[Samba] SAMBA4 AD addicional Domain Controler Outgoing ForestDNSZones, DomainDNSZones replication problem

Sérgio Henrique sermac at gmail.com
Tue Jan 8 07:01:49 MST 2013 

Hi all,

First of all congratulations for reaching 4.0.0 stable version.
I have being testing for a while and it works great when using SAMBA4 as
PDC and add Windows or another samba4 as addicional domain .

But when i try to add samba4 as addcional domain of a Windows 2008 R2
PDC(2003 level) i am unable to replicate ForestDNS and DomainDNSZones from
Samba4 to Windows 2008R2 DC.

Environment:

Primary DC Windows 2008 R2 x64 with 2003 levels
Addcitional DC Samba4 on Ubuntu Server 12.10 compile samba 4.0.0
with  ./configure --enable-selftest --prefix=/opt/samba and join domain as
/opt/samba4/bin/samba-tool domain join test.lisbon.local DC -Uxpto
--realm=test.lisbon.local --dns-backend=SAMBA_INTERNAL

# Global parameters
[global]
        workgroup = TEST
        realm = TEST.lisbon.local
        netbios name = DC02-LNXBDC
        server role = active directory domain controller
        debug level = 2
        interfaces = 172.17.49.10
        dsdb:schema update allowed = yes

[netlogon]
        path = /opt/samba/var/locks/sysvol/TEST.LISBON.LOCAL/scripts
        read only = No

[sysvol]
        path = /opt/samba/var/locks/sysvol
        read only = No

SAMBA4 incoming replication all ok:

Default-First-Site-Name\dc02-lnxbdc
DSA Options: 0x00000001
DSA object GUID: 4347f5b6-1599-4eb3-bc4f-5d054961dae6
DSA invocationId: 56a23d6e-fe89-4b02-9e15-fa90154a2e6a

==== INBOUND NEIGHBORS ====

DC=DomainDnsZones,DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Tue Jan  8 13:40:15 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Tue Jan  8 13:40:15 2013 WET

DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Tue Jan  8 13:40:15 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Tue Jan  8 13:40:15 2013 WET

CN=Schema,CN=Configuration,DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Tue Jan  8 13:40:16 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Tue Jan  8 13:40:16 2013 WET

CN=Configuration,DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Tue Jan  8 13:40:16 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Tue Jan  8 13:40:16 2013 WET

DC=ForestDnsZones,DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Tue Jan  8 13:40:15 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Tue Jan  8 13:40:15 2013 WET

SAMBA4 output replication NOK!(No DomainDNSzones or ForestDNSZones)

==== OUTBOUND NEIGHBORS ====

DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Fri Jan  4 01:49:45 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Fri Jan  4 01:49:45 2013 WET

CN=Schema,CN=Configuration,DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Fri Jan  4 01:49:45 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Fri Jan  4 01:49:45 2013 WET

CN=Configuration,DC=test,DC=lisbon,DC=local
        Default-First-Site-Name\dc01-winpdc via RPC
                DSA object GUID: 5dbb4a99-acf8-444f-bdcd-51fa5aeb8ab0
                Last attempt @ Fri Jan  4 01:49:45 2013 WET was successful
                0 consecutive failure(s).
                Last success @ Fri Jan  4 01:49:45 2013 WET

==== KCC CONNECTION OBJECTS ====

Connection --
        Connection name: 10fc6577-2bd9-45fa-86e6-74144ed64d84
        Enabled        : TRUE
        Server DNS name : dc01-winpdc.test.lisbon.local
        Server DN name  : CN=NTDS
Settings,CN=dc01-winpdc,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=lisbon,DC=local
                TransportType: RPC
                options: 0x00000001
Warning: No NC replicated for Connection!

When trying to replicate on Win2k8 R2 the replication from winserver to
linux server is ok, but when trying to replicate from linux server to
windows server teh Domain and Forest DNS zones are not replicated.

Samba 4 Server Status     -
----------------------------
System time      : 2013-01-08 13:57:15 WET
Forest           : test.lisbon.local
Domain           : test.lisbon.local
Netbios domain   : test
DC name          : DC02-LNXBDC.test.lisbon.local
DC netbios name  : DC02-LNXBDC
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name
Server IPs       : 127.0.0.1/8 172.17.49.10/24
DNS listens on   : 0.0.0.0 (all)
Smb connections  : 0

Services
--------
DNS (tcp)        : online
DNS (udp)        : online
Kerberos5        : online
LDAP             : online
kpasswd          : online
SMB              : online
NETBIOS NS       : online

Thank you in advanced.
Best Regards,
Sérgio Machado

More information about the samba mailing list