[Samba] Samba internal dns problem / No domain service

sr sr42354 at gmail.com
Fri Nov 7 05:54:30 MST 2014 

Le 07/11/2014 13:18, Rowland Penny a écrit :
> On 07/11/14 10:49, sr wrote:
>>
>> Le 07/11/2014 11:40, Rowland Penny a écrit :
>>> On 07/11/14 10:17, sr wrote:
>>>>
>>>> Le 07/11/2014 10:11, Rowland Penny a écrit :
>>>>> On 07/11/14 08:27, sr wrote:
>>>>>> All seems ok because I have only "1341/samba" listenning process. 
>>>>>> But I don't have the 953 port line...
>>>>>> If I read the /etc/service file I have for the port 953 tcp and 
>>>>>> udp "rndc control sockets (BIND9)"
>>>>>> Should I remove this lines since I don't have named installed?
>>>>>> ( and manualy add this line? Or restart samba install... )
>>>>>> thanks.
>>>>>>
>>>>>>
>>>>>> Le 06/11/2014 17:38, Rowland Penny a écrit :
>>>>>>> On 06/11/14 16:27, sr wrote:
>>>>>>>> Does this problem could come from a port occupied by another 
>>>>>>>> program in the / etc / services file? And which one?
>>>>>>>
>>>>>>> If something else is listening on port 53, then yes, as you are 
>>>>>>> using the internal DNS server, you shouldn't have any other DNS 
>>>>>>> program running on the same server, i.e. dnsmasq, bind etc
>>>>>>>
>>>>>>> Try running 'netstat -tulpn | grep 53 | grep LISTEN' on the 
>>>>>>> samba4 AD DC
>>>>>>>
>>>>>>> I use Bind9 and get:
>>>>>>>
>>>>>>> tcp        0      0 192.168.0.2:53          0.0.0.0:* LISTEN 
>>>>>>> 2346/named
>>>>>>> tcp        0      0 127.0.0.1:53            0.0.0.0:* LISTEN 
>>>>>>> 2346/named
>>>>>>> tcp        0      0 127.0.0.1:953           0.0.0.0:* LISTEN 
>>>>>>> 2346/named
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>>>>
>>>>>>>> Samuel
>>>>>>>>
>>>>>>>> Le 06/11/2014 13:41, sr a écrit :
>>>>>>>>>
>>>>>>>>> Le 06/11/2014 12:25, Rowland Penny a écrit :
>>>>>>>>>> On 06/11/14 10:59, sr wrote:
>>>>>>>>>>>
>>>>>>>>>>> Le 06/11/2014 11:23, Rowland Penny a écrit :
>>>>>>>>>>>> On 06/11/14 10:16, sr wrote:
>>>>>>>>>>>>> Hi,
>>>>>>>>>>>>>
>>>>>>>>>>>>> I'm trying to move from a windows 2008R2 domain controler 
>>>>>>>>>>>>> to samba4 ( centos 6.5 x64 + samba v 4.1.13 )
>>>>>>>>>>>>> For now, both of server are working as AD controlers.
>>>>>>>>>>>>
>>>>>>>>>>>> How did you join the Samba4 DC to the windows domain ?
>>>>>>>>>>> I followed the wiki guide "Join a domain as a DC" with no 
>>>>>>>>>>> problem unless for the msdcs CNAME entry of the new dc, 
>>>>>>>>>>> which return error ( I did it with the win2000 graphical 
>>>>>>>>>>> interface, like others guys in the same situation )
>>>>>>>>>>
>>>>>>>>>> SO, 'host -t CNAME YOUR_objectGUID._msdcs.samba4.domain.com.' 
>>>>>>>>>> does not return a CNAME, have you run:
>>>>>>>>>>
>>>>>>>>>> samba-tool dns add IP-of-your-DNS _msdcs.samba4.domain.com 
>>>>>>>>>> YOUR_objectGUID CNAME DC2.samba4.domain.com -Uadministrator
>>>>>>>>>>
>>>>>>>>>> Also, I see that you mention 'the win2000 graphical 
>>>>>>>>>> interface' , I wonder if this is the problem, the lowest 
>>>>>>>>>> function level of Samba4 AD is 2003 ?
>>>>>>>>>>
>>>>>>>>>> Rowland
>>>>>>>>> No, the command 'host -t CNAME 
>>>>>>>>> YOUR_objectGUID._msdcs.samba4.domain.com.' return 'host -t 
>>>>>>>>> CNAME YOUR_objectGUID._msdcs.samba4.domain.com is an alias for 
>>>>>>>>> samba4.domain.com'.
>>>>>>>>> whops! I would says "win2008 graphical interface. ;)
>>>>>>>>> I tryed a first install with domain and forest with a 2008 
>>>>>>>>> functional level with the same problem... ( now it's a 2003 
>>>>>>>>> domain and forest functional level )
>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>> Samuel
>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> But I can't manage DNS from a windows client with the 
