[Samba] Unable to transfer ForestDns/DomainDNS

Rowland penny rpenny at samba.org
Thu Jun 23 18:19:29 UTC 2016 

On 23/06/16 18:52, Jason Waters wrote:
> lol...sorry!
>
> - The windows domain controller does run a DNS server
>
> - I joined the samba DC's to the windows DC.  I used the normal 
> command, but did get an error about the forest and domain dns. The 
> error is:
>
> descriptor_sd_propagation_recursive: 
> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
> descriptor_sd_propagation_recursive: 
> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
>
>
> Below is the full join output.....
>
>
> START OF DOMAIN JOIN
> *************************************
> root at DC01:/var/lib/samba# samba-tool domain join fisherthompson.local 
> DC -UAdministrator
> Finding a writeable DC for domain 'fisherthompson.local'
> Found DC PDC.fisherthompson.local
> Password for [FISHERTHOMPSON\Administrator]:
> workgroup is FISHERTHOMPSON
> realm is fisherthompson.local
> checking sAMAccountName
> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
> Adding 
> CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
> Adding CN=NTDS 
> Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
> Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
> Setting account password for DC01$
> Enabling account
> Calling bare provision
> Looking up IPv4 addresses
> Looking up IPv6 addresses
> No IPv6 address will be assigned
> Setting up share.ldb
> Setting up secrets.ldb
> Setting up the registry
> Setting up the privileges database
> Setting up idmap db
> Setting up SAM db
> Setting up sam.ldb partitions and settings
> Setting up sam.ldb rootDSE
> Pre-loading the Samba 4 and AD schema
> A Kerberos configuration suitable for Samba 4 has been generated at 
> /var/lib/samba/private/krb5.conf
> Provision OK for domain DN DC=fisherthompson,DC=local
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[402] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[804] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[1206] linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local] 
> objects[1376] linked_values[0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402] 
> linked_values[0]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804] 
> linked_values[0]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206] 
> linked_values[0]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608] 
> linked_values[18]
> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629] 
> linked_values[10]
> Replicating critical objects from the base DN of the domain
> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
> Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191] 
> linked_values[0]
> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33] 
> linked_values[0]
> Committing SAM database
> descriptor_sd_propagation_recursive: 
> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
> descriptor_sd_propagation_recursive: 
> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under 
> DC=fisherthompson,DC=local
> Sending DsReplicaUpdateRefs for all the replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> Joined domain FISHERTHOMPSON (SID 
> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>
> *************************************
> END OF DOMAIN JOIN
>
>

It looks like your windows DC doesn't store its DNS zones in AD, the 
code in join.py to replicate DNS info is this:


              print "Done with always replicated NC (base, config, schema)"

             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
                 if nc in ctx.nc_list:
                     print "Replicating %s" % (str(nc))
                     repl.replicate(nc, source_dsa_invocation_id,
                                     destination_dsa_guid, rodc=ctx.RODC,
                                     replica_flags=ctx.replica_flags)

Your 'join' info shows this:

Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191] 
linked_values[0]
Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33] 
linked_values[0]
Committing SAM database
descriptor_sd_propagation_recursive: 
DC=DomainDnsZones,DC=fisherthompson,DC=local not found under 
DC=fisherthompson,DC=local
descriptor_sd_propagation_recursive: 
DC=ForestDnsZones,DC=fisherthompson,DC=local not found under 
DC=fisherthompson,DC=local

I 'think' the last two lines mean nothing was replicated because there 
was nothing to replicate to or from.

You say your windows DC runs a DNS server, what sort & type ?

Rowland

More information about the samba mailing list