[Samba] Unable to transfer ForestDns/DomainDNS

Jason Waters jason at geeknocity.com
Tue Jun 28 12:21:08 UTC 2016 

I still feel like there is something I can do to get the 2003 server to
have what I need to do a fsmo transfer instead of a seize.  Doesn't that
check box say to store it inside AD?

http://i.imgur.com/UolzBwP.png
http://i.imgur.com/tHTmB5c.png


On Tue, Jun 28, 2016 at 8:09 AM, Jason Waters <jason at geeknocity.com> wrote:

> I still feel like there is something I can do to get the 2003 server to
> have what I need to do a fsmo transfer instead of a seize.  Doesn't that
> check box say to store it inside AD?
>
> Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 23/06/16 18:52, Jason Waters wrote:
>>
>>> lol...sorry!
>>>
>>> - The windows domain controller does run a DNS server
>>>
>>> - I joined the samba DC's to the windows DC.  I used the normal command,
>>> but did get an error about the forest and domain dns. The error is:
>>>
>>> descriptor_sd_propagation_recursive:
>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> descriptor_sd_propagation_recursive:
>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>>
>>>
>>> Below is the full join output.....
>>>
>>>
>>> START OF DOMAIN JOIN
>>> *************************************
>>> root at DC01:/var/lib/samba# samba-tool domain join fisherthompson.local
>>> DC -UAdministrator
>>> Finding a writeable DC for domain 'fisherthompson.local'
>>> Found DC PDC.fisherthompson.local
>>> Password for [FISHERTHOMPSON\Administrator]:
>>> workgroup is FISHERTHOMPSON
>>> realm is fisherthompson.local
>>> checking sAMAccountName
>>> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>>> Adding
>>> CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>> Adding CN=NTDS
>>> Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>> Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>>> Setting account password for DC01$
>>> Enabling account
>>> Calling bare provision
>>> Looking up IPv4 addresses
>>> Looking up IPv6 addresses
>>> No IPv6 address will be assigned
>>> Setting up share.ldb
>>> Setting up secrets.ldb
>>> Setting up the registry
>>> Setting up the privileges database
>>> Setting up idmap db
>>> Setting up SAM db
>>> Setting up sam.ldb partitions and settings
>>> Setting up sam.ldb rootDSE
>>> Pre-loading the Samba 4 and AD schema
>>> A Kerberos configuration suitable for Samba 4 has been generated at
>>> /var/lib/samba/private/krb5.conf
>>> Provision OK for domain DN DC=fisherthompson,DC=local
>>> Starting replication
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[402] linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[804] linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[1206] linked_values[0]
>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>> objects[1376] linked_values[0]
>>> Analyze and apply schema objects
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206]
>>> linked_values[0]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608]
>>> linked_values[18]
>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629]
>>> linked_values[10]
>>> Replicating critical objects from the base DN of the domain
>>> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
>>> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
>>> Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
>>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
>>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
>>> Done with always replicated NC (base, config, schema)
>>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>>> linked_values[0]
>>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>>> linked_values[0]
>>> Committing SAM database
>>> descriptor_sd_propagation_recursive:
>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> descriptor_sd_propagation_recursive:
>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>> DC=fisherthompson,DC=local
>>> Sending DsReplicaUpdateRefs for all the replicated partitions
>>> Setting isSynchronized and dsServiceName
>>> Setting up secrets database
>>> Joined domain FISHERTHOMPSON (SID
>>> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>>>
>>> *************************************
>>> END OF DOMAIN JOIN
>>>
>>>
>>>
>> It looks like your windows DC doesn't store its DNS zones in AD, the code
>> in join.py to replicate DNS info is this:
>>
>>
>>              print "Done with always replicated NC (base, config, schema)"
>>
>>             for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
>>                 if nc in ctx.nc_list:
>>                     print "Replicating %s" % (str(nc))
>>                     repl.replicate(nc, source_dsa_invocation_id,
>>                                     destination_dsa_guid, rodc=ctx.RODC,
>>                                     replica_flags=ctx.replica_flags)
>>
>> Your 'join' info shows this:
>>
>> Done with always replicated NC (base, config, schema)
>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>> linked_values[0]
>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>> linked_values[0]
>> Committing SAM database
>> descriptor_sd_propagation_recursive:
>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>> descriptor_sd_propagation_recursive:
>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>> DC=fisherthompson,DC=local
>>
>> I 'think' the last two lines mean nothing was replicated because there
>> was nothing to replicate to or from.
>>
>> You say your windows DC runs a DNS server, what sort & type ?
>>
>>
>> Rowland
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>
>

More information about the samba mailing list