[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

Davor Vusir davortvusir at gmail.com
Thu Jun 26 11:42:50 MDT 2014


Den 26 jun 2014 19:21 skrev "Chris Alavoine" <chrisa at acs-info.co.uk>:
>
> Hi,
>
> Yes, have seen that wiki page, seems straightforward enough, but I didn't
think FLATFILE was supported any more?
>
> c:)
>
It does work with both 4.1.8 and 4.1.9. But please be aware of that the DNS
management MMC does not work with this setup.

Regards
Davor

>
> On 26 June 2014 17:41, lp101 <lingpanda101 at gmail.com> wrote:
>>
>> Chris,
>>
>>     Have you seen this link from the wiki or do you need to know how to
setup Bind9_FlatFile first?
>>
>> https://wiki.samba.org/index.php/Changing_the_DNS_backend
>>
>>
>>
>> On 6/26/2014 8:35 AM, Chris Alavoine wrote:
>>>
>>> I'm running 4.1.5 at present on all my DC's. Will BIND9_FLATFILE work
with this release - I can't find any documentation on how to change from
Internal DNS to BIND9_FLATFILE.
>>>
>>> Thanks,
>>> Chris.
>>>
>>>
>>> On 24 June 2014 19:14, Davor Vusir <davortvusir at gmail.com> wrote:
>>>>
>>>> Sorry. Don't know. Haven't tested  internal DNS. Maybe the recpie is
>>>> to use BIND9_FLATFILE.
>>>>
>>>> /Davor
>>>>
>>>> 2014-06-24 20:07 GMT+02:00 lp101 <lingpanda101 at gmail.com>:
>>>> > Any workaround if using the internal DNS to move sites?
>>>> >
>>>> >
>>>> > On 6/24/2014 1:08 PM, Davor Vusir wrote:
>>>> >>
>>>> >> Hi again!
>>>> >>
>>>> >> If you use BIND9_DLZ, try change/convert to BIND9_FLATFILE and you
>>>> >> will be able to create and rename Sites and move DC:s to the newly
>>>> >> created Site.
>>>> >>
>>>> >> Regards
>>>> >> Davor
>>>> >>
>>>> >>
>>>> >> 2014-06-18 20:40 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
>>>> >>>
>>>> >>> 2014-06-18 10:28 GMT+02:00 Chris Alavoine <chrisa at acs-info.co.uk>:
>>>> >>>>
>>>> >>>> Hi all,
>>>> >>>>
>>>> >>>> Am having problems adding a new DC to a Site that doesn't already
have a
>>>> >>>> DC
>>>> >>>> in the same subnet. Whenever I try and do a domain join
specifying a
>>>> >>>> nearby
>>>> >>>> DC in a different subnet I get this:
>>>> >>>>
>>>> >>>> ERROR(runtime): uncaught exception - (-1073741643,
>>>> >>>> 'NT_STATUS_IO_TIMEOUT')
>>>> >>>>    File
>>>> >>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>>> >>>> line 175, in _run
>>>> >>>>      return self.run(*args, **kwargs)
>>>> >>>>    File
>>>> >>>>
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>>>> >>>> line
>>>> >>>> 552, in run
>>>> >>>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
>>>> >>>> dns_backend=dns_backend)
>>>> >>>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> >>>> line
>>>> >>>> 1172, in join_DC
>>>> >>>>      ctx.do_join()
>>>> >>>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> >>>> line
>>>> >>>> 1082, in do_join
>>>> >>>>      ctx.join_finalise()
>>>> >>>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> >>>> line
>>>> >>>> 881, in join_finalise
>>>> >>>>      ctx.send_DsReplicaUpdateRefs(nc)
>>>> >>>>    File
"/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
>>>> >>>> line
>>>> >>>> 866, in send_DsReplicaUpdateRefs
>>>> >>>>      ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
>>>> >>>>
>>>> >>>> I have managed to join a DC to a Site that already has a DC in
that
>>>> >>>> subnet
>>>> >>>> (although not in that Site).
>>>> >>>>
>>>> >>>> Can anyone think of a workaround for this?
>>>> >>>>
>>>> >>>> This is my join statement (names changed to protect the innocent):
>>>> >>>>
>>>> >>>> /usr/local/samba/bin/samba-tool domain join essence.internal.com
DC
>>>> >>>> -UAdministrator --realm=example.com --server=remotedc.example.com
>>>> >>>> --site=local
>>>> >>>>
>>>> >>>>
>>>> >>>> I am trying to do this due to the bug that doesn't allow the
manual
>>>> >>>> moving
>>>> >>>> of DC's to new Sites by using the ADSS drag and drop method.
>>>> >>>>
>>>> >>> Hi Chris!
>>>> >>>
>>>> >>> Actually there is a way. If you use a DNS that does not reside on
the
>>>> >>> DC's but standalone, the manual moving works.
>>>> >>>
>>>> >>> As a start I put the following RRs in a static dns: A, ptr and
'basic'
>>>> >>> SRV RR
>>>> >>> _gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
>>>> >>> _kpasswd._tcp, _kpasswd._udp, _ldap._tcp, _ldap._tcp.dc._msdcs,
>>>> >>> _ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.
>>>> >>>
>>>> >>> That ended in following errors in syslog (amongst others):
>>>> >>>
>>>> >>> [2014/06/18 11:56:36.078267, 3]
>>>> >>> ../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
>>>> >>>   dns child failed to find name
>>>> >>> '5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of type
A.
>>>> >>>
>>>> >>> All SRV RR for a DC have to be present in DNS. But I have had no
time
>>>> >>> to test it. And I have not tested multiple subnets.
>>>> >>>
>>>> >>> My guess is that the bug is DNS related or the account that makes
the
>>>> >>> changes cannot edit the AD database. And that results in that no
SRV
>>>> >>> RR are added/changed and the MMC eventually times out.
>>>> >>>
>>>> >>> Regards
>>>> >>> Davor
>>>> >>>
>>>> >>>   Thanks,
>>>> >>>>
>>>> >>>> Chris.
>>>> >>>>
>>>> >>>>
>>>> >>>>
>>>> >>>> --
>>>> >>>> ACS (Alavoine Computer Services Ltd)
>>>> >>>> Chris Alavoine
>>>> >>>> mob +44 (0)7724 710 730
>>>> >>>> www.alavoinecs.co.uk
>>>> >>>> http://twitter.com/#!/alavoinecs
>>>> >>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>>>> >>>> --
>>>> >>>> To unsubscribe from this list go to the following URL and read the
>>>> >>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>> >
>>>> >
>>>> > --
>>>> > -James
>>>> >
>>>
>>>
>>>
>>>
>>> --
>>> ACS (Alavoine Computer Services Ltd)
>>> Chris Alavoine
>>> mob +44 (0)7724 710 730
>>> www.alavoinecs.co.uk
>>> http://twitter.com/#!/alavoinecs
>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
>>
>>
>> --
>> -James
>
>
>
>
> --
> ACS (Alavoine Computer Services Ltd)
> Chris Alavoine
> mob +44 (0)7724 710 730
> www.alavoinecs.co.uk
> http://twitter.com/#!/alavoinecs
> http://www.linkedin.com/pub/chris-alavoine/39/606/192


More information about the samba mailing list