[Samba] replace Windows 2003 dc / dns issues
Peter Beck
peter at datentraeger.li
Thu Feb 21 06:56:08 MST 2013
Peter Beck <peter at datentraeger.li> quatschte am Thu, Feb 14, 2013 at 03:04:40AM +0100:
After lots of 'trial and error' I have done following scenario
* setup samba4 as additional dc (samba internal dns)
* added +dns to smb.conf server services,
"dns recursive queries = yes" and "allow dns updates = true"
* on the windows dc I've added a recursive zone for my network and
the samba4-dc in the "nameservers"-tab of each zone. Replication changed
to "All dns servers". (still not sure if this is needed with ad
integrated zones ?)
* replication with samba-tool/repadmin - no issues
* samba-tool drs replicate s4dc w2k3dc dc=domaindnszones,dc..- no errors
* samba-tool drs replicate s4dc w2k3dc dc=forestdnszones,dc..- no errors
* samba_dnsupdate --verbose - no errors
* dns was replicated completely now, including the entries inside the zones
* transferring the fsmo roles to samba4 - no issues
* disable global catalog for the windows dc
* dcpromo demote the windows server
I am still able to read the existing dns entries, but as soon as I try
to update an existing entry or add an additional I get "the local security
authority database contains an internal inconsistency" from Windows MMC-Snapin
and samba-tool is reporting "uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')"
But adding additional zones and entries for them seems to work.
It seems it's just dns related as adding groups and users is working
fine.
Any ideas ?
If there is a "best practice to replace an existing dc" i would like to
contribute that to the samba Wiki...
Best Regards
Peter
More information about the samba
mailing list