[Samba] Question about adding DNS records
Bouke J. Henstra
bouke at ict-diensten.com
Thu Jul 24 15:26:13 MDT 2014
Hello Daniel and all others,
Thank you for your reply. I got some more details. I hope you could help
me further.
I got the following properties in my /etc/resolv.conf (that is srv01ham;
the second DC)
domain th01.inet
nameserver 192.168.0.200
nameserver 172.16.32.222
nameserver 8.8.8.8
search th01.inet
I got the following properties in my /etc/resolv.conf (that is comsrv01a;
the first DC)
domain th01.inet
nameserver 192.168.0.200
nameserver 62.179.104.196
nameserver 213.46.228.196
search th01.inet
Joining the domain went fine and without errors:
root at srv01ham:/opt/samba/bin# ./samba-tool domain join th01.inet DC
-Uadministrator --realm=th01.inet
Finding a writeable DC for domain 'th01.inet'
Found DC comsrv01tst.th01.inet
Password for [WORKGROUP\administrator]:
workgroup is TH01
realm is th01.inet
checking sAMAccountName
Adding CN=SRV01HAM,OU=Domain Controllers,DC=th01,DC=inet
Adding
CN=SRV01HAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=th01,DC=inet
Adding CN=NTDS
Settings,CN=SRV01HAM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
figuration,DC=th01,DC=inet
Adding SPNs to CN=SRV01HAM,OU=Domain Controllers,DC=th01,DC=inet
Setting account password for SRV01HAM$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=th01,DC=inet
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=th01,DC=inet] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=th01,DC=inet] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=th01,DC=inet] objects[1206/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=th01,DC=inet] objects[1550/1550]
linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=th01,DC=inet] objects[402/1622]
linked_values[0/0]
Partition[CN=Configuration,DC=th01,DC=inet] objects[804/1622]
linked_values[0/0]
Partition[CN=Configuration,DC=th01,DC=inet] objects[1206/1622]
linked_values[0/0]
Partition[CN=Configuration,DC=th01,DC=inet] objects[1608/1622]
linked_values[0/0]
Partition[CN=Configuration,DC=th01,DC=inet] objects[1622/1622]
linked_values[44/0]
Replicating critical objects from the base DN of the domain
Partition[DC=th01,DC=inet] objects[101/101] linked_values[25/0]
Partition[DC=th01,DC=inet] objects[405/304] linked_values[107/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=th01,DC=inet
Partition[DC=DomainDnsZones,DC=th01,DC=inet] objects[40/40]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=th01,DC=inet
Partition[DC=ForestDnsZones,DC=th01,DC=inet] objects[18/18]
linked_values[0/0]
Partition[DC=ForestDnsZones,DC=th01,DC=inet] objects[36/18]
linked_values[0/0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain TH01 (SID S-1-5-21-3986851480-121882393-693890105) as a DC
Ping works fine
root at comsrv01a:/# ping 172.16.32.222 -c2
PING 172.16.32.222 (172.16.32.222) 56(84) bytes of data.
64 bytes from 172.16.32.222: icmp_req=1 ttl=62 time=16.2 ms
64 bytes from 172.16.32.222: icmp_req=2 ttl=62 time=15.2 ms
--- 172.16.32.222 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 15.258/15.768/16.278/0.510 ms
root at comsrv01a:/# ping srv01ham -c2
PING srv01ham.th01.inet (172.16.32.222) 56(84) bytes of data.
64 bytes from srv01ham.th01.inet (172.16.32.222): icmp_req=1 ttl=62
time=15.9 ms
64 bytes from srv01ham.th01.inet (172.16.32.222): icmp_req=2 ttl=62
time=13.9 ms
--- srv01ham.th01.inet ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.945/14.924/15.904/0.987 ms
root at comsrv01a:/# ping srv01ham.th01.inet -c2
PING srv01ham.th01.inet (172.16.32.222) 56(84) bytes of data.
64 bytes from srv01ham.th01.inet (172.16.32.222): icmp_req=1 ttl=62
time=16.0 ms
64 bytes from srv01ham.th01.inet (172.16.32.222): icmp_req=2 ttl=62
time=12.0 ms
--- srv01ham.th01.inet ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 12.023/14.023/16.023/2.000 ms
root at srv01ham:/# ping 192.168.0.200 -c2
PING 192.168.0.200 (192.168.0.200) 56(84) bytes of data.
