Samba4 BDC with Samba4 PDC
Mike Howard
mike at dewberryfields.co.uk
Tue Jun 5 06:20:51 MDT 2012
On 04/06/2012 19:44, Christian Huldt wrote:
> Hi Mike
>
> On 2012-06-04 09:44, Mike Howard wrote:
>>
>> I'll start again today and report all steps and outputs upto the
>> point of failure. I know there are others (thread Re: redundant DNS
>> setup with bind_dlz possible ?) who are trying to get a similar setup
>> so maybe we can get there in the end.
>>
>> Btw, I did try without a samba DNS backend but, as you implied, it
>> was not good.
>
> I have an alpha17 installation that I'm going to upgrade and add a
> bdc, so your notes to the mailing list are most appreciated. The
> alpha17 installation never got automatic dns updates working...
>
Hi Christian,
In a simple domain environment with a single PDC the 'automatic dns
updates' seems to work fine for MS Windows clients when using the
default 'BIND9_DLZ' backend. For linux clients, an external script
'hooked' to the dhcp server is the way to go. All works well here.
Using the 'SAMBA_INTERNAL' as the backend, automatic updates work for
linux and Windows clients out of the box, even devices such as printers
and my Sonos music system components get updated, which is great. I did
struggle with 'SAMBA_INTERNAL' though, it kept dying, for no apparent
reason and frequently, only rebooting would get it back up, so I went
back to using BIND9_DLZ.
From the BDC point of view, still no joy for me, though I am going to
try again today. Here is hat I tried yesterday (apologies to all for the
length);
1. Have a working Samba4 as the PDC running Bind9.9 and Samba4
provisioned with BIND9_DLZ.
2. A fresh Samba4 install on a potential BDC, has Bind9.9 and Samba4
but but bind not yet running.
3. BDC has a krb5.conf from one of my linux clients, no smb.conf and
resolv.conf pointing to PDC as the nameserver.
4. On the BDC successfully ran;
kinit Administrator at mydomain.CO.UK
Password for Administrator at MYDOMAIN.CO.UK:
5. On the BDC successfully joined the domain with the following
command and output;
samba-tool domain join mydomain.co.uk DC -UAdministrator
--realm=mydomain.co.uk
Finding a writeable DC for domain 'mydomain.co.uk'
Found DC ns.mydomain.co.uk
Password for [WORKGROUP\Administrator]:
workgroup is MYDOMAIN
realm is mydomain.co.uk
checking sAMAccountName
Adding CN=SHEEVA,OU=Domain Controllers,DC=mydomain,DC=co,DC=uk
Adding
CN=SHEEVA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=co,DC=uk
Adding CN=NTDS
Settings,CN=SHEEVA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=co,DC=uk
Adding SPNs to CN=SHEEVA,OU=Domain Controllers,DC=mydomain,DC=co,DC=uk
Setting account password for SHEEVA$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=mydomain,DC=co,DC=uk
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk]
objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk]
objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=mydomain,DC=co,DC=uk] objects[402/1614]
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=co,DC=uk] objects[804/1614]
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=co,DC=uk] objects[1206/1614]
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=co,DC=uk] objects[1608/1614]
linked_values[0/0]
Partition[CN=Configuration,DC=mydomain,DC=co,DC=uk] objects[1614/1614]
linked_values[26/0]
Replicating critical objects from the base DN of the domain
Partition[DC=mydomain,DC=co,DC=uk] objects[98/98] linked_values[24/0]
Partition[DC=mydomain,DC=co,DC=uk] objects[330/232] linked_values[32/0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain mydomain (SID S-1-5-21-2874647136-1364824720-2698236840)
as a DC
6. On BDC created smb.conf as per PDC except for;
corrected netbios name
added preferred master = no
set log level to 3
7. On BDC started samba;
samba
8. On BDC waited for logs to stop churning then stopped samba;
killall samba
9. On BDC started samba;
samba
10. On PDC ran;
samba-tool drs kcc -Uadministrator
Password for [MYDOMAIN\administrator]:
Consistency check on ns.mydomain.co.uk successful.
