[Samba] NS records for a new AD DC

lingpanda101 at gmail.com lingpanda101 at gmail.com
Thu Oct 20 16:55:01 UTC 2016 

On 10/20/2016 12:41 PM, Rowland Penny via samba wrote:
> On Thu, 20 Oct 2016 09:02:22 +0100
> Rowland Penny via samba <samba at lists.samba.org> wrote:
>
>> On Wed, 19 Oct 2016 23:12:50 +0200
>> Marc Muehlfeld <mmuehlfeld at samba.org> wrote:
>>
>>> Hi Rowland,
>>>
>>> thanks for testing and your feedback.
>>>
>>>
>>> Am 19.10.2016 um 21:50 schrieb Rowland Penny via samba:
>>>> Workaround:
>>>> turn off samba on the first DC, then restart samba on the second
>>>> DC. There is a gotcha however, I had to force replication with
>>>> 'samba-tool drs replicate' (after I restarted samba on the first
>>>> DC)
>>> This sounds more complicated and the user has to turn of the
>>> existing DC(s?) what makes the domain unavailable.
>>>
>>> I think we should continue recommending to add the two records
>>> manually. :-)
>>>
>>>
>>> Regards,
>>> Marc
>>>
>> I will try again to see if it was just a one off, but at least it
>> gives us a pointer to what is wrong ;-)
>>
>> When samba_dnsupdate tries to get the credentials, there is this line:
>>
>> creds.guess(lp)
>>
>> I 'think' it is guessing wrong ??
>>
>> Rowland
>>
> OK, after a lot more testing, I can get the records created without
> turning the first DC off.
>
> Provision the first DC.
> Set the nameserver in /etc/resolv.conf on what will become the second
> DC to the first DC.
> Join the second DC
> Before starting samba on the second DC, change these lines in
> samba_dnsupdate:
>
>      creds = credentials.Credentials()
>      creds.guess(lp)
>
> To:
>      creds = credentials.Credentials()
>      creds.set_workstation(host)
>
> change the nameserver to now be the second DCs ipaddress
>
> start samba and then immediately restart samba (no,I don't know why)
>
> now change the nameserver on each DC to point to the other DC.
>
> Go for a walk, have a brew, whatever, but just wait for replication to
> kick in.
>
> You will now find all the required records have been created and
> replicated.
>
> I think samba_upgradedns needs to start replication after updating any
> records, it also needs to be made to use the credentials of the machine
> it is running on. I am unsure if the modification I made is valid, but
> it seems work.
>
> Rowland
>

Rowland,

     I assume your testing is with bind? Will this modification be 
applicable to the internal DNS server as well?

-- 
-James

More information about the samba mailing list