64 bytes from 192.168.0.200: icmp_seq=1 ttl=62 time=17.7 ms
64 bytes from 192.168.0.200: icmp_seq=2 ttl=62 time=13.3 ms
--- 192.168.0.200 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.394/15.563/17.733/2.173 ms
root at srv01ham:/# ping comsrv01a -c2
PING comsrv01a.th01.inet (192.168.0.200) 56(84) bytes of data.
64 bytes from comsrv01a.th01.inet (192.168.0.200): icmp_seq=1 ttl=62
time=20.0 ms
64 bytes from comsrv01a.th01.inet (192.168.0.200): icmp_seq=2 ttl=62
time=12.0 ms
--- comsrv01a.th01.inet ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 12.077/16.084/20.091/4.007 ms
root at srv01ham:/# ping comsrv01a.th01.inet -c2
PING comsrv01a.th01.inet (192.168.0.200) 56(84) bytes of data.
64 bytes from comsrv01a.th01.inet (192.168.0.200): icmp_seq=1 ttl=62
time=20.8 ms
64 bytes from comsrv01a.th01.inet (192.168.0.200): icmp_seq=2 ttl=62
time=17.9 ms
--- comsrv01a.th01.inet ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 17.994/19.434/20.874/1.440 ms
I get the following error when I try to add the record to my primary DC
(192.168.0.200):
root at comsrv01a:/# /opt/samba/bin/samba-tool dns add 192.168.0.200
TH01.INET SRV01HAM A 172.16.32.222 -Uadministrator
Password for [TH01\administrator]:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
1067, in run
0, server, zone, name, add_rec_buf, None)
I suspect there is a DNS error on my first DC.
What I didn't tell is that I got a test DC in my live environment. This
one runs in a VM and has IP 192.168.0.201.
root at srv01ham:/data# /opt/samba/bin/samba-tool dns add 192.168.0.200
TH01.INET SRV01HAM A 172.16.32.222 -Uadministrator
Password for [TH01\administrator]:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
1067, in run
0, server, zone, name, add_rec_buf, None)
root at srv01ham:/data# /opt/samba/bin/samba-tool dns add 192.168.0.201
TH01.INET SRV01HAM A 172.16.32.222 -Uadministrator
Password for [TH01\administrator]:
Record added successfully
root at srv01ham:/data# /opt/samba/bin/samba-tool dns add 192.168.0.200
_msdcs.th01.inet b81d6916-6a8f-4c02-84e9-8dcc3a6bc8ba CNAME
srv01ham.th01.inet -Uadministrator
Password for [TH01\administrator]:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
1067, in run
0, server, zone, name, add_rec_buf, None)
root at srv01ham:/data# /opt/samba/bin/samba-tool dns add 192.168.0.201
_msdcs.th01.inet b81d6916-6a8f-4c02-84e9-8dcc3a6bc8ba CNAME
srv01ham.th01.inet -Uadministrator
Password for [TH01\administrator]:
Record added successfully
My server comsrv01a still runs with BIND9_FLATFILE. Maybe I need to
upgrade this to BIND9_DLZ (but I don't remember any more how I did this on
other DC's and I can't find any reverence any more).
root at comsrv01a:/opt/samba/sbin# ./samba_upgradedns
Reading domain information
DNS accounts already exist
Reading records from zone file /opt/samba/private/dns/TH01.INET.zone
Error parsing DNS data from '/opt/samba/private/dns/TH01.INET.zone' ()
DNS records will be automatically created
Traceback (most recent call last):
File "./samba_upgradedns", line 316, in <module>
ncname = msg[0]['nCName'][0]
KeyError: 'No such element'
This one still uses BIND9_FLATFILE.
root at comsrv01a:/opt/samba/sbin# ls -lah /opt/samba/private/dns
total 172K
drwxrwx--- 2 root bind 4.0K Jul 24 22:23 .
drwxr-xr-x 7 root root 4.0K Jul 24 23:04 ..
-rw-r--r-- 1 bind bind 3.2K Jul 24 22:30 th01.inet.zone
lrwxrwxrwx 1 root root 14 Jul 24 22:22 TH01.INET.zone -> th01.inet.zone
-rw-r--r-- 1 bind bind 147K Jul 24 08:53 th01.inet.zone.jnl
root at comsrv01a:/opt/samba/sbin# cat ../private/dns/th01.inet.zone
$ORIGIN .
$TTL 604800 ; 1 week
th01.inet IN SOA comsrv01a.th01.inet. hostmaster.th01.inet.
