[Samba] missing DomainDnsZones and ForestDnsZones ?
Rowland penny
rpenny at samba.org
Fri Mar 18 19:58:58 UTC 2016
On 18/03/16 19:27, Robert Moulton wrote:
> Rowland penny wrote on 3/18/16 11:48 AM:
>> On 18/03/16 18:19, Robert Moulton wrote:
>>> Greetings - On our samba 4 (4.3.3) AD controller I just noticed
>>> something odd. When I run 'samba-tool fsmo show' I get an error:
>>>
>>> # samba-tool fsmo show
>>> ERROR(ldb): uncaught exception - No such Base DN:
>>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>>> File
>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>>>
>>> line 175, in _run
>>> return self.run(*args, **kwargs)
>>> File
>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
>>> line 395, in run
>>> domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>>> File
>>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
>>> line 40, in get_fsmo_roleowner
>>> scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>>>
>>> And 'ldbsearch' verifies that DomainDnsZones is missing:
>>>
>>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb
>>> '(fsmoroleowner=*)' | grep 'dn:'
>>> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu
>>> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu
>>> dn: DC=biostat,DC=washington,DC=edu
>>> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu
>>> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu
>>>
>>> What might explain this anomaly, and more importantly, what should be
>>> done to address it?
>>>
>>> thanks,
>>> -r
>>>
>>
>> OK, as for how did you get to here, how was the domain provisioned ??
>
> Provisioning was a 'classicupgrade' of a samba 3 domain with LDAP
> backend.
I don't suppose you can remember the actual command you ran to upgrade ?
>
>> You are actually missing two fsmo roleowners, your ldbsearch should
>> return these as well as the other 5:
>>
>> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>> dn: CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu
>>
>> Do the 'DNs' exist ?
>>
>> try this:
>>
>> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b
>> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub
>> '(cn=Infrastructure)'
>>
>> Does it return anything ?
>>
>
> uh-oh, no such base dn ...
>
> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b
> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub
> '(cn=Infrastructure)'
> search error - No such Base DN:
> DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>
>> Run it again, but replace 'DC=DomainDnsZones' with 'DC=ForestDnsZones',
>> does this return anything ?
>
> ... and again:
>
> [root at porter ~]# ldbsearch --cross-ncs -H
> /usr/local/samba/private/sam.ldb -b
> 'DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu' -s sub
> '(cn=Infrastructure)'
> search error - No such Base DN:
> DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu
>
> should they be added with ldbadd?
It is not as simple as that, You probably have a lot more missing.
When you ran the upgrade command, did you cut and paste it from the wiki
? If so, you may have missed half the command line. I have just looked
at the wiki page and altered it so it shows all the command.
I have never been in this position, so I am unsure if you can add the
DNS objects to AD and if you can, I do not know how.
Rowland
>
>> If the objects exist, then you need to add the fsmo roleowners with
>> ldbmodify
>>
>> You need to create an ldif
>>
>> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>> changetype: modify
>> add: fSMORoleOwner
>> fSMORoleOwner: CN=NTDS
>> Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu
>>
>>
>>
>> Then use ldbmodify to add the ldif, repeat for the ForestDnsZones
>>
>> Rowland
>>
>>
>>
More information about the samba
mailing list