[Samba] DNS Issues when joining a Domain as a DC [SOLVED]

Thomas Kempf listen at hueper.de
Thu Oct 16 07:40:08 MDT 2014 

Hi,
sorry for the noise, but i have one more question on this topic. The 
initial problem is solved and the dns-information resolves the same 
names in both dns-servers but samba-tool shows me an Error when doing
ldapcmp on dnsdomain and dnsforest.

root at dns1:~# samba-tool ldapcmp ldap://dns1.ad.hueper.de 
ldap://dns2.ad.hueper.de dnsdomain

* Comparing [DNSDOMAIN] context...

* Objects to be compared: 73

Comparing:
'DC=DomainDnsZones,DC=ad,DC=hueper,DC=de' [ldap://dns1.ad.hueper.de]
'DC=DomainDnsZones,DC=ad,DC=hueper,DC=de' [ldap://dns2.ad.hueper.de]
     Attributes found only in ldap://dns2.ad.hueper.de:
         msDS-NcType
     FAILED

* Result for [DNSDOMAIN]: FAILURE

SUMMARY
---------

Attributes found only in ldap://dns2.ad.hueper.de:

     msDS-NcType
ERROR: Compare failed: -1




And when comparing dnsforest

root at dns1:~# samba-tool ldapcmp ldap://dns1.ad.hueper.de 
ldap://dns2.ad.hueper.de dnsforest

* Comparing [DNSFOREST] context...

* Objects to be compared: 20

Comparing:
'DC=ForestDnsZones,DC=ad,DC=hueper,DC=de' [ldap://dns1.ad.hueper.de]
'DC=ForestDnsZones,DC=ad,DC=hueper,DC=de' [ldap://dns2.ad.hueper.de]
     Attributes found only in ldap://dns2.ad.hueper.de:
         msDS-NcType
     FAILED

* Result for [DNSFOREST]: FAILURE

SUMMARY
---------

Attributes found only in ldap://dns2.ad.hueper.de:

     msDS-NcType
ERROR: Compare failed: -1
root at dns1:~#



Are the missing Attributes something which is intended on a secondary DC ?

Kind Regards
Tom












Am 16.10.2014 um 13:58 schrieb Thomas Kempf:
> O.k. The problem is solved. I read through Louis scripts and found this
>
>  ># Fixes for sernet samba missing rights
>  >if [ -d /var/lib/samba/private ]; then
>  >echo "enable-ing access for bind in private"
>  >chmod 755 /var/lib/samba/private
>  >chown root:bind /var/lib/samba/private/dns.keytab
>  >fi
>
> I checked the rights on the keytab and found the dns.keytab like this
>
> -rw------- 1 root root          742 Okt 15 17:45 dns.keytab
>
> changed it to this
>
> -rw-r----- 1 root bind          742 Okt 15 17:45 dns.keytab
>
> restarted bind and samba and here we go
>
> root at dns1:~# host -t A dns1.ad.hueper.de 192.168.0.1
> Using domain server:
> Name: 192.168.0.1
> Address: 192.168.0.1#53
> Aliases:
>
> dns1.ad.hueper.de has address 192.168.0.1
>
> Thank you all for your help guys!
>
> Kind regards
> Tom
>
>
>
> Am 16.10.2014 um 13:26 schrieb L.P.H. van Belle:
>> the debian version os samba in backports 4.1.11
>> does not create the DC Hostname  not correcly  in the DNS.
>> the first DC is ok, but every other join is missing important dns
>> settings.
>>
>> I advice to use sernet samba version 4.1.12 which works perfect for
>> the DC Servers.
>> A member server can be samba backports.
>>
>> i have tested this a week ago.
>>
>> you may want to try my scripts or have a look in the scripts what is
>> done there.
>>
>> https://secure.bazuin.nl/scripts/
>>
>> Greetz,
>>
>> Louis
>>
>>
>>> -----Oorspronkelijk bericht-----
>>> Van: listen at hueper.de [mailto:samba-bounces at lists.samba.org]
>>> Namens Thomas Kempf
>>> Verzonden: donderdag 16 oktober 2014 11:35
>>> Aan: samba at lists.samba.org
>>> Onderwerp: [Samba] DNS Issues when joining a Domain as a DC
>>>
>>> Hi,
>>> yesterday i tried to join a domain as a DC with bind9 as
>>> dns-backend on
>>> Debian Wheezy with samba 4.1.11 from backports. I followed the
>>> tutorial
>>> in the wiki https://wiki.samba.org/index.php/Join_a_domain_as_a_DC but
>>> didn' find the instruction completely clear, so perhaps i made
>>> a mistake
>>> during the join.
>>> It is written there:
>>> "If you choose BIND as DNS backend, instead of the internal DNS, then
>>> you, of course, have to finish this before you continue"
>>> I could not figure out how to finish configuring bind as a
>>> backend, when
>>> the keytab file and the other bind-related files get created after
>>> joining the domain.
>>> So i ran the join command first, and with the files created in this
>>> step, i was able to get the DC up and running...
>>> I had to manually create the A and CNAME records on the old DC like it
>>> is written in the wiki in the part "Check required DNS entries of the
>>> new host". my guess was, that those entries should be replicated later
>>> on to the new DC seems not to work.
>>> When i check the name resolving of the A record on the newly joined DC
>>> it does not resolve whereas on the old one it works fine.
>>>
>>> AD-Domain is ad.hueper.de
>>> old DC is dns2.ad.hueper.de
>>> new DC is dns1.ad.hueper.de
>>>
>>> dns1:~# host -t A dns1.ad.hueper.de dns2.ad.hueper.de
>>> Using domain server:
>>> Name: dns2.ad.hueper.de
>>> Address: 192.168.0.2#53
>>> Aliases:
>>>
>>> dns1.ad.hueper.de has address 192.168.0.1
>>>
>>> dns1:~# host -t A dns1.ad.hueper.de dns1.ad.hueper.de
>>> Using domain server:
>>> Name: dns1.ad.hueper.de
>>> Address: 192.168.0.1#53
>>> Aliases:
>>>
>>> Host dns1.ad.hueper.de not found: 3(NXDOMAIN)
>>>
>>> When i look at the servers using RSAT DNS-Manager i can see
>>> the A-Record
>>> on both DNS-Servers, so i wonder why doesn't it resolve on the new DC ?
>>> Is it save to delete the A and CNAME Records and recreate them
>>> using RSAT ?
>>>
>>> kind regards
>>> Tom
>>>
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>>
>>
>

More information about the samba mailing list