[Samba] group policy update fails

L.P.H. van Belle belle at bazuin.nl
Mon Nov 21 08:32:27 UTC 2016 

Hai, 

Since your getting. 
finddcs: No matching server found
> ERROR: Invalid IP address '3(NXDOMAIN)'!
There is something wrong in the base of you setup. 

Check all DC's for ipnumbers (A) and PTR records. 
Dont forget to create the reverse zone yourself. 


https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting 
https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record

After you checked all and corrected verything, reboot first the DC with FSMO roles and the other DC('s) 




Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Mike Lykov [mailto:combr at samges.ru]
> Verzonden: vrijdag 18 november 2016 18:40
> Aan: L.P.H. van Belle
> Onderwerp: Re: [Samba] group policy update fails
> 
> 18.11.2016 16:13, L.P.H. van Belle ??????????:
> > Oeps. I did hit the send button.
> >
> > Get this one also and can you mail me the output.
> > http://downloads.van-belle.nl/samba4/samba-info.sh
> >
> > you should see something link this.
> > Server info:
> > This server hostname            = dc1
> > This server FQDN (hostname)     = dc1.internal.domain.tld
> > This server IP address          = 192.168.0.1
> > The DC with FSMO roles          = DC1
> > The DC (with FSMO) Site name    = Default-First-Site-Name
> > The Default Naming Context      = DC=internal,DC=domain,DC=tld
> > The Kerberos name used          = KERBEROS.REALM.TLD
> > The Ipadres of DC dc2.internal.domain.tld.  = 192.168.0.2
> > The Ipadres of DC dc1.internal.domain.tld.  = 192.168.0.1
> 
> Without fixing hostname
> 
> root at ad41:~# ./samba-info.sh
> ....
> dns child failed to find name '3(NXDOMAIN)' of type A
> finddcs: No matching server found
> ERROR: Invalid IP address '3(NXDOMAIN)'!
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
> 127, in run
>      res = netcmd_get_domain_infos_via_cldap(lp, None, address)
>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/common.py", line
> 70, in netcmd_get_domain_infos_via_cldap
>      flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
> Server info:
> This server hostname              = ad41
> This server FQDN (hostname)       = ad41.samges.ru
> This server IP address            = 172.16.214.141
> The DC with FSMO roles            = AD41
> The DC (with FSMO) Site name      = Default-First-Site-Name
> The Default Naming Context        = DC=dc,DC=samges,DC=ru
> The Kerberos name used            = DC.SAMGES.RU
> The Ipadres of DC 3(NXDOMAIN)        = record
> root at ad41:~#
> 
> >
> >
> > Best regards,
> >
> > Louis
> >
> >
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: L.P.H. van Belle [mailto:belle at bazuin.nl]
> >> Verzonden: vrijdag 18 november 2016 13:10
> >> Aan: 'Mike Lykov'
> >> Onderwerp: RE: [Samba] group policy update fails
> >>
> >> Hai,
> >>
> >> Ok, these can be ignored, these exist per server and are not
> replicated.
> >>>      msDS-NcType
> >>>      subRefs
> >> ( i'll adjust the script for it. )
> >>
> >> The script tests 2 ways.
> >> samba-tool drs showrepl
> >> and
> >> samba-tool ldapcmp --filter='whenChanged' ldap://$SAMBA_DC1 ldap://$x"
> >>
> >> can you check again with :
> >> samba-tool ldapcmp --filter='whenChanged,subRefs,msDS-NcType'
> >> ldap://DC1_with_FSMO.domain.tld ldap://other_DC.domain.tld
> >>
> >> can you run this one also.
> >>
> >>
> >>> -----Oorspronkelijk bericht-----
> >>> Van: Mike Lykov [mailto:combr at samges.ru]
> >>> Verzonden: vrijdag 18 november 2016 12:20
> >>> Aan: L.P.H. van Belle
> >>> Onderwerp: Re: [Samba] group policy update fails
> >>>
> >>> 18.11.2016 12:04, L.P.H. van Belle via samba ??????????:
> >>>> This looks all good.
> >>>>
> >>>> Can you check you database replication with my script.
> >>>> http://downloads.van-belle.nl/samba4/samba-check-db-repl.sh
> >>>> It does some basic checked to detect the AD DC's.
> >>>> And it compaires the ad db database in 2 ways.
> >>>
> >>> May I ask you about my results interpretation?
> >>>
> >>> -------------
> >>> Result for [DOMAIN]: FAILURE
> >>> Attributes found only in ldap://ad41.dc.samges.ru:
> >>>      msDS-NcType
> >>>      serverState
> >>> Result for [CONFIGURATION]: FAILURE
> >>> Attributes found only in ldap://ad41.dc.samges.ru:
> >>>      msDS-NcType
> >>>      subRefs
> >>>
> >>> Result for [SCHEMA]: FAILURE
> >>> Attributes found only in ldap://ad41.dc.samges.ru:
> >>>      msDS-NcType
> >>> ---------------
> >>>
> >>> What is this attributes means, why they could not replicate?
> >>> And how to fix this case?
> >>> "samba drs showrepl" show all is ok.
> >>>
> >>> -----------
> >>> * Comparing [DNSDOMAIN] context...
> >>> Failed search of base=DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
> >>> ------------
> >>>
> >>> Why it can happen?
> >>>
> >>>
> >>> --
> >>> Mike Lykov, system administrator
> >
> >

More information about the samba mailing list