[Samba] joining second DC to domain and non creation of DC DNS records

Rowland Penny rowlandpenny241155 at gmail.com
Fri Oct 23 12:42:46 UTC 2015 

On 23/10/15 13:12, L.P.H. van Belle wrote:
>> You are missing the point as well, I joined the second DC and the New
>> DCs A record was *not* created. I tried to follow the instructions on
>> the Samba wiki but had problems and missed the fix on the webpage.
>>
>> I then removed the /usr/local/samba directory and re-ran 'make install'
>> and then joined the DC again, exactly as I did the first time and
>> everything worked as it should, all the CNAME records were created and I
>> didn't need to change anything other than what I would normally do i.e.
>> /etc/resolv.conf
>>
>> So, until the bug is fixed, I 'think' the cure is, add the new DCs A
>> record to AD before doing the join.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> [L.P.H. van Belle]
>
> This is an old bug, which is handled by my scripts for some time now ;-)
>
>
> If you take this code and run it after install its fixed.
> ################################
> #!/bin/bash
> SETDNSDOMAIN=`hostname -d`
> SETHOSTNAME=`hostname -s`
> BIND9_IP_ADDC=`hostname -i`
> SAMBA_NT_ADMIN="Administrator"
> SAMBA_NT_ADMIN_PASS="PUT_YOUR_ADMINISTRATOR_PASSWORD_HERE"
>
>
> ## the if the needed dns entries for kerberos are there.
> if [ -z "`host -t SRV _ldap._tcp.${SETDNSDOMAIN}. | grep 'not found'`" ]; then
>       echo "testing of : host -t SRV _ldap._tcp.${SETDNSDOMAIN}. : ok"
>       TEST1=0
> else
>       echo "testing of : host -t SRV _ldap._tcp.${SETDNSDOMAIN}. : FAILED"
>       TEST1=1
> fi
> if [ -z "`host -t SRV _kerberos._udp.${SETDNSDOMAIN}. | grep "not found" `" ]; then
>      echo "testing of : host -t SRV _kerberos._udp.${SETDNSDOMAIN}. : ok";
>      TEST2=0;
> else
>      echo "testing of : host -t SRV _kerberos._udp.${SETDNSDOMAIN}. : FAILED";
>      TEST2=1;
> fi
> if [ -z "`host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}. | grep "not found" `" ]; then
>      echo "testing of : host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}. : ok";
>      TEST3=0;
> else
>      echo "testing of : host -t A ${SETHOSTNAME}.${SETDNSDOMAIN}. : FAILED";
>      echo "trying to fix it now: ";
>      echo ${SAMBA_NT_ADMIN_PASS}| samba-tool dns add ${SETHOSTNAME}.${SETDNSDOMAIN} ${SETDNSDOMAIN} ${SETHOSTNAME} A ${BIND9_IP_ADDC} -U${SAMBA_NT_ADMIN};
> fi
>
> ######### Add reverse DNS zone to samba ( a must ! )
>
> REVERSEZONE=`echo $BIND9_IP_ADDC | awk 'BEGIN { FS = "." } ; { print $3"."$2"."$1}'`
> SINGLEDC1IPNUMBER=`echo $BIND9_IP_ADDC | rev | cut -d"." -f1 | rev`
> echo "creating reverse zone: ${REVERSEZONE}.in-addr.arpa "
> echo ${SAMBA_NT_ADMIN_PASS}| samba-tool dns zonecreate ${SETHOSTNAME}.${SETDNSDOMAIN} ${REVERSEZONE}.in-addr.arpa -U${SAMBA_NT_ADMIN}
> sleep 2
> echo "adding : ${SETHOSTNAME}.${SETDNSDOMAIN}  in reverse zone ( creating PTR ) "
> echo -n "PTR of ${SETHOSTNAME}.${SETDNSDOMAIN} : "
> echo ${SAMBA_NT_ADMIN_PASS}| samba-tool dns add ${SETHOSTNAME}.${SETDNSDOMAIN} ${REVERSEZONE}.in-addr.arpa ${SINGLEDC1IPNUMBER} PTR ${SETHOSTNAME}.${SETDNSDOMAIN} -U${SAMBA_NT_ADMIN}
> ################################
>
>
>

Hi Louis, the first thing I knew of my problem was when I tried to test 
for 'host -t SRV _ldap._tcp.samdom.example.com.'
It didn't exist, so I tested for the hostname 'host -t A 
dc2.samdom.example.com.' and this didn't exist, this where I went 
looking for help from the wiki.

Tried what it suggested until I couldn't get Samba to re-create 
'dns-dc2', *totally missed the wiki cure*. Removed /usr/local/samba and 
re-ran 'make install' and started again, thinking I had messed up somehow.

So from the old install, all that was left was the DNS A record for 
'dc2.samdom.example.com' in AD on dc1, I then re-ran the join, it 
deleted and recreated some records and when I tested the DNS records 
again they worked, something that didn't before the join.

I know it worked with 4.1.9 because this was the version I used when I 
last setup my test domain. So it would seem that somewhere between 4.1.9 
and 4.3.1, something changed, but I don't know what.

Rowland

More information about the samba mailing list