[Samba] group policy update fails

Mike Lykov combr at samges.ru
Mon Nov 21 09:28:39 UTC 2016


21.11.2016 12:32, L.P.H. van Belle via samba пишет:
> Hai,
>
> Since your getting.
> finddcs: No matching server found
>> ERROR: Invalid IP address '3(NXDOMAIN)'!
> There is something wrong in the base of you setup.

yes, and it is a server own local hostname
see "DC server own hostname must be part of ad dc domain?" thread

your script relies on "hostname -d" output, but my server have
hostname domain != AD DC domain

hostname domain :
root at ad51:~# hostname -d
samges.ru

AD DC domain:
dc.samges.ru

local fqdn hostname for server
root at ad51:~# hostname -f
ad51.samges.ru

server in ad dc domain:

root at ad51:/var/log/samba# host -t A ad51.dc.samges.ru
ad51.dc.samges.ru has address 172.16.214.151

> Check all DC's for ipnumbers (A) and PTR records.
> Dont forget to create the reverse zone yourself.

I have not created reverse zone yet, because


> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record

Nothing about PTR on wiki here ^  or here:
https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory

or here
https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Configuring_the_DNS_Resolver


------------
Thanks, Mike


>
>> -----Oorspronkelijk bericht-----
>> Van: Mike Lykov [mailto:combr at samges.ru]
>> Verzonden: vrijdag 18 november 2016 18:40
>> Aan: L.P.H. van Belle
>> Onderwerp: Re: [Samba] group policy update fails
>>
>> 18.11.2016 16:13, L.P.H. van Belle ??????????:
>>> Oeps. I did hit the send button.
>>>
>>> Get this one also and can you mail me the output.
>>> http://downloads.van-belle.nl/samba4/samba-info.sh
>>>
>>> you should see something link this.
>>> Server info:
>>> This server hostname            = dc1
>>> This server FQDN (hostname)     = dc1.internal.domain.tld
>>> This server IP address          = 192.168.0.1
>>> The DC with FSMO roles          = DC1
>>> The DC (with FSMO) Site name    = Default-First-Site-Name
>>> The Default Naming Context      = DC=internal,DC=domain,DC=tld
>>> The Kerberos name used          = KERBEROS.REALM.TLD
>>> The Ipadres of DC dc2.internal.domain.tld.  = 192.168.0.2
>>> The Ipadres of DC dc1.internal.domain.tld.  = 192.168.0.1
>>
>> Without fixing hostname
>>
>> root at ad41:~# ./samba-info.sh
>> ....
>> dns child failed to find name '3(NXDOMAIN)' of type A
>> finddcs: No matching server found
>> ERROR: Invalid IP address '3(NXDOMAIN)'!
>>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line
>> 127, in run
>>      res = netcmd_get_domain_infos_via_cldap(lp, None, address)
>>    File "/usr/lib/python2.7/dist-packages/samba/netcmd/common.py", line
>> 70, in netcmd_get_domain_infos_via_cldap
>>      flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS)
>> Server info:
>> This server hostname              = ad41
>> This server FQDN (hostname)       = ad41.samges.ru
>> This server IP address            = 172.16.214.141
>> The DC with FSMO roles            = AD41
>> The DC (with FSMO) Site name      = Default-First-Site-Name
>> The Default Naming Context        = DC=dc,DC=samges,DC=ru
>> The Kerberos name used            = DC.SAMGES.RU
>> The Ipadres of DC 3(NXDOMAIN)        = record
>> root at ad41:~#
>>
>>>
>>>
>>> Best regards,
>>>
>>> Louis
>>>
>>>
>>>
>>>
>>>> -----Oorspronkelijk bericht-----
>>>> Van: L.P.H. van Belle [mailto:belle at bazuin.nl]
>>>> Verzonden: vrijdag 18 november 2016 13:10
>>>> Aan: 'Mike Lykov'
>>>> Onderwerp: RE: [Samba] group policy update fails
>>>>
>>>> Hai,
>>>>
>>>> Ok, these can be ignored, these exist per server and are not
>> replicated.
>>>>>      msDS-NcType
>>>>>      subRefs
>>>> ( i'll adjust the script for it. )
>>>>
>>>> The script tests 2 ways.
>>>> samba-tool drs showrepl
>>>> and
>>>> samba-tool ldapcmp --filter='whenChanged' ldap://$SAMBA_DC1 ldap://$x"
>>>>
>>>> can you check again with :
>>>> samba-tool ldapcmp --filter='whenChanged,subRefs,msDS-NcType'
>>>> ldap://DC1_with_FSMO.domain.tld ldap://other_DC.domain.tld
>>>>
>>>> can you run this one also.
>>>>
>>>>
>>>>> -----Oorspronkelijk bericht-----
>>>>> Van: Mike Lykov [mailto:combr at samges.ru]
>>>>> Verzonden: vrijdag 18 november 2016 12:20
>>>>> Aan: L.P.H. van Belle
>>>>> Onderwerp: Re: [Samba] group policy update fails
>>>>>
>>>>> 18.11.2016 12:04, L.P.H. van Belle via samba ??????????:
>>>>>> This looks all good.
>>>>>>
>>>>>> Can you check you database replication with my script.
>>>>>> http://downloads.van-belle.nl/samba4/samba-check-db-repl.sh
>>>>>> It does some basic checked to detect the AD DC's.
>>>>>> And it compaires the ad db database in 2 ways.
>>>>>
>>>>> May I ask you about my results interpretation?
>>>>>
>>>>> -------------
>>>>> Result for [DOMAIN]: FAILURE
>>>>> Attributes found only in ldap://ad41.dc.samges.ru:
>>>>>      msDS-NcType
>>>>>      serverState
>>>>> Result for [CONFIGURATION]: FAILURE
>>>>> Attributes found only in ldap://ad41.dc.samges.ru:
>>>>>      msDS-NcType
>>>>>      subRefs
>>>>>
>>>>> Result for [SCHEMA]: FAILURE
>>>>> Attributes found only in ldap://ad41.dc.samges.ru:
>>>>>      msDS-NcType
>>>>> ---------------
>>>>>
>>>>> What is this attributes means, why they could not replicate?
>>>>> And how to fix this case?
>>>>> "samba drs showrepl" show all is ok.
>>>>>
>>>>> -----------
>>>>> * Comparing [DNSDOMAIN] context...
>>>>> Failed search of base=DC=DomainDnsZones,DC=dc,DC=samges,DC=ru
>>>>> ------------
>>>>>
>>>>> Why it can happen?
>>>>>
>>>>>
>>>>> --
>>>>> Mike Lykov, system administrator
>>>
>>>
>
>
>


-- 
Mike Lykov, system administrator



More information about the samba mailing list