11. On BDC ran;
ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=mydomain,DC=co,DC=uk" "(objectClass=dnsZone)"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsZone
cn: Zone
instanceType: 4
whenCreated: 20120528125235.0Z
whenChanged: 20120528125235.0Z
uSNCreated: 3312
uSNChanged: 3312
showInAdvancedViewOnly: TRUE
name: RootDNSServers
objectGUID: 08eb598c-3db2-4eeb-9416-2fb0abc138b8
objectCategory:
CN=Dns-Zone,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dNSProperty:: BAAAAAAAAAAAAAAAAQAAAAEAAAAAAAAAAAAAAA==
dNSProperty:: AQAAAAAAAAAAAAAAAQAAAAIAAAAAAAAAAA==
dNSProperty:: CAAAAAAAAAAAAAAAAQAAAAgAAAAAAAAAAAAAAAAAAAA=
dNSProperty:: BAAAAAAAAAAAAAAAAQAAABAAAAAAAAAAAAAAAA==
dNSProperty:: BAAAAAAAAAAAAAAAAQAAACAAAAAAAAAAAAAAAA==
dNSProperty:: BAAAAAAAAAAAAAAAAQAAAEAAAAAAAAAAAAAAAA==
dNSProperty:: BAAAAAAAAAAAAAAAAQAAABIAAAAAAAAAAAAAAA==
dc: RootDNSServers
distinguishedName:
DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# Referral
ref: ldap://mydomain.co.uk/CN=Configuration,DC=mydomain,DC=co,DC=uk
# returned 2 records
# 1 entries
# 1 referrals
# Still on BDC
ldbsearch -H /usr/local/samba/private/sam.ldb -b
"DC=mydomain,DC=co,DC=uk" "(objectClass=dnsNode)"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn:
DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125238.0Z
whenChanged: 20120528125238.0Z
uSNCreated: 3398
uSNChanged: 3398
showInAdvancedViewOnly: TRUE
name: a.root-servers.net
objectGUID: 583c756c-c933-4b27-b421-0b214604c733
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAxikABA==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: a.root-servers.net
distinguishedName:
DC=a.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 2
dn:
DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125236.0Z
whenChanged: 20120528125236.0Z
uSNCreated: 3391
uSNChanged: 3391
showInAdvancedViewOnly: TRUE
name: b.root-servers.net
objectGUID: ae538c92-d71c-4c94-99ef-4c4980153175
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwORPyQ==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: b.root-servers.net
distinguishedName:
DC=b.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 3
dn:
DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125239.0Z
whenChanged: 20120528125239.0Z
uSNCreated: 3400
uSNChanged: 3400
showInAdvancedViewOnly: TRUE
name: c.root-servers.net
objectGUID: ed77344b-3e55-40f3-9234-c8439093a8b0
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwCEEDA==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: c.root-servers.net
distinguishedName:
DC=c.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 4
dn:
DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125238.0Z
whenChanged: 20120528125238.0Z
uSNCreated: 3396
uSNChanged: 3396
showInAdvancedViewOnly: TRUE
name: d.root-servers.net
objectGUID: c2ee7d3f-493d-4e1d-8d4f-5095660dbc0e
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAgAgKWg==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: d.root-servers.net
distinguishedName:
DC=d.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 5
dn:
DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125237.0Z
whenChanged: 20120528125237.0Z
uSNCreated: 3395
uSNChanged: 3395
showInAdvancedViewOnly: TRUE
name: e.root-servers.net
objectGUID: 0f009cc8-3fcd-47f6-8a3a-1297944413bd
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwMvmCg==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: e.root-servers.net
distinguishedName:
DC=e.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 6
dn:
DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125236.0Z
whenChanged: 20120528125236.0Z
uSNCreated: 3390
uSNChanged: 3390
showInAdvancedViewOnly: TRUE
name: f.root-servers.net
objectGUID: 5c713998-56d0-481f-87de-f4ef7b7948c0
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwAUF8Q==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: f.root-servers.net
distinguishedName:
DC=f.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 7
dn:
DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125238.0Z
whenChanged: 20120528125238.0Z
uSNCreated: 3399
uSNChanged: 3399
showInAdvancedViewOnly: TRUE
name: g.root-servers.net
objectGUID: a5c856c7-c175-413f-8b44-e7c7f83fe47d
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwHAkBA==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: g.root-servers.net
distinguishedName:
DC=g.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 8
dn:
DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125235.0Z
whenChanged: 20120528125235.0Z
uSNCreated: 3389
uSNChanged: 3389
showInAdvancedViewOnly: TRUE
name: h.root-servers.net
objectGUID: f1b41241-709e-43c0-a422-9650b17192c0
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAgD8CNQ==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: h.root-servers.net
distinguishedName:
DC=h.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 9
dn:
DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125237.0Z
whenChanged: 20120528125237.0Z
uSNCreated: 3394
uSNChanged: 3394
showInAdvancedViewOnly: TRUE
name: i.root-servers.net
objectGUID: 6a2916fa-2db3-45be-8af0-4e5cc93d4875
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwCSUEQ==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: i.root-servers.net
distinguishedName:
DC=i.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 10
dn:
DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125239.0Z
whenChanged: 20120528125239.0Z
uSNCreated: 3401
uSNChanged: 3401
showInAdvancedViewOnly: TRUE
name: j.root-servers.net
objectGUID: 8eca69f2-6abe-43bd-81f3-24abba8340ee
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwDqAHg==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: j.root-servers.net
