[Samba] second DC behavior when first switched off

Rowland Penny rowlandpenny at googlemail.com
Thu May 21 09:32:27 MDT 2015 

On 21/05/15 16:00, Sam wrote:
> I think The problem is here, when the 2 DC are on line, and debug 
> level is 3, I can see a lot of messages like :
>
> May 21 16:52:29 S4 named[2289]: samba_dlz: starting transaction on 
> zone ariane.intra
> May 21 16:52:29 S4 named[2289]: client 172.20.2.33#1226: update 
> 'ariane.intra/IN' denied
> May 21 16:52:29 S4 named[2289]: samba_dlz: cancelling transaction on 
> zone ariane.intra
>
> I try to set transactions for DNS to "non secure and secure" to 
> "secure only" on the W2003 server, without any effects...
> And it can't be changed for Samba4 ( "secure only" by default )
> 172.20.2.33 is my W2003 server...
>
> Sam

Do you have a dhcp server ?
Also, why is your w2003 server trying to update named ?
'secure only' means that you need a secure connection to update named, 
you can set 'allow dns updates = nonsecure' in smb.conf on the samba AD DC

Rowland
>
>
> Le 21/05/2015 11:50, Sam a écrit :
>> Hello all,
>>
>> I'm always trying to migrate from W2000 server to Samba 4.
>>
>> For doing this, I tried this :
>> - install a W2003 server with AD and DNS services, join it to W2000, 
>> transfer roles and after demote the old W2000 -> done
>> - install a Sernet Samba4 with Bind9, join W2003, transfer all 7 
>> roles -> done ( thanks to Rowland )
>>
>> the sync process is working well in two way, I can manage DNS and AD 
>> with rsat tool even directly connected on the Samba4 server
>>
>> But the samba4 server does not have a good behavior when I switch off 
>> the W2003 server...
>>
>> For example in this case ( W2003 switched off ), if I try to use RSAT 
>> AD user and group connected to Samba and go to the directory "Domain 
>> Controllers" I see an error message "domain controllers data not 
>> available..."
>> and in the samba4 syslog :
>>
>> May 21 11:09:09 S4 samba[2455]: [2015/05/21 11:09:09.682170,  0] 
>> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>> May 21 11:09:09 S4 samba[2455]:   ldb: acl_read: CN=W2003,OU=Domain 
>> Controllers,DC=ariane,DC=intra cannot find attr[msDS-isRODC] in of 
>> schema
>> May 21 11:09:09 S4 samba[2455]:
>>
>> It seems that it missing a Samba4 entry? For asking Samba4 too?
>>
>> Another question... How to be sure that the sync process between 2 AD 
>> is fully terminated and that the servers are ready for a demote process?
>>
>> Thanks a lot!
>>
>> Sam
>>
>>
>

More information about the samba mailing list