[Samba] missing DomainDnsZones and ForestDnsZones ?

Robert Moulton rmoulton at uw.edu
Fri Mar 18 19:27:48 UTC 2016 

Rowland penny wrote on 3/18/16 11:48 AM:
> On 18/03/16 18:19, Robert Moulton wrote:
>> Greetings - On our samba 4 (4.3.3) AD controller I just noticed
>> something odd. When I run 'samba-tool fsmo show' I get an error:
>>
>> # samba-tool fsmo show
>> ERROR(ldb): uncaught exception - No such Base DN:
>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>>   File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>     return self.run(*args, **kwargs)
>>   File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
>> line 395, in run
>>     domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>>   File
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
>> line 40, in get_fsmo_roleowner
>>     scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>>
>> And 'ldbsearch' verifies that DomainDnsZones is missing:
>>
>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb
>> '(fsmoroleowner=*)' | grep 'dn:'
>> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu
>> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu
>> dn: DC=biostat,DC=washington,DC=edu
>> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu
>> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu
>>
>> What might explain this anomaly, and more importantly, what should be
>> done to address it?
>>
>> thanks,
>> -r
>>
>
> OK, as for how did you get to here, how was the domain provisioned ??

Provisioning was a 'classicupgrade' of a samba 3 domain with LDAP backend.

> You are actually missing two fsmo roleowners, your ldbsearch should
> return these as well as the other 5:
>
> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
> dn: CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu
>
> Do the 'DNs' exist ?
>
> try this:
>
> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b
> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub
> '(cn=Infrastructure)'
>
> Does it return anything ?
>

uh-oh, no such base dn ...

# ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b 
'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub 
'(cn=Infrastructure)'
search error - No such Base DN:
DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu

> Run it again, but replace 'DC=DomainDnsZones' with 'DC=ForestDnsZones',
> does this return anything ?

... and again:

[root at porter ~]# ldbsearch --cross-ncs -H 
/usr/local/samba/private/sam.ldb -b 
'DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu' -s sub 
'(cn=Infrastructure)'
search error - No such Base DN: 
DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu

should they be added with ldbadd?

> If the objects exist, then you need to add the fsmo roleowners with
> ldbmodify
>
> You need to create an ldif
>
> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
> changetype: modify
> add: fSMORoleOwner
> fSMORoleOwner: CN=NTDS
> Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu
>
>
> Then use ldbmodify to add the ldif, repeat for the ForestDnsZones
>
> Rowland
>
>
>

More information about the samba mailing list