distinguishedName:
DC=j.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 11
dn:
DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125238.0Z
whenChanged: 20120528125238.0Z
uSNCreated: 3397
uSNChanged: 3397
showInAdvancedViewOnly: TRUE
name: k.root-servers.net
objectGUID: db90a50c-d358-45b2-954b-a63845852cf6
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAwQAOgQ==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: k.root-servers.net
distinguishedName:
DC=k.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 12
dn:
DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125237.0Z
whenChanged: 20120528125237.0Z
uSNCreated: 3393
uSNChanged: 3393
showInAdvancedViewOnly: TRUE
name: l.root-servers.net
objectGUID: bc7abdc3-f495-40ea-997b-94d98f6c54a3
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAxwdTKg==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: l.root-servers.net
distinguishedName:
DC=l.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 13
dn:
DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125236.0Z
whenChanged: 20120528125236.0Z
uSNCreated: 3392
uSNChanged: 3392
showInAdvancedViewOnly: TRUE
name: m.root-servers.net
objectGUID: 1c3ee104-cfc7-41e6-bea0-e52411a1343e
dnsRecord:: BAABAAUIAAAAAAAAAAAAAAAAAAAAAAAAygwbIQ==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
dc: m.root-servers.net
distinguishedName:
DC=m.root-servers.net,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# record 14
dn: DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20120528125235.0Z
whenChanged: 20120528125235.0Z
uSNCreated: 3388
uSNChanged: 3388
showInAdvancedViewOnly: TRUE
name: @
objectGUID: 9679d37a-19fe-495a-8678-b1f0792e4a51
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBaAxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBZgxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBYgxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBbQxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBbAxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBaQxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBZQxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBZAxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBawxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBYQxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBZwxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBYwxyb290LXNlcnZlcnMDbmV0AA==
dnsRecord:: FgACAAUIAAAAAAAAAAAAAAAAAAAAAAAAFAMBagxyb290LXNlcnZlcnMDbmV0AA==
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=mydomain,DC=co
,DC=uk
dc: @
distinguishedName:
DC=@,DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=co,DC=uk
# Referral
ref: ldap://mydomain.co.uk/CN=Configuration,DC=mydomain,DC=co,DC=uk
# returned 15 records
# 14 entries
# 1 referrals
12. On PDC ran;
samba-tool drs showrepl
Default-First-Site-Name\NS
DSA Options: 0x00000001
DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
DSA invocationId: 4d9f874b-965e-4e14-afe2-a440e106895e
==== INBOUND NEIGHBORS ====
DC=mydomain,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
Last attempt @ Mon Jun 4 09:26:15 2012 BST failed,
result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
Last attempt @ Mon Jun 4 09:26:16 2012 BST failed,
result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=mydomain,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
Last attempt @ Mon Jun 4 09:26:16 2012 BST failed,
result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
DC=mydomain,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
Last attempt @ Mon Jun 4 09:29:22 2012 BST failed,
result 2 (WERR_BADFILE)
303 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=mydomain,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
Last attempt @ Mon Jun 4 09:29:22 2012 BST failed,
result 2 (WERR_BADFILE)
302 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=mydomain,DC=co,DC=uk
Default-First-Site-Name\SHEEVA via RPC
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
Last attempt @ Mon Jun 4 09:29:23 2012 BST failed,
result 2 (WERR_BADFILE)
302 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 9d6192cb-3382-42b7-be9a-6c1b1aaa00d9
Enabled : TRUE
Server DNS name : ns.mydomain.co.uk
Server DN name : CN=NTDS
Settings,CN=SHEEVA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=co,DC=uk
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
13. On BDC ran;
samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:sheeva.dewberryfields.co.uk[,seal]
Server ldap/SHEEVA.DEWBERRYFIELDS.CO.UK at DEWBERRYFIELDS.CO.UK is not
registered with our KDC: Miscellaneous failure (see text): Server
(ldap/SHEEVA.DEWBERRYFIELDS.CO.UK at DEWBERRYFIELDS.CO.UK) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Server ldap/sheeva.dewberryfields.co.uk at DEWBERRYFIELDS.CO.UK is not
registered with our KDC: Miscellaneous failure (see text): Server
(ldap/sheeva.dewberryfields.co.uk at DEWBERRYFIELDS.CO.UK) unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
Default-First-Site-Name\SHEEVA
DSA Options: 0x00000001
DSA object GUID: 6250209e-3520-4b41-981f-e6e611599adf
DSA invocationId: 35659ded-1952-4064-b73d-d83f58f01be1
==== INBOUND NEIGHBORS ====
CN=Configuration,DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\NS via RPC
DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
Last attempt @ Mon Jun 4 09:26:43 2012 BST failed,
result 2 (WERR_BADFILE)
6 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\NS via RPC
DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
Last attempt @ Mon Jun 4 09:26:43 2012 BST failed,
result 2 (WERR_BADFILE)
6 consecutive failure(s).
