migration bind9 flat file to DLZ
Andreas Oster
aoster at novanetwork.de
Fri Feb 10 00:10:33 MST 2012
Hello Amitay,
Am 09.02.2012 11:06, schrieb Andreas Oster:
> Hello Amitay,
>
> I have now manually entered the DNS details for my second samba4 DC
> and replication and so on seems to work, but second server is still not able
> to update its DNS entries (dns_tkey_negotiategss: TKEY is inacceptable)
>
> do you have any idea how to resolve this last issue ?
>
> Thank you for your kind help and patience
>
> best regards
>
> Andreas
>
> Am 09.02.2012 09:21, schrieb Amitay Isaacs:
>> Hi Andreas,
>>
>> On Thu, Feb 9, 2012 at 7:05 PM, Andreas Oster <aoster at novanetwork.de
>> <mailto:aoster at novanetwork.de>> wrote:
>>
>> Hi Amitay,
>>
>> Am 09.02.2012 08:54, schrieb Amitay Isaacs:
>>> Hi Andreas,
>>>
>>> On Thu, Feb 9, 2012 at 6:41 PM, Andreas Oster <aoster at novanetwork.de> <mailto:aoster at novanetwork.de> wrote:
>>>
>>>> now the upgradedns script completed without any errors. The bind9 demon
>>>> could
>>>> load the data but something seems to be wrong. I am not allowed to edit the
>>>> novanetwork.loc Forward Lookup Zone. In DNS administration tool I get the
>>>> following
>>>> error when selecting "novanetwork.loc": Zone not loaded by DNS Server
>>>> The rest seems to be OK.
>>>>
>>>> Thank you for your great efforts and kind help.
>>>>
>>>> best regards
>>>>
>>>> Andreas
>>>>
>>> I am assuming that you are using relatively recent source from git master for
>>> running samba. Can you see the records from the zone in dns management
>>> tool?
>> last git pull was yesterday, so sources are up to date.
>>
>>
>>
>>> Are you able to run samba-tool dns commands? For example,
>>>
>>> samba-tool dns serverinfo <server> -U administrator%<password>
>>
>> /usr/local/samba/bin/samba-tool dns serverinfo novadc01 -U
>> administrator
>> Password for [NOVA\administrator]:
>> dwVersion : 0xece0205
>> fBootMethod : DNS_BOOT_METHOD_DIRECTORY
>> fAdminConfigured : FALSE
>> fAllowUpdate : TRUE
>> fDsAvailable : TRUE
>> pszServerName : NOVADC01.novanetwork.loc
>> pszDsContainer :
>> CN=MicrosoftDNS,DC=DomainDnsZones,DC=novanetwork,DC=loc
>> aipServerAddrs : ['255.255.255.255 (53)',
>> '255.255.255.255 (53)']
>> aipListenAddrs : ['255.255.255.255 (53)',
>> '255.255.255.255 (53)']
>> aipForwarders : []
>> dwLogLevel : 0
>> dwDebugLevel : 0
>> dwForwardTimeout : 3
>> dwRpcPrototol : 0x5
>> dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
>> cAddressAnswerLimit : 0
>> dwRecursionRetry : 3
>> dwRecursionTimeout : 8
>> dwMaxCacheTtl : 86400
>> dwDsPollingInterval : 180
>> dwScavengingInterval : 0
>> dwDefaultRefreshInterval : 168
>> dwDefaultNoRefreshInterval : 168
>> fAutoReverseZones : FALSE
>> fAutoCacheUpdate : FALSE
>> fRecurseAfterForwarding : FALSE
>> fForwardDelegations : TRUE
>> fNoRecursion : FALSE
>> fSecureResponses : FALSE
>> fRoundRobin : TRUE
>> fLocalNetPriority : FALSE
>> fBindSecondaries : FALSE
>> fWriteAuthorityNs : FALSE
>> fStrictFileParsing : FALSE
>> fLooseWildcarding : FALSE
>> fDefaultAgingState : FALSE
>> dwRpcStructureVersion : 0x2
>> aipLogFilter : []
>> pwszLogFilePath : None
>> pszDomainName : novanetwork.loc
>> pszForestName : novanetwork.loc
>> pszDomainDirectoryPartition :
>> DC=DomainDnsZones,DC=novanetwork,DC=loc
>> pszForestDirectoryPartition :
>> DC=ForestDnsZones,DC=novanetwork,DC=loc
>> dwLocalNetPriorityNetMask : 0xff
>> dwLastScavengeTime : 0
>
>> dwEventLogLevel : 4
>> dwLogFileMaxSize : 0
>> dwDsForestVersion : 4
>> dwDsDomainVersion : 4
>> dwDsDsaVersion : 4
>> fReadOnlyDC : FALSE
>>
>>> samba-tool dns zonelist <server> -U administrator%<password>
>> /usr/local/samba/bin/samba-tool dns zonelist novadc01 -U
>> administrator
>> Password for [NOVA\administrator]:
>> 3 zone(s) found
>>
>> pszZoneName : 1.2.10.in-addr.arpa
>> Flags : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE
>> ZoneType : DNS_ZONE_TYPE_PRIMARY
>> Version : 50
>> dwDpFlags : DNS_DP_AUTOCREATED
>> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>> pszDpFqdn : DomainDnsZones.novanetwork.loc
>>
>> pszZoneName : novanetwork.loc
>> Flags : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE
>> ZoneType : DNS_ZONE_TYPE_PRIMARY
>> Version : 50
>> dwDpFlags : DNS_DP_AUTOCREATED
>> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
>> pszDpFqdn : DomainDnsZones.novanetwork.loc
>>
>> pszZoneName : _msdcs.novanetwork.loc
>> Flags : DNS_RPC_ZONE_DSINTEGRATED
>> DNS_RPC_ZONE_UPDATE_SECURE
>> ZoneType : DNS_ZONE_TYPE_PRIMARY
>> Version : 50
>> dwDpFlags : DNS_DP_AUTOCREATED
>> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
>> pszDpFqdn : ForestDnsZones.novanetwork.loc
>>
>>
>>
>>> If the above commands fail, you might be running older version of samba
>>> without RPC dnsserver support.
>>>
>>> Amitay
>>
>> best regards
>>
>> Andreas
>>
>>
>> I think the problem is the @ record. The DNS management tool is not
>> working
>> because it cannot find @ record. This is an issue with import. In the zone
>> file, there is only single @ record, but two zones (novanetwork.loc and
>> msdcs.novanetwork.loc). The @ record has been imported for zone
>> _msdcs.novanetwork.loc and you can see it through network management
>> tool.
>>
>> I will update the DNS import, to copy @ record for both the zones.
>>
>> You can confirm this by
>>
>> samba-tool dns query <server> novanetwork.loc @ ALL
>>
>> This will not have @ record, but
>>
>> samba-tool dns query <server> _msdcs.novanetwork.loc @ ALL
>>
>> should have @ record.
>>
>> For now, you can use --migrate=no option to auto-create the entries for
>> AD operation and add any other entries with samba-tool dns add command.
>>
>> Amitay.
I have recognized, that Windows client machiens are also unable to
add/update their DNS enries. But I think this could be the same problem
as with the second samba4 DC.
Would you need any debug output to analyze this ?
best regards
Andreas
More information about the samba-technical
mailing list