[Samba] Samba4 in FreeBSD cannot upgrade dns

Chase Weber me at chaseweber.com
Mon Nov 25 14:08:34 MST 2013 

On 11/24/2013 11:47 PM, Pccom Frank wrote:
> Hi, Samba team!
> I am trying to install samba4 on FreeBSD 9.2 as a domain DC to join an
> existing samba4 domain controller on FreeBSD 9.2.
> I followed the instruction of:
> Samba4/HOWTO/Join a domain as a DC
> Everything is OK until I run the following command:
>
> root at mtm:/var/named/etc/namedb # samba-tool drs showrepl
> Default-First-Site-Name\MTM
> DSA Options: 0x00000001
> DSA object GUID: fedb4799-a372-486e-97e3-b640fceecad4
> DSA invocationId: 9a156f65-2100-47d1-ad23-9d839212556b
>
> ==== INBOUND NEIGHBORS ====
>
> ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610723,
> 'NT_STATUS_RPC_PROTOCOL_ERROR')
> root at mtm:/var/named/etc/namedb #
>
> Then I followed the following instruction:
> Dns-backend bind
>
> root at mtm:/var/named/etc/namedb # samba_upgradedns --dns-backend=BIND9_DLZ
> Reading domain information
> DNS accounts already exist
> No zone file /var/db/samba4/private/dns/localpccom.localca.zone
> DNS records will be automatically created
> DNS partitions already exist
> dns-MTM account already exists
> See /var/db/samba4/private/named.conf for an example configuration include
> file for BIND
> and /var/db/samba4/private/named.txt for further documentation required for
> secure DNS updates
> Finished upgrading DNS
> root at mtm:/var/named/etc/namedb #
>
> When I run the command
>
> root at mtm:/var/named/etc/namedb # samba_dnsupdate --verbose --all-names
> I got lots of errors:
>
> IPs: ['192.168.0.202']
> Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
>    ${HOSTNAME} 389) as we are not a PDC
> Skipping PDC entry (SRV _ldap._tcp.pdc._msdcs.${DNSFOREST}
>    ${HOSTNAME} 389) as we are not a PDC
> Calling nsupdate for A localpccom.localca 192.168.0.202
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for A mtm.localpccom.localca 192.168.0.202
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for A gc._msdcs.localpccom.localca 192.168.0.202
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for CNAME
> fedb4799-a372-486e-97e3-b640fceecad4._msdcs.localpccom.localca
> mtm.localpccom.localca
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _kpasswd._tcp.localpccom.localca
> mtm.localpccom.localca 464
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _kpasswd._udp.localpccom.localca
> mtm.localpccom.localca 464
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _kerberos._tcp.localpccom.localca
> mtm.localpccom.localca 88
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.localpccom.localca
> mtm.localpccom.localca 88
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _kerberos._tcp.default-first-site-name._sites.localpccom.localca
> mtm.localpccom.localca 88
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _kerberos._tcp.default-first-site-name._sites.dc._msdcs.localpccom.localca
> mtm.localpccom.localca 88
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _kerberos._udp.localpccom.localca
> mtm.localpccom.localca 88
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _ldap._tcp.localpccom.localca
> mtm.localpccom.localca 389
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _ldap._tcp.dc._msdcs.localpccom.localca
> mtm.localpccom.localca 389
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _ldap._tcp.gc._msdcs.localpccom.localca
> mtm.localpccom.localca 3268
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _ldap._tcp.default-first-site-name._sites.localpccom.localca
> mtm.localpccom.localca 389
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _ldap._tcp.default-first-site-name._sites.dc._msdcs.localpccom.localca
> mtm.localpccom.localca 389
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _ldap._tcp.default-first-site-name._sites.gc._msdcs.localpccom.localca
> mtm.localpccom.localca 3268
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _ldap._tcp.dc28f8f7-eed5-4c07-b7fa-b0d291e68f18.domains._msdcs.localpccom.localca
> mtm.localpccom.localca 389
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV _gc._tcp.localpccom.localca mtm.localpccom.localca
> 3268
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Calling nsupdate for SRV
> _gc._tcp.default-first-site-name._sites.localpccom.localca
> mtm.localpccom.localca 3268
> /usr/bin/nsupdate: cannot specify -g    or -o, program not linked with GSS
> API Library
> Failed nsupdate: 1
> Failed update of 20 entries
> root at mtm:/var/named/etc/namedb #
>
> I have problem with the inode number:
> root at mtm:/var/db/samba4 # ls -lai private/dns/sam.ldb.d/
> total 25416
> 1766971 drwxrwx---  2 root  bind      512 Nov 24 21:59 .
> 1766150 drwxrwx---  3 root  bind      512 Nov 24 21:59 ..
> 1766925 -rw-rw----  1 root  bind  7409664 Nov 24 21:59
> CN=CONFIGURATION,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766975 -rw-rw----  1 root  bind  8126464 Nov 24 21:59
> CN=SCHEMA,CN=CONFIGURATION,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766983 -rw-rw----  2 root  bind  4251648 Nov 24 22:32
> DC=DOMAINDNSZONES,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766987 -rw-rw----  2 root  bind  4251648 Nov 24 22:32
> DC=FORESTDNSZONES,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766978 -rw-rw----  1 root  bind  1286144 Nov 24 21:59
> DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766921 -rw-rw----  2 root  bind   421888 Nov 24 21:47 metadata.tdb
> root at mtm:/var/db/samba4 # ls -lai private/sam.ldb.d/
> total 33448
> 1766920 drwxr-x---  2 root  bind        512 Nov 24 21:59 .
> 1765757 drwxr-xr-x  7 root  wheel      1024 Nov 24 22:35 ..
> 1766922 -rw-------  1 root  bind   10391552 Nov 24 22:32
> CN=CONFIGURATION,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766981 -rw-------  1 root  bind   10391552 Nov 24 22:32
> CN=SCHEMA,CN=CONFIGURATION,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766983 -rw-rw----  2 root  bind    4251648 Nov 24 22:32
> DC=DOMAINDNSZONES,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766987 -rw-rw----  2 root  bind    4251648 Nov 24 22:32
> DC=FORESTDNSZONES,DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766982 -rw-------  1 root  bind    4251648 Nov 24 22:32
> DC=LOCALPCCOM,DC=LOCALCA.ldb
> 1766921 -rw-rw----  2 root  bind     421888 Nov 24 21:47 metadata.tdb
> root at mtm:/var/db/samba4 #
>
> root at mtm:/var/log/samba4 # smbclient -L localhost -U%
> Domain=[LOCALPCCOM] OS=[Unix] Server=[Samba 4.0.8]
>
>          Sharename       Type      Comment
>          ---------       ----      -------
>          netlogon        Disk
>          sysvol          Disk
>          IPC$            IPC       IPC Service (Samba 4.0.8)
> Domain=[LOCALPCCOM] OS=[Unix] Server=[Samba 4.0.8]
>
>          Server               Comment
>          ---------            -------
>
>          Workgroup            Master
>          ---------            -------
>
> root at mtm:/var/log/samba4 # uname -a
> FreeBSD mtm.localpccom.localca 9.2-RELEASE FreeBSD 9.2-RELEASE #0 r255898:
> Fri Sep 27 03:52:52 UTC 2013
> root at bake.isc.freebsd.org:/usr/obj/usr/src/sys/GENERIC
>   i386
> root at mtm:/var/log/samba4 #

Did you specify: "nsupdate command = /usr/local/bin/samba-nsupdate -g" 
in [global]?

More information about the samba mailing list