[Samba] Internal DNS replication and how to fix
Matthieu Patou
mat at samba.org
Sun Oct 7 22:01:17 MDT 2012
On 10/05/2012 07:57 AM, Brett Rowley wrote:
> Hi All,
>
> First, off I'm a bit of a n00b w/Samba4 so I'll apologize ahead of
> time if any of this seems obvious/trivial. I'm working with Samba RC1
> tar build and trying to get DNS replication working. Right how I get
> the following under
>
> --snip--
>
> ==== KCC CONNECTION OBJECTS ====
> Connection --
> Connection name: fa253d86-3549-4208-ab29-a0d702ccdb02
> Enabled : TRUE
> Server DNS name : target.OwnerIQ.local
> Server DN name : CN=NTDS
> Settings,CN=TARGET,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
> TransportType: RPC
> options: 0x00000001
> Warning: No NC replicated for Connection!
Is it the result of repadmin ?
Can you send it in total ?
Can you do samba-tool drs showrepl on the samba server ?
>
> I only have one server running W2k3 SP1. I have trolled Google and
> read that both the internal DNS does not replicate some objects and
> that dynamic updates are not fully functional.
The updates are fixed as for the non replication of some object I never
heard of it at least not on purpose.
> But, even after reading a bunch of documents, it's not clear /how/I
> fix that. I've read that the replication is not complete on a
> additional DC and that it has to be done manually. Not sure if that
> has anything to do with the "samba_upgradedns" command (which I ran,
> it complained about not having a zone file in
> /usr/local/samba/private/dns but all else seemed well).
So for the moment when a second samba DC joins an active directory
domain it didn't replicate the dns zones by default
> I also ran "samba_dnsupdate --verbose" and while that seemed
> alright, I did notice:
>
> schema_fsmo_init: we are master[no] updates allowed[no]
> Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
That's normal most probably the FSMO for PDC is on you windows DC.
>
> Shouldn't updates allowed be yes if I added "allow dns updates = true"
no you should use allow dns updates = signed but it should be the
default now.
> in smb.conf? One final note, I do have my resolv.conf pointing to my
> Win2k3 as the first DNS server.
That shouldn't be too much of a problem.
>
> My end goal is to replace the 2k3 server with Samba4 so, either way,
> if internal DNS is not an option right now because it hasn't matured,
> I'm tempted, based on what I've read, to try BIND to get around the
> internal problems. I have that built with Bind 9.8.3 with the following:
> ./configure --prefix=/var/named --bindir=/usr/bin --sbindir=/usr/sbin
> --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include
> --libdir=/usr/lib --libexecdir=/usr/libexe --sharedstatedir=/var/lib
> --with-libtool --enable-threads --with-dlopen --with-gssapi
>
> I would be willing to try the switch over but, while it's clear how to
> switch the backend (--/dns/-/backend=/BIND_DLZ) when provisioning
> Samba, how would I do this from a join perspective? Thanks in advance
> for any help!
So I'm not too surprised that you run in such trouble for applications
partitions as we have some bugs in the way we mark application
partitions: 9200 & 9201
https://bugzilla.samba.org/show_bug.cgi?id=9201
https://bugzilla.samba.org/show_bug.cgi?id=9200
All of this should be resolvable hopefully.
Matthieu
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list