now I have kdc01 which an ubuntu 11.04 x86 VM on xenserver 5.6fp1 which
>> > is the primary DC where I provisioned the domain and kdc02 which is an
>> > ubuntu 11.04 x86 on a phisical server which is joined to the domain
>> > provisioned on kdc01.
>> >
>> > Both of them run samba4 Version 4.0.0alpha19-GIT-e36622f and as per your
>> > advice I started replication of Dns partitions using samba-tool drs
>> > replicate of DC=DomainDnsZones,DC=saitelitalia,DC=local and
>> > DC=ForestDnsZones,DC=saitelitalia,DC=local in both directions
>> >
>> > What I'm seeing about the replication is:
>> > [root at kdc02:~]# samba-tool drs showrepl
>> > ldb_wrap open of secrets.ldb
>> > GENSEC backend 'gssapi_spnego' registered
>> > GENSEC backend 'gssapi_krb5' registered
>> > GENSEC backend 'gssapi_krb5_sasl' registered
>> > GENSEC backend 'schannel' registered
>> > GENSEC backend 'spnego' registered
>> > GENSEC backend 'ntlmssp' registered
>> > GENSEC backend 'krb5' registered
>> > GENSEC backend 'fake_gssapi_krb5' registered
>> > Using binding ncacn_ip_tcp:kdc02.saitelitalia.local[,seal]
>> > Default-First-Site-Name\KDC02
>> > DSA Options: 0x00000001
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > DSA invocationId: 12ae5f8c-1ebb-4c38-942f-0bc85a132f46
>> >
>> > ==== INBOUND NEIGHBORS ====
>> >
>> > DC=ForestDnsZones,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Mon Apr 2 11:42:40 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Mon Apr 2 11:42:40 2012 CEST
>> >
>> > DC=DomainDnsZones,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Mon Apr 2 11:42:41 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Mon Apr 2 11:42:41 2012 CEST
>> >
>> > DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Mon Apr 2 11:42:41 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Mon Apr 2 11:42:41 2012 CEST
>> >
>> > CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Mon Apr 2 11:42:42 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Mon Apr 2 11:42:42 2012 CEST
>> >
>> > CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Mon Apr 2 11:42:42 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Mon Apr 2 11:42:42 2012 CEST
>> >
>> > ==== OUTBOUND NEIGHBORS ====
>> >
>> > DC=ForestDnsZones,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Wed Mar 28 16:37:47 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Wed Mar 28 16:37:47 2012 CEST
>> >
>> > DC=DomainDnsZones,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Wed Mar 28 16:37:47 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Wed Mar 28 16:37:47 2012 CEST
>> >
>> > DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Mon Apr 2 11:43:18 2012 CEST failed, result 29
>> > (WERR_WRITE_FAULT)
>> > 1180 consecutive failure(s).
>> > Last success @ Wed Mar 28 16:37:48 2012 CEST
>> >
>> > CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Wed Mar 28 16:37:48 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Wed Mar 28 16:37:48 2012 CEST
>> >
>> > CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC01 via RPC
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > Last attempt @ Wed Mar 28 16:37:48 2012 CEST was successful
>> > 0 consecutive failure(s).
>> > Last success @ Wed Mar 28 16:37:48 2012 CEST
>> >
>> > ==== KCC CONNECTION OBJECTS ====
>> >
>> > Connection --
>> > Connection name: ccd53e6d-0f6e-4551-9103-064a48501322
>> > Enabled : TRUE
>> > Server DNS name : KDC02.saitelitalia.local
>> > Server DN name : CN=NTDS
>> > Settings,CN=KDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
>> > TransportType: RPC
>> > options: 0x00000001
>> > Warning: No NC replicated for Connection!
>> >
>> > [root at kdc02:~]# samba-tool drs showrepl kdc01
>> > ldb_wrap open of secrets.ldb
>> > GENSEC backend 'gssapi_spnego' registered
>> > GENSEC backend 'gssapi_krb5' registered
>> > GENSEC backend 'gssapi_krb5_sasl' registered
>> > GENSEC backend 'schannel' registered
>> > GENSEC backend 'spnego' registered
>> > GENSEC backend 'ntlmssp' registered
>> > GENSEC backend 'krb5' registered
>> > GENSEC backend 'fake_gssapi_krb5' registered
>> > Using binding ncacn_ip_tcp:kdc01[,seal]
>> > Default-First-Site-Name\KDC01
>> > DSA Options: 0x00000001
>> > DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
>> > DSA invocationId: 788bb21f-edc8-467d-89cf-f66b67840ce1
>> >
>> > ==== INBOUND NEIGHBORS ====
>> >
>> > DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ Wed Mar 28 14:45:17 2012 CEST failed, result 1225
>> > (WERR_CONNECTION_REFUSED)
>> > 2 consecutive failure(s).
>> > Last success @ Wed Mar 28 14:35:17 2012 CEST
>> >
>> > CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ Wed Mar 28 14:45:17 2012 CEST failed, result 1225
>> > (WERR_CONNECTION_REFUSED)
>> > 2 consecutive failure(s).
