[Samba] samba4 dns delegation of _msdcs
maksemuz
maksemuz at gmail.com
Wed Jul 12 08:45:16 UTC 2017
Hello samba,
I got the following situation:
there is the test domain 'test.d' built on samba 4.6 on freebsd 11
I am connecting MS project server 2013 to it.
When I try to sync pool resources from project server web app, it gives me
an error.
Wireshark shows that the ldap search request with object SID and null
baseDN inside was sent to domain controller to port 389 of ldap, it is
defined as incorrect.
I built test domain with native MS AD instead of samba4 and repeated all
actions.
Wireshark shows that the same request goes to the ldap port 3268 (gc) and
got correct answer from domain controller.
I think the cause of it is the difference between MS AD DNS structure and
Samba4 AD DNS structure.
The difference is: the MS AD DNS contains the glue record for _msdcs.test.d
inside the test.d, whilst Samba4 DNS does not.
In other words, there is no delegation recods of _msdcs.test.d in test.d,
therefore client machine cannot get all SRV records and then sends ldap
request to wrong port.
the glue record from MS AD DNS:
; Delegated sub-zone: _msdcs.test.d.
;
_msdcs NS dc.test.d.
; End delegation
I tried adding this record with samba-tool but got the error:
10:56:52 {root at fread}-# samba-tool dns add 127.0.0.1 test.d _msdcs NS
Password for [TEST\uzer]:
ERROR(runtime): uncaught exception - (1383, 'WERR_INTERNAL_DB_ERROR')
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/samba/netcmd/dns.py", line
1098, in run
raise e
My questions are:
1 - do you think my suspicions are correct?
2 - if so, how to add glue record for _msdcs.test.d in test.d ?
3 - if not, what should I do to solve this problem?
Thanks in advance.
__________________________
Regards,
Maks Melnikov
More information about the samba
mailing list