[Samba] Unable to transfer ForestDns/DomainDNS

Jason Waters jason at geeknocity.com
Fri Jul 8 13:45:45 UTC 2016 

I'm pretty sure the domain level raise is failing on this system.  This is
what I just tested.

Joined Samba(dc03) to windows 2003(pdc) DC.
Shut down PDC
seized all fsmo roles
did metadata cleanup
Open AD Users and Computers
I can view computers, users, etc. but it fails when trying to open Domain
Controllers.

I get this error cannot find attr[msDS-isRODC] in of schema

Now this is a VM so I restored a snapshot before I upgraded the
domain/forest level and I'm still getting that error. So I'm not sure where
to look.

I run samba-tool dbcheck --fix --cross-ncs, finds 2 errors, run it again
and fins 0.

So how to I fix my AD schema?  This just seems to fail because I'm pulling
it from 2003.  If I spin up a new samba domain with the same version
installed it just works...



On Thu, Jul 7, 2016 at 4:57 PM, Rowland penny <rpenny at samba.org> wrote:

> On 07/07/16 21:39, Jason Waters wrote:
>
> I did that, it fixed 6 errors, ran it again, 0 errors.  Still not able to
> join.
>
> On Thu, Jul 7, 2016 at 4:38 PM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 07/07/16 21:13, Jason Waters wrote:
>>
>>> So I joined with samba's internal DNS, then converted to BIND, then
>>> tested.  Seems like it was working.  I forced the 2003 machine out, cleaned
>>> up the meta data and everything seemed to be working ok.  So I raised the
>>> domain level like this
>>>
>>> samba-tool domain level raise
>>> samba-tool domain level raise --domain-level=2008_R2
>>> samba-tool domain level raise --forest-level=2008_R2
>>>
>>> everything shows as 2008_R2
>>>
>>> so now I think I'm making progress.  I spin up another linux box, get it
>>> ready to join, starts to join, then fails
>>>
>>> says LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <0000200A:
>>> objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes' on entry
>>> 'CN=DC04,OU=Domain Controllers,DC=example,DC=local' was not found in the
>>> schema
>>>
>>> so I thought well I'm going to try having a windows 2008 r2 server join
>>> as a DC, run dcpromo and it says I need to run /forestprep on the AD.  Well
>>> I can't do that now that it is on linux right?
>>>
>>>
>> It should be there, it sounds like you have an incomplete schema, you
>> could try running 'samba-tool dbcheck --fix'
>>
>> Rowland
>>
>>
>
> Try adding '--cross-ncs'
> After this, I am running out of suggestions.
>
> Rowland
>
>

More information about the samba mailing list