[Samba] Unable to transfer ForestDns/DomainDNS
Jason Waters
jason at geeknocity.com
Fri Jul 8 15:24:02 UTC 2016
I bumped the logging up.
samba-tool domain level raise --domain-level=2008_R2
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
The updates_allowed[no] concerns me?
On Fri, Jul 8, 2016 at 9:45 AM, Jason Waters <jason at geeknocity.com> wrote:
> I'm pretty sure the domain level raise is failing on this system. This is
> what I just tested.
>
> Joined Samba(dc03) to windows 2003(pdc) DC.
> Shut down PDC
> seized all fsmo roles
> did metadata cleanup
> Open AD Users and Computers
> I can view computers, users, etc. but it fails when trying to open Domain
> Controllers.
>
> I get this error cannot find attr[msDS-isRODC] in of schema
>
> Now this is a VM so I restored a snapshot before I upgraded the
> domain/forest level and I'm still getting that error. So I'm not sure where
> to look.
>
> I run samba-tool dbcheck --fix --cross-ncs, finds 2 errors, run it again
> and fins 0.
>
> So how to I fix my AD schema? This just seems to fail because I'm pulling
> it from 2003. If I spin up a new samba domain with the same version
> installed it just works...
>
>
>
> On Thu, Jul 7, 2016 at 4:57 PM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 07/07/16 21:39, Jason Waters wrote:
>>
>> I did that, it fixed 6 errors, ran it again, 0 errors. Still not able to
>> join.
>>
>> On Thu, Jul 7, 2016 at 4:38 PM, Rowland penny <rpenny at samba.org> wrote:
>>
>>> On 07/07/16 21:13, Jason Waters wrote:
>>>
>>>> So I joined with samba's internal DNS, then converted to BIND, then
>>>> tested. Seems like it was working. I forced the 2003 machine out, cleaned
>>>> up the meta data and everything seemed to be working ok. So I raised the
>>>> domain level like this
>>>>
>>>> samba-tool domain level raise
>>>> samba-tool domain level raise --domain-level=2008_R2
>>>> samba-tool domain level raise --forest-level=2008_R2
>>>>
>>>> everything shows as 2008_R2
>>>>
>>>> so now I think I'm making progress. I spin up another linux box, get
>>>> it ready to join, starts to join, then fails
>>>>
>>>> says LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <0000200A:
>>>> objectclass_attrs: attribute 'msDS-SupportedEncryptionTypes' on entry
>>>> 'CN=DC04,OU=Domain Controllers,DC=example,DC=local' was not found in the
>>>> schema
>>>>
>>>> so I thought well I'm going to try having a windows 2008 r2 server join
>>>> as a DC, run dcpromo and it says I need to run /forestprep on the AD. Well
>>>> I can't do that now that it is on linux right?
>>>>
>>>>
>>> It should be there, it sounds like you have an incomplete schema, you
>>> could try running 'samba-tool dbcheck --fix'
>>>
>>> Rowland
>>>
>>>
>>
>> Try adding '--cross-ncs'
>> After this, I am running out of suggestions.
>>
>> Rowland
>>
>>
>
More information about the samba
mailing list