[Samba] Unable to join a DC to a Site that doesn't already have a DC in that subnet

Chris Alavoine chrisa at acs-info.co.uk
Fri Jun 27 04:42:25 MDT 2014 

Yeah, the MMC is necessary at this stage as a few different folks manage
the DNS for the domain. I guess the Site movement doesn't work with
BIND_DLZ?

c:)


On 26 June 2014 18:42, Davor Vusir <davortvusir at gmail.com> wrote:

>
> Den 26 jun 2014 19:21 skrev "Chris Alavoine" <chrisa at acs-info.co.uk>:
>
> >
> > Hi,
> >
> > Yes, have seen that wiki page, seems straightforward enough, but I
> didn't think FLATFILE was supported any more?
> >
> > c:)
> >
> It does work with both 4.1.8 and 4.1.9. But please be aware of that the
> DNS management MMC does not work with this setup.
>
> Regards
> Davor
>
> >
> > On 26 June 2014 17:41, lp101 <lingpanda101 at gmail.com> wrote:
> >>
> >> Chris,
> >>
> >>     Have you seen this link from the wiki or do you need to know how to
> setup Bind9_FlatFile first?
> >>
> >> https://wiki.samba.org/index.php/Changing_the_DNS_backend
> >>
> >>
> >>
> >> On 6/26/2014 8:35 AM, Chris Alavoine wrote:
> >>>
> >>> I'm running 4.1.5 at present on all my DC's. Will BIND9_FLATFILE work
> with this release - I can't find any documentation on how to change from
> Internal DNS to BIND9_FLATFILE.
> >>>
> >>> Thanks,
> >>> Chris.
> >>>
> >>>
> >>> On 24 June 2014 19:14, Davor Vusir <davortvusir at gmail.com> wrote:
> >>>>
> >>>> Sorry. Don't know. Haven't tested  internal DNS. Maybe the recpie is
> >>>> to use BIND9_FLATFILE.
> >>>>
> >>>> /Davor
> >>>>
> >>>> 2014-06-24 20:07 GMT+02:00 lp101 <lingpanda101 at gmail.com>:
> >>>> > Any workaround if using the internal DNS to move sites?
> >>>> >
> >>>> >
> >>>> > On 6/24/2014 1:08 PM, Davor Vusir wrote:
> >>>> >>
> >>>> >> Hi again!
> >>>> >>
> >>>> >> If you use BIND9_DLZ, try change/convert to BIND9_FLATFILE and you
> >>>> >> will be able to create and rename Sites and move DC:s to the newly
> >>>> >> created Site.
> >>>> >>
> >>>> >> Regards
> >>>> >> Davor
> >>>> >>
> >>>> >>
> >>>> >> 2014-06-18 20:40 GMT+02:00 Davor Vusir <davortvusir at gmail.com>:
> >>>> >>>
> >>>> >>> 2014-06-18 10:28 GMT+02:00 Chris Alavoine <chrisa at acs-info.co.uk
> >:
> >>>> >>>>
> >>>> >>>> Hi all,
> >>>> >>>>
> >>>> >>>> Am having problems adding a new DC to a Site that doesn't
> already have a
> >>>> >>>> DC
> >>>> >>>> in the same subnet. Whenever I try and do a domain join
> specifying a
> >>>> >>>> nearby
> >>>> >>>> DC in a different subnet I get this:
> >>>> >>>>
> >>>> >>>> ERROR(runtime): uncaught exception - (-1073741643,
> >>>> >>>> 'NT_STATUS_IO_TIMEOUT')
> >>>> >>>>    File
> >>>> >>>>
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >>>> >>>> line 175, in _run
> >>>> >>>>      return self.run(*args, **kwargs)
> >>>> >>>>    File
> >>>> >>>>
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> >>>> >>>> line
> >>>> >>>> 552, in run
> >>>> >>>>      machinepass=machinepass, use_ntvfs=use_ntvfs,
> >>>> >>>> dns_backend=dns_backend)
> >>>> >>>>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> >>>> >>>> line
> >>>> >>>> 1172, in join_DC
> >>>> >>>>      ctx.do_join()
> >>>> >>>>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> >>>> >>>> line
> >>>> >>>> 1082, in do_join
> >>>> >>>>      ctx.join_finalise()
> >>>> >>>>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> >>>> >>>> line
> >>>> >>>> 881, in join_finalise
> >>>> >>>>      ctx.send_DsReplicaUpdateRefs(nc)
> >>>> >>>>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/join.py",
