[Samba] bind fails to start w/missing records
Steve Thompson
smt at vgersoft.com
Sun May 10 08:34:58 MDT 2015
On Sun, 10 May 2015, Rowland Penny wrote:
> Have you really got 19 reverse zones for your samba 4 active directory ?
Yep :-)
> Can you try running 'samba-tool ldapcmp ldap://<YOUR_FIRST_DC> ldap://<YOUR_SECOND_DC>
Interesting. DC1 and DC2 have many differences; DC1 and DC3 are the same.
Maybe I will demote DC2 and join it again.
> Check if you actually have dns records:
For DC1 (host name baxter):
dn: DC=baxter,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20150430150532.0Z
whenChanged: 20150430150532.0Z
uSNCreated: 4725
uSNChanged: 4725
showInAdvancedViewOnly: TRUE
name: baxter
objectGUID: 739a5762-719a-44d2-968e-f8b12f5bc07b
dnsRecord:: BAABAAXwAAAWAAAAAAADhAAAAAAnazcAChbICw==
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
dc: baxter
distinguishedName: DC=baxter,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
For DC2 (host name bear):
dn: DC=bear,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20150504141356.0Z
whenChanged: 20150504141356.0Z
uSNCreated: 4897
uSNChanged: 4897
showInAdvancedViewOnly: TRUE
name: bear
objectGUID: 93d1aaa6-8c41-4754-8b27-370870b9129d
dnsRecord:: BAABAAXwAAA1AAAAAAADhAAAAACGazcAChbIDA==
objectCategory:
CN=Dns-Node,CN=Schema,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
dc: bear
distinguishedName: DC=bear,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
and for DC3 (host name benford):
dn: DC=benford,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20150504150126.0Z
whenChanged: 20150504150126.0Z
uSNCreated: 4996
uSNChanged: 4996
showInAdvancedViewOnly: TRUE
name: benford
objectGUID: 6701ab99-d883-44da-8ebf-769a98274a2c
dnsRecord:: BAABAAXwAABGAAAAAAADhAAAAACHazcAChbIDQ==
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
dc: benford
distinguishedName: DC=benford,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> To see defined zones:
2 zone(s) found
pszZoneName : europa.icse.cornell.edu
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : DomainDnsZones.europa.icse.cornell.edu
pszZoneName : _msdcs.europa.icse.cornell.edu
Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
ZoneType : DNS_ZONE_TYPE_PRIMARY
Version : 50
dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
pszDpFqdn : ForestDnsZones.europa.icse.cornell.edu
with identical output from all three DC's.
> To see dns server info:
dwVersion : 0xece0205
fBootMethod : DNS_BOOT_METHOD_DIRECTORY
fAdminConfigured : FALSE
fAllowUpdate : TRUE
fDsAvailable : TRUE
pszServerName : BAXTER.europa.icse.cornell.edu
pszDsContainer : CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
aipServerAddrs : ['10.22.200.11', '127.0.0.1']
aipListenAddrs : ['10.22.200.11', '127.0.0.1']
aipForwarders : []
dwLogLevel : 0
dwDebugLevel : 0
dwForwardTimeout : 3
dwRpcPrototol : 0x5
dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
cAddressAnswerLimit : 0
dwRecursionRetry : 3
dwRecursionTimeout : 8
dwMaxCacheTtl : 86400
dwDsPollingInterval : 180
dwScavengingInterval : 0
dwDefaultRefreshInterval : 168
dwDefaultNoRefreshInterval : 168
fAutoReverseZones : FALSE
fAutoCacheUpdate : FALSE
fRecurseAfterForwarding : FALSE
fForwardDelegations : TRUE
fNoRecursion : FALSE
fSecureResponses : FALSE
fRoundRobin : TRUE
fLocalNetPriority : FALSE
fBindSecondaries : FALSE
fWriteAuthorityNs : FALSE
fStrictFileParsing : FALSE
fLooseWildcarding : FALSE
fDefaultAgingState : FALSE
dwRpcStructureVersion : 0x2
aipLogFilter : []
pwszLogFilePath : None
pszDomainName : europa.icse.cornell.edu
pszForestName : europa.icse.cornell.edu
pszDomainDirectoryPartition : DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
pszForestDirectoryPartition : DC=ForestDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
dwLocalNetPriorityNetMask : 0xff
dwLastScavengeTime : 0
dwEventLogLevel : 4
dwLogFileMaxSize : 0
dwDsForestVersion : 2
dwDsDomainVersion : 2
dwDsDsaVersion : 4
fReadOnlyDC : FALSE
and on DC2 and DC3 they are the same, except for host names and IP
addresses.
There were two DC's that were members of the copnfiguration for about two
years; these two were demoted and the three that I have now were added
recently. Maybe something went wrong with the demotion of the original
two, but the BIND problem did not surface until yesterday evening; the
BIND servers had been restarted multiple times before then (and after the
demotion of the original two).
-Steve
--
----------------------------------------------------------------------------
Steve Thompson E-mail: smt AT vgersoft DOT com
Voyager Software LLC Web: http://www DOT vgersoft DOT com
39 Smugglers Path VSW Support: support AT vgersoft DOT com
Ithaca, NY 14850
"186,282 miles per second: it's not just a good idea, it's the law"
----------------------------------------------------------------------------
More information about the samba
mailing list