Last success @ NTTIME(0)
DC=dewberryfields,DC=co,DC=uk
Default-First-Site-Name\NS via RPC
DSA object GUID: e4d9db40-494e-4d3a-9bb1-e49a1a039a68
Last attempt @ Mon Jun 4 09:26:44 2012 BST failed,
result 2 (WERR_BADFILE)
5 consecutive failure(s).
Last success @ NTTIME(0)
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: c5b916a7-3c82-410b-b3b8-e85233c1c27a
Enabled : TRUE
Server DNS name : SHEEVA.dewberryfields.co.uk
Server DN name : CN=NTDS
Settings,CN=NS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dewberryfields,DC=co,DC=uk
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
14. On BDC ran;
samba-tool dns query 127.0.0.1 dewberryfields.co.uk @ ALL
-UAdministrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:127.0.0.1[,sign]
Cannot do GSSAPI to an IP address
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/__init__.py",
line 160, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/dns.py", line
967, in run
None)
15. On BDC attempt to manually start replication (which ends with a
success message?);
samba-tool drs replicate sheeva ns
DC=DomainDnsZones,DC=mydomain,DC=co,DC=uk -UAdministrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:sheeva[,seal]
Password for [MYDOMAIN\Administrator]:
Server ldap/SHEEVA at MYDOMAIN.CO.UK is not registered with our KDC:
Miscellaneous failure (see text): Server (ldap/SHEEVA at MYDOMAIN.CO.UK)
unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
Server ldap/sheeva at MYDOMAIN.CO.UK is not registered with our KDC:
Miscellaneous failure (see text): Server (ldap/sheeva at MYDOMAIN.CO.UK)
unknown
SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
NT_STATUS_INVALID_PARAMETER
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
Replicate from ns to sheeva was successful.
16. On PDC (just for the halibut!), attempt to manually start
replication and ran;
samba-tool drs replicate ns sheeva
DC=DomainDnsZones,DC=mydomain,DC=co,DC=uk -UAdministrator
Password for [MYDOMAIN\Administrator]:
ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')
File
"/usr/local/samba/lib/python2.6/site-packages/samba/netcmd/drs.py", line
331, in run
drs_utils.sendDsReplicaSync(self.drsuapi, self.drsuapi_handle,
source_dsa_guid, NC, req_options)
File
"/usr/local/samba/lib/python2.6/site-packages/samba/drs_utils.py", line
83, in sendDsReplicaSync
raise drsException("DsReplicaSync failed %s" % estr)
17. Finally (more in despeation than in hope) run samba_ugradedns;
samba_upgradedns --verbose
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Looking up IPv4 addresses
IPv4 addresses: 192.168.1.98
Looking up IPv6 addresses
DNS accounts already exist
No zone file /usr/local/samba/private/dns/mydomain.co.uk.zone
DNS records will be automatically created
DNS partitions already exist
Updating msDS-hasMasterNCs and hasPartialReplicaNCs attributes
Traceback (most recent call last):
File "/usr/local/samba/sbin/samba_upgradedns", line 420, in <module>
ldbs.sam.modify(m)
_ldb.LdbError: (32, 'Unable to find GUID for DN
DC=ForestDnsZones,DC=mydomain,DC=co,DC=uk\n')
So, no dns folder created, no idea what's causing the. The output 'No
zone file /usr/local/samba/private/dns/mydomain.co.uk.zone' seems
strange to me as I'm not using flatfile zones but that could be a red
herring.
At various stages of the above, bind dies on the PDC for some reason.
Don'd have any ideas as to where to go from here except to wait and
continue to pay Bill :)
Cheers,
Mike.
--
Any question is easy if you know the answer!
More information about the samba-technical
mailing list