(
2013061871 ; serial
172800 ; refresh (2 days)
14400 ; retry (4 hours)
3628800 ; expire (6 weeks)
604800 ; minimum (1 week)
)
NS comsrv01a.th01.inet.
$TTL 900 ; 15 minutes
A 192.168.0.200
A 192.168.0.201
$ORIGIN th01.inet.
$TTL 604800 ; 1 week
_kerberos TXT "TH01.INET"
$ORIGIN _msdcs.th01.inet.
29f1582a-3589-4ebb-9755-7be96de04949 CNAME comsrv01tst.th01.inet.
$ORIGIN _tcp.Default-First-Site-Name._sites.dc._msdcs.th01.inet.
$TTL 900 ; 15 minutes
_kerberos SRV 0 100 88 comsrv01a.th01.inet.
SRV 0 100 88 comsrv01tst.th01.inet.
_ldap SRV 0 100 389 comsrv01a.th01.inet.
SRV 0 100 389 comsrv01tst.th01.inet.
$ORIGIN _tcp.dc._msdcs.th01.inet.
_kerberos SRV 0 100 88 comsrv01a.th01.inet.
SRV 0 100 88 comsrv01tst.th01.inet.
_ldap SRV 0 100 389 comsrv01a.th01.inet.
SRV 0 100 389 comsrv01tst.th01.inet.
$ORIGIN _msdcs.th01.inet.
_ldap._tcp.029d45d8-2621-4c7c-a944-23884cfd0dad.domains SRV 0 100 389
comsrv01a.th01.inet.
SRV 0 100 389 comsrv01tst.th01.inet.
$TTL 604800 ; 1 week
f3ec5ecd-e121-4024-bc85-83b09e07401a CNAME comsrv01a.th01.inet.
$TTL 900 ; 15 minutes
gc A 192.168.0.200
A 192.168.0.201
$ORIGIN gc._msdcs.th01.inet.
_ldap._tcp.Default-First-Site-Name._sites SRV 0 100 3268
comsrv01a.th01.inet.
SRV 0 100 3268 comsrv01tst.th01.inet.
_ldap._tcp SRV 0 100 3268 comsrv01a.th01.inet.
SRV 0 100 3268 comsrv01tst.th01.inet.
$ORIGIN _msdcs.th01.inet.
$TTL 604800 ; 1 week
_ldap._tcp.pdc SRV 0 100 389 comsrv01a.th01.inet.
$ORIGIN _tcp.Default-First-Site-Name._sites.th01.inet.
$TTL 900 ; 15 minutes
_gc SRV 0 100 3268 comsrv01a.th01.inet.
SRV 0 100 3268 comsrv01tst.th01.inet.
_kerberos SRV 0 100 88 comsrv01a.th01.inet.
SRV 0 100 88 comsrv01tst.th01.inet.
_ldap SRV 0 100 389 comsrv01a.th01.inet.
SRV 0 100 389 comsrv01tst.th01.inet.
$ORIGIN _tcp.th01.inet.
_gc SRV 0 100 3268 comsrv01a.th01.inet.
SRV 0 100 3268 comsrv01tst.th01.inet.
_kerberos SRV 0 100 88 comsrv01a.th01.inet.
SRV 0 100 88 comsrv01tst.th01.inet.
$TTL 604800 ; 1 week
_kerberos-master SRV 0 100 88 comsrv01a.th01.inet.
$TTL 900 ; 15 minutes
_kpasswd SRV 0 100 464 comsrv01a.th01.inet.
SRV 0 100 464 comsrv01tst.th01.inet.
_ldap SRV 0 100 389 comsrv01a.th01.inet.
SRV 0 100 389 comsrv01tst.th01.inet.
$ORIGIN _udp.th01.inet.
_kerberos SRV 0 100 88 comsrv01a.th01.inet.
SRV 0 100 88 comsrv01tst.th01.inet.
$TTL 604800 ; 1 week
_kerberos-master SRV 0 100 88 comsrv01a.th01.inet.
$TTL 900 ; 15 minutes
_kpasswd SRV 0 100 464 comsrv01a.th01.inet.
SRV 0 100 464 comsrv01tst.th01.inet.
$ORIGIN th01.inet.
