[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet
Davor Vusir
davortvusir at gmail.com
Wed Jun 18 12:40:53 MDT 2014
2014-06-18 10:28 GMT+02:00 Chris Alavoine <chrisa at acs-info.co.uk>:
> Hi all,
>
> Am having problems adding a new DC to a Site that doesn't already have a DC
> in the same subnet. Whenever I try and do a domain join specifying a nearby
> DC in a different subnet I get this:
>
> ERROR(runtime): uncaught exception - (-1073741643, 'NT_STATUS_IO_TIMEOUT')
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line
> 552, in run
> machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 1172, in join_DC
> ctx.do_join()
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 1082, in do_join
> ctx.join_finalise()
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 881, in join_finalise
> ctx.send_DsReplicaUpdateRefs(nc)
> File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py", line
> 866, in send_DsReplicaUpdateRefs
> ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>
> I have managed to join a DC to a Site that already has a DC in that subnet
> (although not in that Site).
>
> Can anyone think of a workaround for this?
>
> This is my join statement (names changed to protect the innocent):
>
> /usr/local/samba/bin/samba-tool domain join essence.internal.com DC
> -UAdministrator --realm=example.com --server=remotedc.example.com
> --site=local
>
>
> I am trying to do this due to the bug that doesn't allow the manual moving
> of DC's to new Sites by using the ADSS drag and drop method.
>
Hi Chris!
Actually there is a way. If you use a DNS that does not reside on the
DC's but standalone, the manual moving works.
As a start I put the following RRs in a static dns: A, ptr and 'basic' SRV RR
_gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
_kpasswd._tcp, _kpasswd._udp, _ldap._tcp, _ldap._tcp.dc._msdcs,
_ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.
That ended in following errors in syslog (amongst others):
[2014/06/18 11:56:36.078267, 3]
../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
dns child failed to find name
'5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of type A.
All SRV RR for a DC have to be present in DNS. But I have had no time
to test it. And I have not tested multiple subnets.
My guess is that the bug is DNS related or the account that makes the
changes cannot edit the AD database. And that results in that no SRV
RR are added/changed and the MMC eventually times out.
Regards
Davor
Thanks,
> Chris.
>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list