[Samba] bind fails to start w/missing records
Rowland Penny
rowlandpenny at googlemail.com
Sun May 10 08:48:41 MDT 2015
On 10/05/15 15:34, Steve Thompson wrote:
> On Sun, 10 May 2015, Rowland Penny wrote:
>
>> Have you really got 19 reverse zones for your samba 4 active directory ?
>
> Yep :-)
Why ? And why don't they show up when you ask for the zones with
samba-tool ?
>
>> Can you try running 'samba-tool ldapcmp ldap://<YOUR_FIRST_DC>
>> ldap://<YOUR_SECOND_DC>
>
> Interesting. DC1 and DC2 have many differences; DC1 and DC3 are the
> same. Maybe I will demote DC2 and join it again.
Just check that it isn't just non replicating attributes that are different.
>
>> Check if you actually have dns records:
>
> For DC1 (host name baxter):
>
> dn:
> DC=baxter,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20150430150532.0Z
> whenChanged: 20150430150532.0Z
> uSNCreated: 4725
> uSNChanged: 4725
> showInAdvancedViewOnly: TRUE
> name: baxter
> objectGUID: 739a5762-719a-44d2-968e-f8b12f5bc07b
> dnsRecord:: BAABAAXwAAAWAAAAAAADhAAAAAAnazcAChbICw==
> objectCategory:
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
> dc: baxter
> distinguishedName:
> DC=baxter,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
>
> For DC2 (host name bear):
>
> dn:
> DC=bear,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20150504141356.0Z
> whenChanged: 20150504141356.0Z
> uSNCreated: 4897
> uSNChanged: 4897
> showInAdvancedViewOnly: TRUE
> name: bear
> objectGUID: 93d1aaa6-8c41-4754-8b27-370870b9129d
> dnsRecord:: BAABAAXwAAA1AAAAAAADhAAAAACGazcAChbIDA==
> objectCategory:
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
> dc: bear
> distinguishedName:
> DC=bear,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
>
> and for DC3 (host name benford):
>
> dn:
> DC=benford,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> objectClass: top
> objectClass: dnsNode
> instanceType: 4
> whenCreated: 20150504150126.0Z
> whenChanged: 20150504150126.0Z
> uSNCreated: 4996
> uSNChanged: 4996
> showInAdvancedViewOnly: TRUE
> name: benford
> objectGUID: 6701ab99-d883-44da-8ebf-769a98274a2c
> dnsRecord:: BAABAAXwAABGAAAAAAADhAAAAACHazcAChbIDQ==
> objectCategory:
> CN=Dns-Node,CN=Schema,CN=Configuration,DC=europa,DC=icse,DC=cornell,DC=edu
> dc: benford
> distinguishedName:
> DC=benford,DC=europa.icse.cornell.edu,CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
>
>> To see defined zones:
>
> 2 zone(s) found
>
> pszZoneName : europa.icse.cornell.edu
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_DOMAIN_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : DomainDnsZones.europa.icse.cornell.edu
>
> pszZoneName : _msdcs.europa.icse.cornell.edu
> Flags : DNS_RPC_ZONE_DSINTEGRATED
> DNS_RPC_ZONE_UPDATE_SECURE
> ZoneType : DNS_ZONE_TYPE_PRIMARY
> Version : 50
> dwDpFlags : DNS_DP_AUTOCREATED
> DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
> pszDpFqdn : ForestDnsZones.europa.icse.cornell.edu
>
> with identical output from all three DC's.
>
>> To see dns server info:
>
> dwVersion : 0xece0205
> fBootMethod : DNS_BOOT_METHOD_DIRECTORY
> fAdminConfigured : FALSE
> fAllowUpdate : TRUE
> fDsAvailable : TRUE
> pszServerName : BAXTER.europa.icse.cornell.edu
> pszDsContainer :
> CN=MicrosoftDNS,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> aipServerAddrs : ['10.22.200.11', '127.0.0.1']
> aipListenAddrs : ['10.22.200.11', '127.0.0.1']
> aipForwarders : []
> dwLogLevel : 0
> dwDebugLevel : 0
> dwForwardTimeout : 3
> dwRpcPrototol : 0x5
> dwNameCheckFlag : DNS_ALLOW_MULTIBYTE_NAMES
> cAddressAnswerLimit : 0
> dwRecursionRetry : 3
> dwRecursionTimeout : 8
> dwMaxCacheTtl : 86400
> dwDsPollingInterval : 180
> dwScavengingInterval : 0
> dwDefaultRefreshInterval : 168
> dwDefaultNoRefreshInterval : 168
> fAutoReverseZones : FALSE
> fAutoCacheUpdate : FALSE
> fRecurseAfterForwarding : FALSE
> fForwardDelegations : TRUE
> fNoRecursion : FALSE
> fSecureResponses : FALSE
> fRoundRobin : TRUE
> fLocalNetPriority : FALSE
> fBindSecondaries : FALSE
> fWriteAuthorityNs : FALSE
> fStrictFileParsing : FALSE
> fLooseWildcarding : FALSE
> fDefaultAgingState : FALSE
> dwRpcStructureVersion : 0x2
> aipLogFilter : []
> pwszLogFilePath : None
> pszDomainName : europa.icse.cornell.edu
> pszForestName : europa.icse.cornell.edu
> pszDomainDirectoryPartition :
> DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> pszForestDirectoryPartition :
> DC=ForestDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu
> dwLocalNetPriorityNetMask : 0xff
> dwLastScavengeTime : 0
> dwEventLogLevel : 4
> dwLogFileMaxSize : 0
> dwDsForestVersion : 2
> dwDsDomainVersion : 2
> dwDsDsaVersion : 4
> fReadOnlyDC : FALSE
>
> and on DC2 and DC3 they are the same, except for host names and IP
> addresses.
>
> There were two DC's that were members of the copnfiguration for about
> two years; these two were demoted and the three that I have now were
> added recently. Maybe something went wrong with the demotion of the
> original two, but the BIND problem did not surface until yesterday
> evening; the BIND servers had been restarted multiple times before
> then (and after the demotion of the original two).
>
> -Steve
Check your FSMO roles.
Rowland
More information about the samba
mailing list