>> > Last success @ Wed Mar 28 14:35:18 2012 CEST
>> >
>> > CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ Wed Mar 28 14:45:17 2012 CEST failed, result 1225
>> > (WERR_CONNECTION_REFUSED)
>> > 2 consecutive failure(s).
>> > Last success @ Wed Mar 28 14:35:19 2012 CEST
>> >
>> > ==== OUTBOUND NEIGHBORS ====
>> >
>> > DC=ForestDnsZones,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ NTTIME(0) was successful
>> > 0 consecutive failure(s).
>> > Last success @ NTTIME(0)
>> >
>> > DC=DomainDnsZones,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ NTTIME(0) was successful
>> > 0 consecutive failure(s).
>> > Last success @ NTTIME(0)
>> >
>> > DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ NTTIME(0) was successful
>> > 0 consecutive failure(s).
>> > Last success @ NTTIME(0)
>> >
>> > CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ NTTIME(0) was successful
>> > 0 consecutive failure(s).
>> > Last success @ NTTIME(0)
>> >
>> > CN=Configuration,DC=saitelitalia,DC=local
>> > Default-First-Site-Name\KDC02 via RPC
>> > DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
>> > Last attempt @ NTTIME(0) was successful
>> > 0 consecutive failure(s).
>> > Last success @ NTTIME(0)
>> >
>> > ==== KCC CONNECTION OBJECTS ====
>> >
>> > Connection --
>> > Connection name: fef8d418-7309-4c61-9f21-0a9149c99ac2
>> > Enabled : TRUE
>> > Server DNS name : kdc01.saitelitalia.local
>> > Server DN name : CN=NTDS
>> > Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
>> > TransportType: RPC
>> > options: 0x00000001
>> > Warning: No NC replicated for Connection!
>> >
>> > Which tells me that something is wrong between replication, isn't it?
>> >
>> > Daniele.
>>
>> May be someone else on the list can comment about the replication issue.
>>
>> Can you check if two DCs have the same partition information?
>> Specifically DNS partition details.
>>
>> ldbsearch -H ../path/to/sam.ldb -b
>> "CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local"
>>
>> Amitay.
>
> This is what I see using ldbsearch on both DCs:
>
> [root at kdc01:/usr/local/samba/private]# ldbsearch -H sam.ldb -b
> "CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local"
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> # record 1
> dn: CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRefContainer
> cn: Partitions
> instanceType: 4
> whenCreated: 20111222200939.0Z
> uSNCreated: 1937
> showInAdvancedViewOnly: TRUE
> name: Partitions
> objectGUID: 559deee0-6009-4834-aa1e-1c515829fdbb
> systemFlags: -2147483648
> objectCategory:
> CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=saitelita
> lia,DC=local
> msDS-Behavior-Version: 2
> fSMORoleOwner: CN=NTDS
> Settings,CN=KDC01,CN=Servers,CN=Default-First-Site-Name
> ,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
> whenChanged: 20111222200950.0Z
> uSNChanged: 3593
> distinguishedName:
> CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
>
> # record 2
> dn:
> CN=SAITELITALIA,CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRef
> cn: SAITELITALIA
> instanceType: 4
> whenCreated: 20111222200940.0Z
> whenChanged: 20111222200940.0Z
> nCName: DC=saitelitalia,DC=local
> uSNCreated: 1940
> uSNChanged: 1940
> showInAdvancedViewOnly: TRUE
> name: SAITELITALIA
> objectGUID: 3311b140-f8f3-4d99-970f-16ae7c0cd252
> dnsRoot: saitelitalia.local
> nETBIOSName: SAITELITALIA
> nTMixedDomain: 0
> systemFlags: 3
> objectCategory:
> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=saitelitalia,DC=loc
> al
> msDS-Behavior-Version: 2
> distinguishedName:
> CN=SAITELITALIA,CN=Partitions,CN=Configuration,DC=saitelita
> lia,DC=local
>
> # record 3
> dn: CN=Enterprise
> Schema,CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRef
> cn: Enterprise Schema
> instanceType: 4
> whenCreated: 20111222200940.0Z
> whenChanged: 20111222200940.0Z
> nCName: CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
> uSNCreated: 1939
> uSNChanged: 1939
> showInAdvancedViewOnly: TRUE
> name: Enterprise Schema
> objectGUID: 148fb923-aad9-44cc-a2cd-bc223cee5e8c
> dnsRoot: saitelitalia.local
> systemFlags: 1
> objectCategory:
> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=saitelitalia,DC=loc
> al
> distinguishedName: CN=Enterprise
> Schema,CN=Partitions,CN=Configuration,DC=sait
> elitalia,DC=local
>
> # record 4
> dn: CN=Enterprise
> Configuration,CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRef
> cn: Enterprise Configuration
> instanceType: 4
> whenCreated: 20111222200939.0Z
> whenChanged: 20111222200939.0Z
> nCName: CN=Configuration,DC=saitelitalia,DC=local
> uSNCreated: 1938
> uSNChanged: 1938
> showInAdvancedViewOnly: TRUE
