[Samba] Unable to transfer ForestDns/DomainDNS

lingpanda101 at gmail.com lingpanda101 at gmail.com
Wed Jun 29 15:31:28 UTC 2016 

On 6/29/2016 11:23 AM, Jason Waters wrote:
> So I setup a testing environment so I can test/break things.  I think my
> issue is that something is screwed up with the Partitions on the windows
> 2003 server.  The forest and domain partitions look odd, are they?
>
>   Mine looks kind of like this...
>
> http://1ask2.com/Wndows2012/Upgrade/migration09.jpg
>
> On Tue, Jun 28, 2016 at 8:21 AM, Jason Waters <jason at geeknocity.com> wrote:
>
>> I still feel like there is something I can do to get the 2003 server to
>> have what I need to do a fsmo transfer instead of a seize.  Doesn't that
>> check box say to store it inside AD?
>>
>> http://i.imgur.com/UolzBwP.png
>> http://i.imgur.com/tHTmB5c.png
>>
>>
>> On Tue, Jun 28, 2016 at 8:09 AM, Jason Waters <jason at geeknocity.com>
>> wrote:
>>
>>> I still feel like there is something I can do to get the 2003 server to
>>> have what I need to do a fsmo transfer instead of a seize.  Doesn't that
>>> check box say to store it inside AD?
>>>
>>> Thu, Jun 23, 2016 at 2:19 PM, Rowland penny <rpenny at samba.org> wrote:
>>>
>>>> On 23/06/16 18:52, Jason Waters wrote:
>>>>
>>>>> lol...sorry!
>>>>>
>>>>> - The windows domain controller does run a DNS server
>>>>>
>>>>> - I joined the samba DC's to the windows DC.  I used the normal
>>>>> command, but did get an error about the forest and domain dns. The error is:
>>>>>
>>>>> descriptor_sd_propagation_recursive:
>>>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>>>> DC=fisherthompson,DC=local
>>>>> descriptor_sd_propagation_recursive:
>>>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>>>> DC=fisherthompson,DC=local
>>>>>
>>>>>
>>>>> Below is the full join output.....
>>>>>
>>>>>
>>>>> START OF DOMAIN JOIN
>>>>> *************************************
>>>>> root at DC01:/var/lib/samba# samba-tool domain join fisherthompson.local
>>>>> DC -UAdministrator
>>>>> Finding a writeable DC for domain 'fisherthompson.local'
>>>>> Found DC PDC.fisherthompson.local
>>>>> Password for [FISHERTHOMPSON\Administrator]:
>>>>> workgroup is FISHERTHOMPSON
>>>>> realm is fisherthompson.local
>>>>> checking sAMAccountName
>>>>> Adding CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>>>>> Adding
>>>>> CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>>>> Adding CN=NTDS
>>>>> Settings,CN=DC01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=fisherthompson,DC=local
>>>>> Adding SPNs to CN=DC01,OU=Domain Controllers,DC=fisherthompson,DC=local
>>>>> Setting account password for DC01$
>>>>> Enabling account
>>>>> Calling bare provision
>>>>> Looking up IPv4 addresses
>>>>> Looking up IPv6 addresses
>>>>> No IPv6 address will be assigned
>>>>> Setting up share.ldb
>>>>> Setting up secrets.ldb
>>>>> Setting up the registry
>>>>> Setting up the privileges database
>>>>> Setting up idmap db
>>>>> Setting up SAM db
>>>>> Setting up sam.ldb partitions and settings
>>>>> Setting up sam.ldb rootDSE
>>>>> Pre-loading the Samba 4 and AD schema
>>>>> A Kerberos configuration suitable for Samba 4 has been generated at
>>>>> /var/lib/samba/private/krb5.conf
>>>>> Provision OK for domain DN DC=fisherthompson,DC=local
>>>>> Starting replication
>>>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>>> objects[402] linked_values[0]
>>>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>>> objects[804] linked_values[0]
>>>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>>> objects[1206] linked_values[0]
>>>>> Schema-DN[CN=Schema,CN=Configuration,DC=fisherthompson,DC=local]
