[Samba] Unable to transfer ForestDns/DomainDNS

Jason Waters jason at geeknocity.com
Thu Jul 7 20:13:59 UTC 2016 

So I joined with samba's internal DNS, then converted to BIND, then
tested.  Seems like it was working.  I forced the 2003 machine out, cleaned
up the meta data and everything seemed to be working ok.  So I raised the
domain level like this

samba-tool domain level raise
samba-tool domain level raise --domain-level=2008_R2
samba-tool domain level raise --forest-level=2008_R2

everything shows as 2008_R2

so now I think I'm making progress.  I spin up another linux box, get it
ready to join, starts to join, then fails

says LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <0000200A: objectclass_attrs:
attribute 'msDS-SupportedEncryptionTypes' on entry 'CN=DC04,OU=Domain
Controllers,DC=example,DC=local' was not found in the schema

so I thought well I'm going to try having a windows 2008 r2 server join as
a DC, run dcpromo and it says I need to run /forestprep on the AD.  Well I
can't do that now that it is on linux right?

On Thu, Jul 7, 2016 at 12:29 PM, Rowland penny <rpenny at samba.org> wrote:

> On 07/07/16 17:14, Jason Waters wrote:
>
> I'm going to keep going and see if I can get samba joined and then
> migrated over.  Maybe I'm still focusing on the wrong thing! Ugh....
>
> On Thu, Jul 7, 2016 at 12:12 PM, Jason Waters <jason at geeknocity.com>
> wrote:
>
>> So I wanted to test if something was broke in my DC so I setup a "new"
>> 2003 DC with a different domain, example.com.  I do the ldbsearch
>> against that and I get the same error instead of it listing the dns
>> entries....So maybe it is a 2003 thing?
>>
>> On Thu, Jul 7, 2016 at 11:55 AM, Rowland penny < <rpenny at samba.org>
>> rpenny at samba.org> wrote:
>>
>>> On 07/07/16 16:19, Jason Waters wrote:
>>>
>>> search error - LDAP error 10 LDAP_REFERRAL -  <0000202B: RefErr:
>>> DSID-0310063C, data 0, 1 access points
>>>         ref 1: 'DomainDnsZones.fisherthompson.local'
>>> >
>>> <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local>
>>>
>>>
>>> If you look here: <https://www.ldap.com/ldap-result-code-reference>
>>> https://www.ldap.com/ldap-result-code-reference
>>>
>>> You will find this:
>>>
>>> 10: Referral
>>>
>>> This indicates that the server could not process the requested
>>> operation, but that it may succeed if attempted in another location, as
>>> specified by the referral URIs included in the response.
>>>
>>> Never having seen this before, all I can suggest is trying what it is
>>> telling you to do, only problem is, I don't really recognise the ldap URL
>>>
>>> Rowland
>>>
>>>
>>>
>>> On Thu, Jul 7, 2016 at 11:04 AM, Rowland penny < <rpenny at samba.org>
>>> rpenny at samba.org> wrote:
>>>
>>>> On 07/07/16 13:56, Jason Waters wrote:
>>>>
>>>>> So I continue to struggle getting this moved away from windows 2003 to
>>>>> samba.  I've been working in VM's to test before doing it on
>>>>> production.  I
>>>>> think something is just wrong/broken with my windows 2003 AD.  These
>>>>> are a
>>>>> couple of the things I have tried.
>>>>>
>>>>> - Going from Windows 2003 to Windows 2008 to Samba
>>>>> - Seizing the roles and then joining another samba domain controller.
>>>>> But
>>>>> I'm unable to move the DomainDnsZones and ForestDnsZones fsmo's to the
>>>>> new
>>>>> samba box.  Like it is coping bad data.
>>>>> - Setup a new domain with samba, joined Windows 2008 and migrated
>>>>> everything around fine!  Another reason why I think something is wrong
>>>>> in
>>>>> my data.
>>>>>
>>>>>
>>>>> So the last thing I've been trying to figure out is why the command
>>>>> ldbsearch --cross-ncs -H ldap://pdc -b
>>>>> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator
>>>>>
>>>>> returns a referral instead of the records.  On my purely stock samba
>>>>> domain
>>>>> it works fine, so something about the windows 2003 ad?
>>>>>
>>>>
>>>> I think it must be, on my DC it dumps all the domain DNS records. What
>>>> does it actually return ?
>>>>
>>>> Rowland
>>>>
>>>>
>>>>> But if I open ASDIEDIT and connect to
>>>>> DC=DomainDnsZones,DC=fisherthompson,DC=local on the windows 2003 DC I
>>>>> see
>>>>> everything like I should.....
>>>>>
>>>>>
>>>>> It seems like samba and ldbtools isn't following the referrals.  Or
>>>>> they
>>>>> shouldn't be referrals?  Or something else that I have no idea about!
>>>>>
>>>>> Any other suggestions?  Thanks!
>>>>>
>>>>> Jason
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  <https://lists.samba.org/mailman/options/samba>
>>>> https://lists.samba.org/mailman/options/samba
>>>>
>>>
>>>
>>>
>>
>
> Try reading this: https://support.microsoft.com/en-us/kb/304489
>
> I have also had another thought, join the samba4 DC using the internal DNS
> server, then use samba_upgradedns to upgrade to Bind9, this should create
> the dns partitions etc. Not really sure if this will work, I have never had
> this problem, but it worth trying in a test environment.
>
> Rowland
>
>

More information about the samba mailing list