> name: Enterprise Configuration
> objectGUID: 53830354-0e63-4e09-8a7c-755dce3222b4
> dnsRoot: saitelitalia.local
> systemFlags: 1
> objectCategory:
> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=saitelitalia,DC=loc
> al
> distinguishedName: CN=Enterprise
> Configuration,CN=Partitions,CN=Configuration,
> DC=saitelitalia,DC=local
>
> # returned 4 records
> # 4 entries
> # 0 referrals
>
>
> [root at kdc02:/usr/local/samba/private]# ldbsearch -H sam.ldb -b
> "CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local"
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> # record 1
> dn: CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRefContainer
> cn: Partitions
> instanceType: 4
> whenCreated: 20111222200939.0Z
> whenChanged: 20111222200950.0Z
> uSNCreated: 1569
> uSNChanged: 1569
> showInAdvancedViewOnly: TRUE
> name: Partitions
> objectGUID: 559deee0-6009-4834-aa1e-1c515829fdbb
> fSMORoleOwner: CN=NTDS
> Settings,CN=KDC01,CN=Servers,CN=Default-First-Site-Name
> ,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
> systemFlags: -2147483648
> objectCategory:
> CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=saitelita
> lia,DC=local
> msDS-Behavior-Version: 2
> distinguishedName:
> CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
>
> # record 2
> dn:
> CN=SAITELITALIA,CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRef
> cn: SAITELITALIA
> instanceType: 4
> whenCreated: 20111222200940.0Z
> whenChanged: 20111222200940.0Z
> nCName: DC=saitelitalia,DC=local
> uSNCreated: 1646
> uSNChanged: 1646
> showInAdvancedViewOnly: TRUE
> name: SAITELITALIA
> objectGUID: 3311b140-f8f3-4d99-970f-16ae7c0cd252
> dnsRoot: saitelitalia.local
> nETBIOSName: SAITELITALIA
> nTMixedDomain: 0
> systemFlags: 3
> objectCategory:
> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=saitelitalia,DC=loc
> al
> msDS-Behavior-Version: 2
> distinguishedName:
> CN=SAITELITALIA,CN=Partitions,CN=Configuration,DC=saitelita
> lia,DC=local
>
> # record 3
> dn: CN=Enterprise
> Schema,CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRef
> cn: Enterprise Schema
> instanceType: 4
> whenCreated: 20111222200940.0Z
> whenChanged: 20111222200940.0Z
> nCName: CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
> uSNCreated: 1645
> uSNChanged: 1645
> showInAdvancedViewOnly: TRUE
> name: Enterprise Schema
> objectGUID: 148fb923-aad9-44cc-a2cd-bc223cee5e8c
> dnsRoot: saitelitalia.local
> systemFlags: 1
> objectCategory:
> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=saitelitalia,DC=loc
> al
> distinguishedName: CN=Enterprise
> Schema,CN=Partitions,CN=Configuration,DC=sait
> elitalia,DC=local
>
> # record 4
> dn: CN=Enterprise
> Configuration,CN=Partitions,CN=Configuration,DC=saitelitalia,DC=local
> objectClass: top
> objectClass: crossRef
> cn: Enterprise Configuration
> instanceType: 4
> whenCreated: 20111222200939.0Z
> whenChanged: 20111222200939.0Z
> nCName: CN=Configuration,DC=saitelitalia,DC=local
> uSNCreated: 1644
> uSNChanged: 1644
> showInAdvancedViewOnly: TRUE
> name: Enterprise Configuration
> objectGUID: 53830354-0e63-4e09-8a7c-755dce3222b4
> dnsRoot: saitelitalia.local
> systemFlags: 1
> objectCategory:
> CN=Cross-Ref,CN=Schema,CN=Configuration,DC=saitelitalia,DC=loc
> al
> distinguishedName: CN=Enterprise
> Configuration,CN=Partitions,CN=Configuration,
> DC=saitelitalia,DC=local
>
> # returned 4 records
> # 4 entries
> # 0 referrals
>
>
> The records seems to be the same, should I add some option to see more
> detalis?
>
> Daniele
>
I don't see DNS partitions information in either of the DCs. So
something is definitely wrong here. When you provisioned the first DC
(kdc01), looks like it was created without DNS partitions or somehow
the DNS partitions were created, but the information is not recorded
in the Configuration. This is really weird. No wonder when you try to
use samba_upgradedns, it tries to create DNS partitions, because there
is no record of them under CN=Partitions, but fails because the
partitions actually exist.
At this point I would suggest you manually add those entries. Use the
attached ldif file to create those entries.
ldbadd -H /path/to/sam.ldb -b
CN=Configuration,DC=saitelitalia,DC=local dns-add.ldif
It should create the missing entries under CN=Partitions. Then make
sure they are replicated to KDC02. Once that is done, try running
samba_upgradedns.
Amitay.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dns-add.ldif
Type: application/octet-stream
Size: 780 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120405/f923f92c/attachment.obj>
More information about the samba-technical
mailing list