>>>>>>>>>>>>> graphical tool... ( it says "active directory not 
>>>>>>>>>>>>> available, ..." )
>>>>>>>>>>>>>
>>>>>>>>>>>>> On samba server if I try the following command
>>>>>>>>>>>>> "samba-tool dns zonelist samba4.domain.com"
>>>>>>>>>>>>>
>>>>>>>>>>>> Is 'samba4.domain.com' your dns domain on both DC's ? also 
>>>>>>>>>>>> I take that you are adding '-UAdministrator' to the above 
>>>>>>>>>>>> command.
>>>>>>>>>>> Yes. Like the W2008 server
>>>>>>>>>>>>
>>>>>>>>>>>> Rowland
>>>>>>>>>>>>
>>>>>>>>>>>>> the following message appears
>>>>>>>>>>>>> "9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE"
>>>>>>>>>>>>>
>>>>>>>>>>>>> and if I shutdown the win2008 server the message is 
>>>>>>>>>>>>> "NT_STATUS_IO_TIMEOUT"
>>>>>>>>>>>>>
>>>>>>>>>>>>> any help will be fully appreciate! :)
>>>>>>>>>>>>> Thanks! :)
>>>>>>>>>>>>>
>>>>>>>>>>>>> Samuel
>>>>>>>>>>>>
>>>>>>>>>>> thanks
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>> You can ignore the lack of the '953' line, it is, as you say, the 
>>>>> bind command port.
>>>>> Do you by any chance have selinux running, I have spent time in 
>>>>> the past, trying to find out just why a program wouldn't work and 
>>>>> it turned out that Selinux was stopping something happening.
>>>>>
>>>>> I wonder if the directory structure is ok? try running this on the 
>>>>> samba4 DC:
>>>>>
>>>>> ldbedit -e nano -H /var/lib/samba/private/sam.ldb --cross-ncs -b 
>>>>> "CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com"
>>>>>
>>>>> You may have to alter the path to sam.ldb.
>>>>>
>>>>> Rowland
>>>>>
>>>> Selinux is disabled and iptables is flushed...
>>>> Here is the result of the command :
>>>> ldbedit -e nano -H /usr/local/samba/private/sam.ldb --cross-ncs -b 
>>>> "CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com"
>>>> search failed - No such Base DN: 
>>>> CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>>>> What does it mean?
>>>> Thanks!
>>>>
>>> You did change 'DC=example,DC=com' for your rootdse, didn't you ?
>>>
>>> Rowland
>>>
>> Sorry, I did it! :)
>> Here is the result:
>>
>> # editing 3 records
>> # record 1
>> dn: CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>>
>> # record 2
>> dn: 
>> DC=..TrustAnchors,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>>
>>
>> # record 3
>> dn: 
>> DC=@,DC=..TrustAnchors,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>>
>>
>> Thanks
>> Samuel
>
> OK, you seem to have a few records missing, I have these on my test 
> domain:
>
> dn: CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=b2bd6040-6e58-48bb-b3fa-7d980f14dc24,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_kerberos._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.Default-First-Site-Name._sites.gc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=@,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.gc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=d768be2e-0072-4500-bb62-6fdabb14d995,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.Default-First-Site-Name._sites.dc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=gc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.pdc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.dc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_kerberos._tcp.dc,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
> dn: 
> DC=_ldap._tcp.82fb0000-060f-44f3-a6fb-b2a40c00d764.domains,DC=_msdcs.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=example,DC=com
>
>
> Could you check the domain level of the windows AD DC.
>
> Rowland
>
The domain functional level and the forest functional level are Windows 
server 2003.
Thanks.

Samuel

More information about the samba mailing list