S4 and BIND

titantoppler at gmail.com titantoppler at gmail.com
Tue Jun 19 00:54:12 MDT 2012


As a further test, I ram samba_upgradedns --verbose -d 10, and got this:

INFO: Current debug levels:
  all: 10
  tdb: 10
  printdrivers: 10
  lanman: 10
  smb: 10
  rpc_parse: 10
  rpc_srv: 10
  rpc_cli: 10
  passdb: 10
  sam: 10
  auth: 10
  winbind: 10
  vfs: 10
  idmap: 10
  quota: 10
  acls: 10
  locking: 10
  msdfs: 10
  dmapi: 10
  registry: 10
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
Security token SIDs (1):
  SID[  0]: S-1-5-18
 Privileges (0xFFFFFFFFFFFFFFFF):
  Privilege[  0]: SeMachineAccountPrivilege
  Privilege[  1]: SeTakeOwnershipPrivilege
  Privilege[  2]: SeBackupPrivilege
  Privilege[  3]: SeRestorePrivilege
  Privilege[  4]: SeRemoteShutdownPrivilege
  Privilege[  5]: SePrintOperatorPrivilege
  Privilege[  6]: SeAddUsersPrivilege
  Privilege[  7]: SeDiskOperatorPrivilege
  Privilege[  8]: SeSecurityPrivilege
  Privilege[  9]: SeSystemtimePrivilege
  Privilege[ 10]: SeShutdownPrivilege
  Privilege[ 11]: SeDebugPrivilege
  Privilege[ 12]: SeSystemEnvironmentPrivilege
  Privilege[ 13]: SeSystemProfilePrivilege
  Privilege[ 14]: SeProfileSingleProcessPrivilege
  Privilege[ 15]: SeIncreaseBasePriorityPrivilege
  Privilege[ 16]: SeLoadDriverPrivilege
  Privilege[ 17]: SeCreatePagefilePrivilege
  Privilege[ 18]: SeIncreaseQuotaPrivilege
  Privilege[ 19]: SeChangeNotifyPrivilege
  Privilege[ 20]: SeUndockPrivilege
  Privilege[ 21]: SeManageVolumePrivilege
  Privilege[ 22]: SeImpersonatePrivilege
  Privilege[ 23]: SeCreateGlobalPrivilege
  Privilege[ 24]: SeEnableDelegationPrivilege
 Rights (0x               0):
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[no] updates allowed[no]
lpcfg_servicenumber: couldn't find ldb
lpcfg_servicenumber: couldn't find ldb
lpcfg_servicenumber: couldn't find ldb
Looking up IPv4 addresses
added interface eth0 ip=fe80::20c:29ff:fe00:d787%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.0.11 bcast=10.0.0.255 netmask=255.255.255.0
IPv4 addresses: 10.0.0.11
Looking up IPv6 addresses
added interface eth0 ip=fe80::20c:29ff:fe00:d787%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=10.0.0.11 bcast=10.0.0.255 netmask=255.255.255.0
DNS accounts already exist
Reading records from zone file
/usr/local/samba/private/dns/example.local.zone
Error parsing DNS data from
'/usr/local/samba/private/dns/example.local.zone' ()
DNS records will be automatically created
DNS partitions already exist
dns-DC2 account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS


On Tue, Jun 19, 2012 at 11:19 AM, <titantoppler at gmail.com> wrote:

> Hi list,
>
> Have been trying this over the last few days, but keep getting stymied by
> the samba_upgradedns script.
>
> Recap - I'm trying to set up a proper DNS server; the one that I used
> previously was set up merely by copying the zone files from my original S4
> server to another server. Dynamic updates from a newly-provisioned DC did
> not work
>
> I'm attempting to set up a second DNS server on the new DC (dc2) so as not
> to affect the original DNS server.
>
> 1) I copied the zone files to /usr/local/samba/private/dns/
> 2) I ran /usr/local/samba/sbin/samba_dnsupgrade
> 3) It throws out the following:
>
> Reading domain information
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> DNS accounts already exist
> Reading records from zone file
> /usr/local/samba/private/dns/example.local.zone
> Error parsing DNS data from
> '/usr/local/samba/private/dns/example.local.zone' ()
> DNS records will be automatically created
> DNS partitions already exist
> dns-DC2 account already exists
> See /usr/local/samba/private/named.conf for an example configuration
> include file for BIND
> and /usr/local/samba/private/named.txt for further documentation required
> for secure DNS updates
> Finished upgrading DNS
>
> 4) Although it says "Finished upgrading DNS", the DLZ files are nowhere to
> be found in /usr/local/samba/var/lib, where they are supposed to be.
>
> Help?
>
> Thanks!
>
> On Mon, Jun 11, 2012 at 9:22 AM, Andrew Bartlett <abartlet at samba.org>wrote:
>
>> On Mon, 2012-06-11 at 09:18 +0800, titantoppler at gmail.com wrote:
>> > Hi Andrew and list,
>> >
>> > Yes, creating a second DC was my intended first step in shutting down
>> > the original alpha12 DC (bypassing the upgrading and just provisioning
>> > it all over again without losing my original domain information.
>> >
>> > So to confirm, what I should be doing is:
>>
>> This is the order you need:
>>
>> 1) Copy my zone files from my original DNS server to my second DC (dc2)
>> 2) Run samba_upgradedns on dc2
>> 3) Start BIND on dc2
>>
>> You will need to ensure the config is in place for the samba_dlz
>> (dlz_bind9) module, as you will be using that.  The internal server
>> doesn't support secure updates yet.
>>
>> Plus lots of testing.  This is just off the top of my head - slight
>> variation may be required, but others here should be able to help you
>> with that.
>>
>> Andrew Bartlett
>>
>> --
>> Andrew Bartlett
>> http://samba.org/~abartlet/
>> Authentication Developer, Samba Team           http://samba.org
>>
>>
>


More information about the samba-technical mailing list