[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

Tue Jun 24 12:14:53 MDT 2014

Sorry. Don't know. Haven't tested  internal DNS. Maybe the recpie is
to use BIND9_FLATFILE.

/Davor

2014-06-24 20:07 GMT+02:00 lp101 <lingpanda101 at gmail.com>:
> Any workaround if using the internal DNS to move sites?
>
>
> On 6/24/2014 1:08 PM, Davor Vusir wrote:
>>
>> Hi again!
>>
>> If you use BIND9_DLZ, try change/convert to BIND9_FLATFILE and you
>> will be able to create and rename Sites and move DC:s to the newly
>> created Site.
>>
>> Regards
>> Davor
>>
>>
>> 2014-06-18 20:40 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
>>>
>>> 2014-06-18 10:28 GMT+02:00 Chris Alavoine <chrisa at acs-info.co.uk>:
>>>>
>>>> Hi all,
>>>>
>>>> Am having problems adding a new DC to a Site that doesn't already have a
>>>> DC
>>>> in the same subnet. Whenever I try and do a domain join specifying a
>>>> nearby
>>>> DC in a different subnet I get this:
>>>>
>>>> ERROR(runtime): uncaught exception - (-1073741643,
>>>> 'NT_STATUS_IO_TIMEOUT')
>>>>    File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>>> line 175, in _run
>>>>      return self.run(*args, **kwargs)
>>>>    File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>>>> line
>>>> 552, in run
>>>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
>>>> dns_backend=dns_backend)
>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> line
>>>> 1172, in join_DC
>>>>      ctx.do_join()
>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> line
>>>> 1082, in do_join
>>>>      ctx.join_finalise()
>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> line
>>>> 881, in join_finalise
>>>>      ctx.send_DsReplicaUpdateRefs(nc)
>>>>    File "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> line
>>>> 866, in send_DsReplicaUpdateRefs
>>>>      ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>>>>
>>>> I have managed to join a DC to a Site that already has a DC in that
>>>> subnet
>>>> (although not in that Site).
>>>>
>>>> Can anyone think of a workaround for this?
>>>>
>>>> This is my join statement (names changed to protect the innocent):
>>>>
>>>> /usr/local/samba/bin/samba-tool domain join essence.internal.com DC
>>>> -UAdministrator --realm=example.com --server=remotedc.example.com
>>>> --site=local
>>>>
>>>>
>>>> I am trying to do this due to the bug that doesn't allow the manual
>>>> moving
>>>> of DC's to new Sites by using the ADSS drag and drop method.
>>>>
>>> Hi Chris!
>>>
>>> Actually there is a way. If you use a DNS that does not reside on the
>>> DC's but standalone, the manual moving works.
>>>
>>> As a start I put the following RRs in a static dns: A, ptr and 'basic'
>>> SRV RR
>>> _gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
>>> _kpasswd._tcp, _kpasswd._udp, _ldap._tcp, _ldap._tcp.dc._msdcs,
>>> _ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.
>>>
>>> That ended in following errors in syslog (amongst others):
>>>
>>> [2014/06/18 11:56:36.078267, 3]
>>> ../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
>>>   dns child failed to find name
>>> '5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of type A.
>>>
>>> All SRV RR for a DC have to be present in DNS. But I have had no time
>>> to test it. And I have not tested multiple subnets.
>>>
>>> My guess is that the bug is DNS related or the account that makes the
>>> changes cannot edit the AD database. And that results in that no SRV
>>> RR are added/changed and the MMC eventually times out.
>>>
>>> Regards
>>> Davor
>>>
>>>   Thanks,
>>>>
>>>> Chris.
>>>>
>>>>
>>>>
>>>> --
>>>> ACS (Alavoine Computer Services Ltd)
>>>> Chris Alavoine
>>>> mob +44 (0)7724 710 730
>>>> www.alavoinecs.co.uk
>>>> http://twitter.com/#!/alavoinecs
>>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>
>
> --
> -James
>