[Samba] Trying to Join a Working W2K3 AD
Kevin Field
kev at brantaero.com
Thu Aug 15 06:29:34 MDT 2013
Hi Marc,
On 2013-08-15 4:18 AM, Marc Muehlfeld wrote:
> Hello Kevin, hello Eli,
>
> Am 15.08.2013 05:48, schrieb Kevin Field:
>>> I get to the step /usr/local/samba/bin/samba-tool dns add
>>> 192.168.1.252 _msdcs.domain.co.il 2d59ac49-1175-4656-943e-d556baa242cb
>>> CNAME DC2.domain.co.il -Uadministrator
>>>
>>> I get the following error message:
>>>
>>> ERROR(runtime): uncaught exception - (9601,
>>> 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
>>> File
>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>>>
>>>
>>> line 175, in _run
>>> return self.run(*args, **kwargs)
>>> File
>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py",
>>> line 1053, in run
>>> 0, server, zone, name, add_rec_buf, None)
>
>
> Is 192.168.1.252 is the already existing DNS on your W2k3 Server or is
> it the IP of your Samba DC? It should be the IP of your existing DNS
> server, because Samba isn't up at that time.
In my case, it is the IP of the W2k3 server which has a working DNS.
I've also tried replacing the IP with its hostname instead as I had
found suggested somewhere, but it doesn't change the outcome.
> You can also add the record through the MS DNS Console on windows.
Thanks for the suggestion...okay, I've done that. It seemed to work:
$ host -t CNAME fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan.
fb9ec5fd-28a7-44a0-a784-933a41dd830a._msdcs.mydomain.lan is an alias for
newdc.mydomain.lan.
However, I run sudo samba, and then check the log.samba file, and it says:
[2013/08/15 08:02:33.285448, 0]
../source4/lib/tls/tlscert.c:166(tls_cert_generate)
TLS self-signed keys generated OK
[2013/08/15 08:02:34.371461, 0]
../lib/util/util_runcmd.c:334(samba_runcmd_io_handler)
/usr/sbin/samba_dnsupdate: ; TSIG error with server: tsig verify failure
This latter error it repeats about 15-20 times.
https://lists.samba.org/archive/samba/2013-February/171688.html says it
may be just cosmetic. The Windows AD Replication Status Tools, after a
refresh, says:
"NEWDC.mydomain.lan","Failed to collect data against Node
'NEWDC.mydomain.lan'. It was retried 0 time(s). The following error
occurred:
Domain controller "NEWDC.mydomain.lan" does not exist or cannot be
contacted..
Type=Microsoft.Sirona.Collection.CollectionException
...but it's been saying that since I ran samba-tool successfully to join
the AD. (The LDAP query succeeds, but the "Get Domain Controller
Replication Status" is where it's failing.) ps -A | grep samba shows a
bunch of samba threads running that weren't before. samba-tool drs kcc
says "Consistency check [...] successful."
samba-tools drs showrepl gives all successes for inbound neighbours, and
then just this:
==== OUTBOUND NEIGHBORS ====
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 90c120f5-b240-4771-a4d6-673927d63b84
Enabled : TRUE
Server DNS name : olddc.mydomain.lan
Server DN name : CN=NTDS
Settings,CN=IN,CN=Servers,CN=mydomain-office,CN=Sites,CN=Configuration,DC=mydomain,DC=lan
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
Although, this also could just be 'cosmetic':
https://lists.samba.org/archive/samba-technical/2011-November/080377.html
Okay, so I'll try adding a user. samba-tool user add worked fine, says
it added successfully, and I can see info about it with wbinfo.
However, it doesn't show up in Active Directory Users and Computers on
the old DC.
Are these errors all really cosmetic? If so, why doesn't it replicate
to the old dc?
Thanks for your help,
Kev
More information about the samba
mailing list