[Samba] Unable to transfer ForestDns/DomainDNS

Jason Waters jason at geeknocity.com
Thu Jun 23 18:26:32 UTC 2016


The built in DNS, sorry if that sounded like it was special!  So do I just
seize it then?  And do I do that before or after dcpromo?  Thanks for the
help.

Jason

On Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org> wrote:

> On 23/06/16 18:52, Jason Waters wrote:
>
>> lol...sorry!
>>
>> - The windows domain controller does run a DNS server
>>
>> - I joined the samba DC's to the windows DC.  I used the normal command,
>> but did get an error about the forest and domain dns. The error is:
>>
>> descriptor_sd_propagation_recursive:
>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> descriptor_sd_propagation_recursive:
>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>>
>>
>> Below is the full join output.....
>>
>>
>> START OF DOMAIN JOIN
>> *************************************
>> root at DC01:/var/lib/samba# samba-tool domain join fisherthompson.local DC
>> -UAdministrator
>> Finding a writeable DC for domain 'fisherthompson.local'
>> Found DC PDC.fisherthompson.local
>> Password for [FISHERTHOMPSON\Administrator]:
>> workgroup is FISHERTHOMPSON
>> realm is fisherthompson.local
>> checking sAMAccountName
>> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>> Adding
>> CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>> Adding CN=NTDS
>> Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>> Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>> Setting account password for DC01$
>> Enabling account
>> Calling bare provision
>> Looking up IPv4 addresses
>> Looking up IPv6 addresses
>> No IPv6 address will be assigned
>> Setting up share.ldb
>> Setting up secrets.ldb
>> Setting up the registry
>> Setting up the privileges database
>> Setting up idmap db
>> Setting up SAM db
>> Setting up sam.ldb partitions and settings
>> Setting up sam.ldb rootDSE
>> Pre-loading the Samba 4 and AD schema
>> A Kerberos configuration suitable for Samba 4 has been generated at
>> /var/lib/samba/private/krb5.conf
>> Provision OK for domain DN DC=fisherthompson,DC=local
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[402] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[804] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[1206] linked_values[0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>> objects[1376] linked_values[0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402]
>> linked_values[0]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804]
>> linked_values[0]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206]
>> linked_values[0]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608]
>> linked_values[18]
>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629]
>> linked_values[10]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
>> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
>> Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>> linked_values[0]
>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>> linked_values[0]
>> Committing SAM database
>> descriptor_sd_propagation_recursive:
>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> descriptor_sd_propagation_recursive:
>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> Sending DsReplicaUpdateRefs for all the replicated partitions
>> Setting isSynchronized and dsServiceName
>> Setting up secrets database
>> Joined domain FISHERTHOMPSON (SID
>> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>>
>> *************************************
>> END OF DOMAIN JOIN
>>
>>
>>
> It looks like your windows DC doesn't store its DNS zones in AD, the code
> in join.py to replicate DNS info is this:
>
>
>              print "Done with always replicated NC (base, config, schema)"
>
>             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
>                 if nc in ctx.nc_list:
>                     print "Replicating %s" % (str(nc))
>                     repl.replicate(nc, source_dsa_invocation_id,
>                                     destination_dsa_guid, rodc=ctx.RODC,
>                                     replica_flags=ctx.replica_flags)
>
> Your 'join' info shows this:
>
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
> linked_values[0]
> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
> linked_values[0]
> Committing SAM database
> descriptor_sd_propagation_recursive:
> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
> DC=fisherthompson,DC=local
> descriptor_sd_propagation_recursive:
> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
> DC=fisherthompson,DC=local
>
> I 'think' the last two lines mean nothing was replicated because there was
> nothing to replicate to or from.
>
> You say your windows DC runs a DNS server, what sort & type ?
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list