samba- 4.2.1 as PDC in an 2008R2 domain - WERR_DNS_ERROR_DS_UNAVAILABLE

"Dr. Hansjörg Maurer" hansjoerg.maurer at itsd.de
Tue May 5 12:32:21 MDT 2015 

Hi

i successfully joined a samba 4.2.1 server as PDC to an 2008R2 domain
(which might have a 2003 history).

The only message during the join I wondered about was


descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=XXX,DC=net not
found under DC=XXX,DC=net
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=XXX,DC=net not
found under DC=XXX,DC=net

When I try to query the samba DC for a DNS record using samba-tool


samba-tool dns query server01.xxx.net xxx.net  server01 A -U Administrator

I got

ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/dns.py", line
994, in run
    None, record_type, select_flags, None, None)


When I query the MS DC I get the correct answer

  Name=, Records=1, Children=0
    A: 192.168.42.5 (flags=f0, serial=0, ttl=900)

If I query the samba DC  using nslookup the host is resolved.

I am also unable to manage DNS on the samba DC using MMC
 
In the list archive I found under

http://samba.2283325.n4.nabble.com/Querying-DNS-info-samba4-td4562214.html

"The older versions of window server (2003 and older) created the DNS
containers under CN=System in the domain partition, whereas the newer
windows server (2008+) creates separate application partitions for
DNS. DNS RPC server uses DNS partitions to store the DNS zone
information. But for querying purposes, dlz_bind9 module and internal
DNS server both can read records from CN=System in domain partition.
DNS RPC server can be easily modified to support CN=System for DNS
information. Patches are welcome! ;-) "



Is there a chance to fix that problem (on the samba or on th AD side)?


Regards


Hansjörg





----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5906 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20150505/44e5abff/attachment.bin>

More information about the samba-technical mailing list