migration bind9 flat file to DLZ
Andreas Oster
aoster at novanetwork.de
Thu Feb 9 03:06:14 MST 2012
Hello Amitay,
I have now manually entered the DNS details for my second samba4 DC
and replication and so on seems to work, but second server is still not able
to update its DNS entries (dns_tkey_negotiategss: TKEY is inacceptable)
do you have any idea how to resolve this last issue ?
Thank you for your kind help and patience
best regards
Andreas
Am 09.02.2012 09:21, schrieb Amitay Isaacs:
> Hi Andreas,
>
> On Thu, Feb 9, 2012 at 7:05 PM, Andreas Oster <aoster at novanetwork.de
> <mailto:aoster at novanetwork.de>> wrote:
>
> Hi Amitay,
>
> Am 09.02.2012 08:54, schrieb Amitay Isaacs:
>> Hi Andreas,
>>
>> On Thu, Feb 9, 2012 at 6:41 PM, Andreas Oster <aoster at novanetwork.de> <mailto:aoster at novanetwork.de> wrote:
>>
>>> now the upgradedns script completed without any errors. The bind9 demon
>>> could
>>> load the data but something seems to be wrong. I am not allowed to edit the
>>> novanetwork.loc Forward Lookup Zone. In DNS administration tool I get the
>>> following
>>> error when selecting "novanetwork.loc": Zone not loaded by DNS Server
>>> The rest seems to be OK.
>>>
>>> Thank you for your great efforts and kind help.
>>>
>>> best regards
>>>
>>> Andreas
>>>
>> I am assuming that you are using relatively recent source from git master for
>> running samba. Can you see the records from the zone in dns management
>> tool?
> last git pull was yesterday, so sources are up to date.
>
>
>
>> Are you able to run samba-tool dns commands? For example,
>>
>> samba-tool dns serverinfo <server> -U administrator%<password>
>
> /usr/local/samba/bin/samba-tool dns serverinfo novadc01 -U
> administrator
> Password for [NOVA\administrator]:
> dwVersion : 0xece0205
> fBootMethod : DNS_BOOT_METHOD_DIRECTORY
> fAdminConfigured : FALSE
> fAllowUpdate : TRUE
> fDsAvailable : TRUE
> pszServerName : NOVADC01.novanetwork.loc
> pszDsContainer :
> CN=MicrosoftDNS,DC=DomainDnsZones,DC=novanetwork,DC=loc
> aipServerAddrs : ['255.255.255.255 (53)',
> '255.255.255.255 (53)']
> aipListenAddrs : ['255.255.255.255 (53)',
> '255.255.255.255 (53)']
> aipForwarders : []
> dwLogLevel : 0
> dwDebugLevel : 0
> dwForwardTimeout : 3
> dwRpcPrototol : 0x5
> dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
> cAddressAnswerLimit : 0
> dwRecursionRetry : 3
> dwRecursionTimeout : 8
> dwMaxCacheTtl : 86400
> dwDsPollingInterval : 180
> dwScavengingInterval : 0
> dwDefaultRefreshInterval : 168
> dwDefaultNoRefreshInterval : 168
> fAutoReverseZones : FALSE
> fAutoCacheUpdate : FALSE
> fRecurseAfterForwarding : FALSE
> fForwardDelegations : TRUE
> fNoRecursion : FALSE
> fSecureResponses : FALSE
> fRoundRobin : TRUE
> fLocalNetPriority : FALSE
> fBindSecondaries : FALSE
> fWriteAuthorityNs : FALSE
> fStrictFileParsing : FALSE
> fLooseWildcarding : FALSE
> fDefaultAgingState : FALSE
> dwRpcStructureVersion : 0x2
> aipLogFilter : []
> pwszLogFilePath : None
> pszDomainName : novanetwork.loc
> pszForestName : novanetwork.loc
> pszDomainDirectoryPartition :
> DC=DomainDnsZones,DC=novanetwork,DC=loc
> pszForestDirectoryPartition :
> DC=ForestDnsZones,DC=novanetwork,DC=loc
> dwLocalNetPriorityNetMask : 0xff
> dwLastScavengeTime : 0
> dwEventLogLevel : 4
> dwLogFileMaxSize : 0
> dwDsForestVersion : 4
> dwDsDomainVersion : 4
> dwDsDsaVersion : 4
> fReadOnlyDC : FALSE
>
>> samba-tool dns zonelist <server> -U administrator%<password>
> /usr/local/samba/bin/samba-tool dns zonelist novadc01 -U
> administrator
> Password for [NOVA\administrator]:
> 3 zone(s) found
>
> pszZoneName : 1.2.10.in-addr.arpa
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.novanetwork.loc
>
> pszZoneName : novanetwork.loc
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.novanetwork.loc
>
> pszZoneName : _msdcs.novanetwork.loc
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.novanetwork.loc
>
>
>
>> If the above commands fail, you might be running older version of samba
>> without RPC dnsserver support.
>>
>> Amitay
>
> best regards
>
> Andreas
>
>
> I think the problem is the @ record. The DNS management tool is not
> working
> because it cannot find @ record. This is an issue with import. In the zone
> file, there is only single @ record, but two zones (novanetwork.loc and
> msdcs.novanetwork.loc). The @ record has been imported for zone
> _msdcs.novanetwork.loc and you can see it through network management
> tool.
>
> I will update the DNS import, to copy @ record for both the zones.
>
> You can confirm this by
>
> samba-tool dns query <server> novanetwork.loc @ ALL
>
> This will not have @ record, but
>
> samba-tool dns query <server> _msdcs.novanetwork.loc @ ALL
>
> should have @ record.
>
> For now, you can use --migrate=no option to auto-create the entries for
> AD operation and add any other entries with samba-tool dns add command.
>
> Amitay.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120209/c3747c31/attachment.pgp>
More information about the samba-technical
mailing list