missing /usr/local/samba/private/dns
Daniele Dario
d.dario76 at gmail.com
Mon Mar 26 05:44:58 MDT 2012
Hi Amitay,
On Tue, 2012-03-13 at 20:03 +1100, Amitay Isaacs wrote:
> Hi Daniele,
>
> On Tue, Mar 13, 2012 at 6:40 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
> > Hi Amitay,
> >
> > On Tue, 2012-03-13 at 12:13 +1100, Amitay Isaacs wrote:
> >> Hi Greg,
> >>
> >> On Sat, Mar 10, 2012 at 2:45 PM, Greg Dickie <greg at justaguy.ca> wrote:
> >> >
> >> > Sounds great. Totally ready to be the guinea pig, just let me know what
> >> > you need. One small question though. Is the ultimate goal to use a
> >> > builtin DNS server? I thought this bind9 implementation was pretty cool.
> >> > Is it missing anything that's required?
> >> >
> >> > Thanks for the quick response guys,
> >> > Greg
> >>
> >> I have updated samba_upgradedns script now to handle upgrading dns
> >> provision even after domain join. The new code is in my dns-wip
> >> branch.
> >>
> >> git://git.samba.org/amitay/samba.git
> >>
> >> You can run samba_upgradedns multiple times without any side effects.
> >> Let me know if that works for you.
> >>
> >> The ultimate goal is to use built-in dns server, so that samba does
> >> not have to depend on external programs (BIND) for running. For time
> >> being, BIND9 option is supported till built-in dns server becomes
> >> fully operational.
> >>
> >> Amitay.
> >
> > do you mean that is possible to use upgradedns to provision the dns
> > partitions on a samba4 DC already joined to a domain?
>
> Yes, that's correct. You can run samba_upgradedns on any provision and
> it should upgrade it to use AD based backend.
>
> >
> > If I catched I will use it on my secondary DC (primary is also samba4)
> > to have also a secondary DNS. Does it also start replication of the dns
> > partitions between the DCs?
>
> DNS partitions do get replicated, but you might have to restart the
> secondary DC to get them correctly replicating. There is an issue
> regarding msDs-hasMasterNCs attribute, which has yet to be resolved. I
> haven't tried to set up a DNS server on a secondary DC using
> replicated DNS as yet.
>
> > If yes, which is the best way to proceed?
> > My idea is to upgrade secondary DC to latest git source, pull your
> > branch to obtain upgradedns than run it from the secondary DC.
>
> You can use my dns-wip branch. First make sure that the partitions are
> getting replicated. Once you confirm that, run samba_dnsupgrade on the
> secondary DC to setup a AD database for BIND in dns/ directory.
> Finally run BIND with DLZ on secondary DC. Obviously this hasn't been
> tested, so your feedback is most welcome. :)
>
> Amitay.
I had some troubles with the partitions replication.
After some tries I updated bot the DCs to the same version (Version
4.0.0alpha19-GIT-e25f830) and now this is what I can see running
samba-tool drs showrepl
[root at kdc01:/usr/local/samba/private]# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:kdc01.saitelitalia.local[,seal]
Default-First-Site-Name\KDC01
DSA Options: 0x00000001
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
DSA invocationId: 788bb21f-edc8-467d-89cf-f66b67840ce1
==== INBOUND NEIGHBORS ====
DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ Mon Mar 26 13:28:03 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:28:03 2012 CEST
CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ Mon Mar 26 13:28:03 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:28:03 2012 CEST
CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ Mon Mar 26 13:28:04 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:28:04 2012 CEST
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC02 via RPC
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: fef8d418-7309-4c61-9f21-0a9149c99ac2
Enabled : TRUE
Server DNS name : kdc01.saitelitalia.local
Server DN name : CN=NTDS
Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
[root at kdc02:/usr/local/samba/private]# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:kdc02.saitelitalia.local[,seal]
Default-First-Site-Name\KDC02
DSA Options: 0x00000001
DSA object GUID: 6c922e83-aaac-408c-a168-3b664527fe04
DSA invocationId: 12ae5f8c-1ebb-4c38-942f-0bc85a132f46
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Mon Mar 26 13:31:32 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:31:32 2012 CEST
DC=DomainDnsZones,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Mon Mar 26 13:31:33 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:31:33 2012 CEST
DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Mon Mar 26 13:31:33 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:31:33 2012 CEST
CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Mon Mar 26 13:31:34 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:31:34 2012 CEST
CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Mon Mar 26 13:31:35 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 13:31:35 2012 CEST
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Mon Mar 26 12:59:51 2012 CEST was successful
0 consecutive failure(s).
Last success @ Mon Mar 26 12:59:51 2012 CEST
DC=DomainDnsZones,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ Fri Mar 23 12:41:53 2012 CET was successful
0 consecutive failure(s).
Last success @ Fri Mar 23 12:41:53 2012 CET
DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=saitelitalia,DC=local
Default-First-Site-Name\KDC01 via RPC
DSA object GUID: bdbaecef-ace9-4314-b65e-54933ac8b660
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: ccd53e6d-0f6e-4551-9103-064a48501322
Enabled : TRUE
Server DNS name : KDC02.saitelitalia.local
Server DN name : CN=NTDS
Settings,CN=KDC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
I do not understand why there is a difference between the answers:
on kdc01 I don't see the DNS partitions in the INBOUND NEIGHBORS.
Anyway, the version I had on kdc02 is not the one from your git so I
guess samba_upgradedns is not correct.
If I try to use it I get:
[root at kdc02:/usr/local/samba/private]# samba_upgradedns --verbose
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
ldb: unable to
dlopen /usr/local/samba/lib/ldb/acl.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libauthkrb5.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/acl.so)
ldb: unable to
dlopen /usr/local/samba/lib/ldb/aclread.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libsamdb-common.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/aclread.so)
ldb: unable to
dlopen /usr/local/samba/lib/ldb/anr.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libldbsamba.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/anr.so)
...
ldb: unable to
dlopen /usr/local/samba/lib/ldb/wins_ldb.so : /root/samba4/upgradedns/dns-wip/bin/shared/private/libnetif.so: version `SAMBA_4.0.0ALPHA19_GIT_E25F830' not found (required by /usr/local/samba/lib/ldb/wins_ldb.so)
Unable to find backend for '/usr/local/samba/private/sam.ldb' - do you
need to set LDB_MODULES_PATH?
Traceback (most recent call last):
File "/usr/local/samba/sbin/samba_upgradedns", line 272, in <module>
ldbs = get_ldbs(paths, creds, system_session(), lp)
File "/usr/lib/python2.7/samba/upgradehelpers.py", line 139, in
get_ldbs
ldbs.sam = SamDB(paths.samdb, session_info=session,
credentials=creds, lp=lp, options=["modules:samba_dsdb"])
File "/usr/lib/python2.7/samba/samdb.py", line 58, in __init__
options=options)
File "/usr/lib/python2.7/samba/__init__.py", line 116, in __init__
self.connect(url, flags, options)
File "/usr/lib/python2.7/samba/samdb.py", line 73, in connect
options=options)
_ldb.LdbError: (80, None)
I think the problem is related to the samba4 version which on
samba_upgradedns is expected to be the one in your branch.
How can I proceed?
Should I update from your git branch and re-install it?
And about the problems I told you in my last mails (modules ldb.so
samba talloc.so tdb.so tevent.py _tevent.so: am I right to copy them
in /usr/lib/python2.7/)?
Thanks,
Daniele.
More information about the samba-technical
mailing list