$TTL 604800 ; 1 week
comsrv01a A 192.168.0.200
comsrv01tst A 192.168.0.201
$TTL 3600 ; 1 hour
nas001th A 192.168.0.17
$TTL 1200 ; 20 minutes
OZD01 A 192.168.0.232
S01D01 A 192.168.0.101
S01D02 A 192.168.0.102
S01D03 A 192.168.0.103
S01D04 A 192.168.0.114
S01D05 A 192.168.0.105
S01DA1 A 192.168.0.75
S01DX1 A 192.168.0.40
S01DX2 A 192.168.0.110
S01N01 A 192.168.0.71
S01N99 A 172.16.24.55
S01NV1 A 192.168.0.66
THSRV01WIN A 192.168.0.18
$TTL 86400 ; 1 day
XRX9C934E2E4493 A 192.168.0.36
I am still stuck. Please let me know if you can help me or need more
details. Your help is very much appreciated.
Kind regards,
Bouke
-----Oorspronkelijk bericht-----
Van: Daniel Müller [mailto:mueller at tropenklinik.de]
Verzonden: donderdag 24 juli 2014 11:27
Aan: 'Bouke J. Henstra'; samba at lists.samba.org
Onderwerp: AW: [Samba] Question about adding DNS records
You set properties in resolv.con?
You did join the DC as descriped without any errors!?
Both Dcs can ping each other !?
On your first DC:
samba-tool dns add FIRSTDC YOUR.REALM SECONDDC A 172.16.32.222
-Uadministrator
ldbsearch -H /usr/local/samba/private/sam.ldb '(invocationid=*)'
--cross-ncs objectguid
You must see 2 records FIRSTDC SECONDDC ex:
# record 1
dn: CN=NTDS
Settings,CN=S4MASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
fi
guration,DC=tplk,DC=loc
objectGUID: 8b83fe75-2e98-464b-b121-2c434c179c82
# record 2
dn: CN=NTDS
Settings,CN=S4SLAVE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
ig
uration,DC=tplk,DC=loc
objectGUID: 0fae0583-b14c-421b-b622-00fbfaf1826c
# returned 2 records
# 2 entries
# 0 referrals
Then with the right objectGUID:
samba-tool dns add FIRSTDC _msdcs.tplk.loc xxxx-xxxx-xxxx-xxxx-xxxxxxx
CNAME SECONDDC.your.realm -Uadministrator
make your reverse entry for SECONDDC:
samba-tool dns add FIRTSTDC YOUR.REVERSE.ZONE.in-addr.arpa XXX PTR
SECONDDC.your.realm
Test from your SECONDDC:
samba-tool drs kcc -Uadministrator seconddc.your.realm
ex:
samba-tool drs kcc -Uadministrator s4master.tplk.loc Password for
[TPLK\administrator]:
Consistency check on s4master.tplk.loc successful.
Good Luck
Daniel
EDV Daniel Müller
Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de
-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
Im
Auftrag von Bouke J. Henstra
Gesendet: Mittwoch, 23. Juli 2014 21:29
An: samba at lists.samba.org
Betreff: [Samba] Question about adding DNS records
Hello all,
I managed to install an extra DC.
The first DC is comsrv01a with ip 192.168.0.200.
I run Samba 4.1.9 and BIND 9.8.1-P1.
The new DC is srv01ham with ip 172.16.32.222.
I use the internal DNS.
I run Samba 4.1.9.
I use a permanent LAN-2-LAN VPN via my Draytek routers.
The first DC (comsrv01a, 192.168.0.200) is my primary DNS server. This is
configured in all my routers and DHCP servers.
I followed the documents:
1. "Join a domain as a DC"
>> http://wiki.samba.org/index.php/Join_a_domain_as_a_DC
2. Samba AD DC HOWTO
>> http://wiki.samba.org/index.php/Samba_AD_DC_HOWTO
I would like to add the new DC to DNS.
I followed the information that I found at
http://wiki.samba.org/index.php/Join_a_domain_as_a_DC#Check_required_DNS_e
ntries_of_the_new_host
Unfortunately I get the following error message.
root at comsrv01a:/opt/samba/bin# ./samba-tool dns add 192.168.0.200
th01.inet
SRV01HAM A 172.16.32.222 -Uadministrator Password for
[TH01\administrator]:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/opt/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
1067, in run
0, server, zone, name, add_rec_buf, None)
I would like to know how to fix this issue.
I found some information about this but I just can't get my head around.
Some indicate it is a bug and others write it has to do with RPC... I am
lost at this moment.
Also the log files don't lead me into the direction of a solution.
Help would be very much appreciated. Please let me know if I need to post
more details. Please help. I will reward you with beer or wine (when
successful).
Kind regards,
Bouke
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list