[Samba] Bind9 Flat to Bind9 DLZ
VIKAS
c.vikas at altechtechnologies.com
Wed Mar 25 10:50:04 MDT 2015
Hi Team,
Samba Version = 4.2
Bind = 9.10 with dlz
Not able to to view replication.(samba-tool drs showrepl)
[root at dc2]# samba-tool drs showrepl (want to highlight the name which is
using to connect)
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
*dc2.ik.lan.mum* failed - drsException: DRS connection to dc2.ik.lan.mum
failed: (-1073741772, 'The object name is not found.')
File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py",
line 39, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
line 54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
While provision I used Bind9_FLAT on DC and everything working fine.
Created Additional Domain Server and joined but gave error.
[root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator
--realm=ik.lan.mum --dns-backend=*BIND9_FLAT *
Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN]
[options]
samba-tool domain join: error: option --dns-backend: invalid choice:
'BIND9_FLAT' (choose from 'SAMBA_INTERNAL', 'BIND9_DLZ', 'NONE')
[root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator
--realm=ik.lan.mum --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ik.lan.mum'
Found DC dc1.ik.lan.mum
Password for [WORKGROUP\administrator]:
NO DNS zone information found in source domain, not replicating DNS
workgroup is IK.LAN
realm is ik.lan.mum
checking sAMAccountName
Adding CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Setting account password for DC2$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=ik,DC=lan,DC=mum
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1206/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1608/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1612/1612]
linked_values[20/0]
Replicating critical objects from the base DN of the domain
Partition[DC=ik,DC=lan,DC=mum] objects[98/98] linked_values[23/0]
Partition[DC=ik,DC=lan,DC=mum] objects[376/278] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain IK.LAN (SID S-1-5-21-3947581883-4033758009-2802199242) as a
DC
[root at dc2]# echo $?
0
[root at dc1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ -d 2
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
DNS accounts already exist
No zone file /usr/local/samba/private/dns/IK.LAN.MUM.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc1 account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
*After that upgraded the dns on DC1*
[root at dc1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ -d 2
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
DNS accounts already exist
No zone file /usr/local/samba/private/dns/IK.LAN.MUM.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc1 account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
*Then I tried to join the domain again using BIND9_DLZ (got success)*
[root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator
--realm=ik.lan.mum --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ik.lan.mum'
Found DC dc1.ik.lan.mum
Password for [IK.LAN\administrator]:
workgroup is IK.LAN
realm is ik.lan.mum
checking sAMAccountName
Deleted CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Deleted CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Deleted
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Setting account password for DC2$
Enabling account
Adding DNS account CN=dns-DC2,CN=Users,DC=ik,DC=lan,DC=mum with dns/ SPN
Setting account password for dns-DC2
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=ik,DC=lan,DC=mum
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1206/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1608/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1620/1620]
linked_values[28/0]
Replicating critical objects from the base DN of the domain
Partition[DC=ik,DC=lan,DC=mum] objects[98/98] linked_values[23/0]
Partition[DC=ik,DC=lan,DC=mum] objects[379/281] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=ik,DC=lan,DC=mum
Partition[DC=DomainDnsZones,DC=ik,DC=lan,DC=mum] objects[40/40]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=ik,DC=lan,DC=mum
Partition[DC=ForestDnsZones,DC=ik,DC=lan,DC=mum] objects[18/18]
linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Joined domain IK.LAN (SID S-1-5-21-3947581883-4033758009-2802199242) as a
DC
*I have strictly followed Samba wiki for joining additional domain *
*Right now everything seems to be working like I can authenticate the user
by putting DC down, creating / modifying user is replicated immediately.*
Thanks,
Vikas
More information about the samba
mailing list