> >>>> >>>> line
> >>>> >>>> 866, in send_DsReplicaUpdateRefs
> >>>> >>>>      ctx.drsuapi.DsReplicaUpdateRefs(ctx.drsuapi_handle, 1, r)
> >>>> >>>>
> >>>> >>>> I have managed to join a DC to a Site that already has a DC in
> that
> >>>> >>>> subnet
> >>>> >>>> (although not in that Site).
> >>>> >>>>
> >>>> >>>> Can anyone think of a workaround for this?
> >>>> >>>>
> >>>> >>>> This is my join statement (names changed to protect the
> innocent):
> >>>> >>>>
> >>>> >>>> /usr/local/samba/bin/samba-tool domain join essence.internal.com
> DC
> >>>> >>>> -UAdministrator --realm=example.com --server=
> remotedc.example.com
> >>>> >>>> --site=local
> >>>> >>>>
> >>>> >>>>
> >>>> >>>> I am trying to do this due to the bug that doesn't allow the
> manual
> >>>> >>>> moving
> >>>> >>>> of DC's to new Sites by using the ADSS drag and drop method.
> >>>> >>>>
> >>>> >>> Hi Chris!
> >>>> >>>
> >>>> >>> Actually there is a way. If you use a DNS that does not reside on
> the
> >>>> >>> DC's but standalone, the manual moving works.
> >>>> >>>
> >>>> >>> As a start I put the following RRs in a static dns: A, ptr and
> 'basic'
> >>>> >>> SRV RR
> >>>> >>> _gc._tcp, _kerberos._tcp, _kerberos._tcp, _kerberos._udp,
> >>>> >>> _kpasswd._tcp, _kpasswd._udp, _ldap._tcp, _ldap._tcp.dc._msdcs,
> >>>> >>> _ldap._tcp.gc._msdcs, _ldap._tcp.pdc._msdcs.
> >>>> >>>
> >>>> >>> That ended in following errors in syslog (amongst others):
> >>>> >>>
> >>>> >>> [2014/06/18 11:56:36.078267, 3]
> >>>> >>> ../source4/libcli/resolve/dns_ex.c:492(pipe_handler)
> >>>> >>>   dns child failed to find name
> >>>> >>> '5d6f52ac-640c-4dc1-a84b-42aac923d256._msdcs.example.org' of
> type A.
> >>>> >>>
> >>>> >>> All SRV RR for a DC have to be present in DNS. But I have had no
> time
> >>>> >>> to test it. And I have not tested multiple subnets.
> >>>> >>>
> >>>> >>> My guess is that the bug is DNS related or the account that makes
> the
> >>>> >>> changes cannot edit the AD database. And that results in that no
> SRV
> >>>> >>> RR are added/changed and the MMC eventually times out.
> >>>> >>>
> >>>> >>> Regards
> >>>> >>> Davor
> >>>> >>>
> >>>> >>>   Thanks,
> >>>> >>>>
> >>>> >>>> Chris.
> >>>> >>>>
> >>>> >>>>
> >>>> >>>>
> >>>> >>>> --
> >>>> >>>> ACS (Alavoine Computer Services Ltd)
> >>>> >>>> Chris Alavoine
> >>>> >>>> mob +44 (0)7724 710 730
> >>>> >>>> www.alavoinecs.co.uk
> >>>> >>>> http://twitter.com/#!/alavoinecs
> >>>> >>>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> >>>> >>>> --
> >>>> >>>> To unsubscribe from this list go to the following URL and read
> the
> >>>> >>>> instructions:  https://lists.samba.org/mailman/options/samba
> >>>> >
> >>>> >
> >>>> > --
> >>>> > -James
> >>>> >
> >>>
> >>>
> >>>
> >>>
> >>> --
> >>> ACS (Alavoine Computer Services Ltd)
> >>> Chris Alavoine
> >>> mob +44 (0)7724 710 730
> >>> www.alavoinecs.co.uk
> >>> http://twitter.com/#!/alavoinecs
> >>> http://www.linkedin.com/pub/chris-alavoine/39/606/192
> >>
> >>
> >> --
> >> -James
> >
> >
> >
> >
> > --
> > ACS (Alavoine Computer Services Ltd)
> > Chris Alavoine
> > mob +44 (0)7724 710 730
> > www.alavoinecs.co.uk
> > http://twitter.com/#!/alavoinecs
> > http://www.linkedin.com/pub/chris-alavoine/39/606/192
>



-- 
ACS (Alavoine Computer Services Ltd)
Chris Alavoine
mob +44 (0)7724 710 730
www.alavoinecs.co.uk
http://twitter.com/#!/alavoinecs
http://www.linkedin.com/pub/chris-alavoine/39/606/192

More information about the samba mailing list