Problem when join Samba4 to Windows 2k3 domain

[Carlos Miguel Bustillo Rodriguez]

Hello:

I recently joined Samba4  to Windows 2k3 domain, I ran for first time Samba4 with this option:
samba -i  -M single -d2

and the results are:

lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
samba version 4.0.0alpha22-GIT-27503ce started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
Attempting to autogenerate TLS self-signed keys for https for hostname 'samba1.uclv2.cu'
TLS self-signed keys generated OK
dreplsrv_partition[DC=uclv2,DC=cu] loaded
dreplsrv_partition[CN=Configuration,DC=uclv2,DC=cu] loaded
dreplsrv_partition[CN=Schema,CN=Configuration,DC=uclv2,DC=cu] loaded
kccsrv_partition[CN=Schema,CN=Configuration,DC=uclv2,DC=cu] loaded
kccsrv_partition[CN=Configuration,DC=uclv2,DC=cu] loaded
kccsrv_partition[DC=uclv2,DC=cu] loaded
kccsrv_partition[DC=DomainDnsZones,DC=uclv2,DC=cu] loaded
kccsrv_partition[DC=ForestDnsZones,DC=uclv2,DC=cu] loaded
Loading new DNS update grant rules
/usr/local/samba/sbin/samba_dnsupdate: Failed update of 20 entries
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_NOT_A_DIRECTORY
../source4/dsdb/repl/drepl_ridalloc.c:230: Requesting more RIDs from RID Manager
added nTDSConnection object 'CN=4ae5d2af-4d4c-48b6-adf9-940444b38c9f,CN=NTDS Settings,CN=VCSERV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=uclv2,DC=cu'
added nTDSConnection object 'CN=cbeaccd6-fd52-4bf7-95db-ce8c5dc7fb80,CN=NTDS Settings,CN=VCSERV,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=uclv2,DC=cu'
Replicated 1 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=uclv2,DC=cu
Replicated 1 objects (0 linked attributes) for DC=uclv2,DC=cu
Replicated 3 objects (0 linked attributes) for CN=RID Manager$,CN=System,DC=uclv2,DC=cu
Replicated 3 objects (0 linked attributes) for DC=uclv2,DC=cu
Replicated 1 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for DC=uclv2,DC=cu
Replicated 1 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for DC=uclv2,DC=cu
Replicated 1 objects (0 linked attributes) for CN=Schema,CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for CN=Configuration,DC=uclv2,DC=cu
Replicated 0 objects (0 linked attributes) for DC=uclv2,DC=cu

the problem is here:
Loading new DNS update grant rules
/usr/local/samba/sbin/samba_dnsupdate: Failed update of 20 entries
../source4/dsdb/dns/dns_update.c:294: Failed DNS update - NT_STATUS_NOT_A_DIRECTORY

samba_dnsupdate failed update the new entries. I think the problem is caused because when you join samba4 to existent domain not create private/dns directoy. When you run the provision this directory is created.

Now, Why when you join to existent domain samba4 not implement dns system like provision?
If Windows DC fail the domain too, because there is not second DNS (in de second DC: samba4)

I noticed in some cases DNS replication is not satisfactory, this is important for migration Windows AD to Samba4 AD or Is necessary create a SOA record and DNS records from zero in Samba4 DC.

Another point: When I access to Active Directory Users and Computers to manage Samba4 DC, the linux console show:
NTLMSS NTLM2 packet check failed due to invalid signature!

Regards, Carlos

La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Vis?tenos en:  http://www.uclv.edu.cu