[Samba] NT_STATUS_NO_LOGON_SERVERS after removing a DC and WERR_BADFILE when trying to remove broken DC

Sven Schwedas sven.schwedas at tao.at
Fri Apr 21 08:26:22 UTC 2017


On 2017-04-20 18:38, Rowland Penny wrote:
> On Thu, 20 Apr 2017 18:00:24 +0200
> Sven Schwedas via samba <samba at lists.samba.org> wrote:
> 
>> On 2017-04-07 13:44, Sven Schwedas via samba wrote:
>>> In the end I just upgraded all DCs to 4.5 and remote-deleted the
>>> broken ones. Seemed to work without a hitch, manual removal was
>>> only necessary to remove the IPs from DNS\_msdcs.ourdomain\gc\.
>>
>> Apparently not, adding new DCs failed with "WERR_DS_DATABASE_ERROR".
>> `samba-tool dbcheck --fix` solved that.
>>
>> With that out of the way, the join seemed to work.
>>
>> • DNS records as per
>> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
>> were missing, after adding them, the replication is working as well.
>>
>> • File server verified to work, including authentication.
>>
>> • However, the server is still missing from the following DNS records:
>>
>>  – Domain [host -t A ad.tao.at.]
>>  – LDAP SRV records [host -t SRV _ldap._tcp.ad.tao.at.]
>>  – KRB5 SRV records [host -t SRV _kerberos._tcp.ad.tao.at.]
>>  – …and all the others I can find in the MMC DNS snap-in (_gc,
>> _kpasswd, etc. pp.)
>>
>> • Kerberos works, but I'm not sure it's actually using the new server,
>> given the DNS issues.
>>
>>
>> Can I just add the SRV records manually? Should this be documented in
>> the wiki?
> 
> Try running 'samba_dnsupdate --use-samba-tool' on the new DC

That did the trick.

> Rowland
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
TAO Digital | Lendplatz 45 | A8020 Graz
https://www.tao-digital.at | Tel +43 680 301 7167
https://pave.software – PAVE Password Manager

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20170421/41c51780/signature.sig>


More information about the samba mailing list