>>>>> objects[1376] linked_values[0]
>>>>> Analyze and apply schema objects
>>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[402]
>>>>> linked_values[0]
>>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[804]
>>>>> linked_values[0]
>>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1206]
>>>>> linked_values[0]
>>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1608]
>>>>> linked_values[18]
>>>>> Partition[CN=Configuration,DC=fisherthompson,DC=local] objects[1629]
>>>>> linked_values[10]
>>>>> Replicating critical objects from the base DN of the domain
>>>>> Partition[DC=fisherthompson,DC=local] objects[93] linked_values[7]
>>>>> Partition[DC=fisherthompson,DC=local] objects[387] linked_values[0]
>>>>> Partition[DC=fisherthompson,DC=local] objects[569] linked_values[175]
>>>>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[36]
>>>>> Partition[DC=fisherthompson,DC=local] objects[741] linked_values[0]
>>>>> Done with always replicated NC (base, config, schema)
>>>>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>>>>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>>>>> linked_values[0]
>>>>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>>>>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>>>>> linked_values[0]
>>>>> Committing SAM database
>>>>> descriptor_sd_propagation_recursive:
>>>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>>>> DC=fisherthompson,DC=local
>>>>> descriptor_sd_propagation_recursive:
>>>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>>>> DC=fisherthompson,DC=local
>>>>> Sending DsReplicaUpdateRefs for all the replicated partitions
>>>>> Setting isSynchronized and dsServiceName
>>>>> Setting up secrets database
>>>>> Joined domain FISHERTHOMPSON (SID
>>>>> S-1-5-21-4059926353-2957580592-3733343930) as a DC
>>>>>
>>>>> *************************************
>>>>> END OF DOMAIN JOIN
>>>>>
>>>>>
>>>>>
>>>> It looks like your windows DC doesn't store its DNS zones in AD, the
>>>> code in join.py to replicate DNS info is this:
>>>>
>>>>
>>>>               print "Done with always replicated NC (base, config,
>>>> schema)"
>>>>
>>>>              for nc in (ctx.domaindns_zone, ctx.forestdns_zone):
>>>>                  if nc in ctx.nc_list:
>>>>                      print "Replicating %s" % (str(nc))
>>>>                      repl.replicate(nc, source_dsa_invocation_id,
>>>>                                      destination_dsa_guid, rodc=ctx.RODC,
>>>>                                      replica_flags=ctx.replica_flags)
>>>>
>>>> Your 'join' info shows this:
>>>>
>>>> Done with always replicated NC (base, config, schema)
>>>> Replicating DC=DomainDnsZones,DC=fisherthompson,DC=local
>>>> Partition[DC=DomainDnsZones,DC=fisherthompson,DC=local] objects[191]
>>>> linked_values[0]
>>>> Replicating DC=ForestDnsZones,DC=fisherthompson,DC=local
>>>> Partition[DC=ForestDnsZones,DC=fisherthompson,DC=local] objects[33]
>>>> linked_values[0]
>>>> Committing SAM database
>>>> descriptor_sd_propagation_recursive:
>>>> DC=DomainDnsZones,DC=fisherthompson,DC=local not found under
>>>> DC=fisherthompson,DC=local
>>>> descriptor_sd_propagation_recursive:
>>>> DC=ForestDnsZones,DC=fisherthompson,DC=local not found under
>>>> DC=fisherthompson,DC=local
>>>>
>>>> I 'think' the last two lines mean nothing was replicated because there
>>>> was nothing to replicate to or from.
>>>>
>>>> You say your windows DC runs a DNS server, what sort & type ?
>>>>
>>>>
>>>> Rowland
>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>
>>>

The partitions look fine from that screenshot alone.

-- 
-James

More information about the samba mailing list