samba_upgradedns issues on secondary DC

Daniele Dario d.dario76 at gmail.com
Tue Apr 17 07:39:10 MDT 2012 

Hallo Amitay,
I'm trying to follow the execution of the samba_upgradedns script to
understand why it doesn't work for me:

at line 404, in the "Mark that we are hosting DNS partitions" block, the
script looks for NCs which are masters or has partial replicas of
partitions right?

Trying to reproduce the call with ldbsearch I see

[root at kdc02:/usr/local/samba/private]# ldbsearch -H sam.ldb -b
"CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local" "(objectclass=nTDSDSa)" "hasPartialReplicaNCs" "msDS-hasMasterNCs"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: CN=NTDS
Settings,CN=KDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
msDS-hasMasterNCs: CN=Configuration,DC=saitelitalia,DC=local
msDS-hasMasterNCs: CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
msDS-hasMasterNCs: DC=DomainDnsZones,DC=saitelitalia,DC=local
msDS-hasMasterNCs: DC=ForestDnsZones,DC=saitelitalia,DC=local
msDS-hasMasterNCs: DC=saitelitalia,DC=local

# record 2
dn: CN=NTDS
Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
msDS-hasMasterNCs: CN=Configuration,DC=saitelitalia,DC=local
msDS-hasMasterNCs: CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
msDS-hasMasterNCs: DC=saitelitalia,DC=local
hasPartialReplicaNCs: DC=DomainDnsZones,DC=saitelitalia,DC=local
hasPartialReplicaNCs: DC=ForestDnsZones,DC=saitelitalia,DC=local

# returned 2 records
# 2 entries
# 0 referrals

now samba-tool drs showrepl says that there are no failures and
replication seems to be OK.

ldbsearch tells me that for the DNS zones I have only a partial replica
on the secondary DC.
I've also seen that the replica is partial because samba-tool dns query
on the secondary DC now doesn't fail but shows me an incomplete content:

[root at kdc02:/usr/local/samba/private]# samba-tool dns query kdc02
_msdcs.saitelitalia.local @ ALL -U administrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:kdc02[,sign]
Password for [SAITELITALIA\administrator]:
  Name=, Records=0, Children=0
  Name=bdbaecef-ace9-4314-b65e-54933ac8b660, Records=0, Children=0
  Name=dc, Records=0, Children=2
  Name=domains, Records=0, Children=1
  Name=edc6129d-b286-47f3-ae02-c7f17d211370, Records=0, Children=0
  Name=gc, Records=0, Children=2
  Name=kdc01, Records=0, Children=0
  Name=pdc, Records=0, Children=1

Is it normal to have only partial replicas on secondary DCs? Is this
condition something due to an error in the replication or in the DBs?
Would it become a full replica at some point?

Back to the script: once found the list of ncs with full and partial
replicas (and adding a little debug info to the script I've seen that
them are not empty as said by ldbsearch) the script will try to update
attributes on the db and for me it fails there when running
ldb.MessageElement(master_nclist, ldb.FLAG_MOD_REPLACE,
"msDS-hasMasterNCs")
but I'm not able to find sources of that function. Obviously the error
is not in the function but I will understand what goes wrong so can you
point me to what I should search for?

Thanks,
Daniele.

More information about the samba-technical mailing list