[Samba] 4.3.11-Ubuntu fail to add DC to a AD domain
Jakub Kulesza
jakkul+samba at gmail.com
Wed Apr 25 20:57:23 UTC 2018
yes, I tried working with samba wiki and quad-verifying what is recommended
to be checked.
OK, I'll try to join using 18.04.
the samba_dnsupdate tool does not have the --use-samba-tool option in
ubuntu 16.04
2018-04-25 22:47 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Wed, 25 Apr 2018 22:32:10 +0200
> Jakub Kulesza <jakkul+samba at gmail.com> wrote:
>
> > Rowland, thank you for answering!
> >
> > I have investigated this a bit, and I think that using 18.04 for the
> > new DC will not be successful anyway. Reasons: the AD I have has been
> > created back in the days when 14.04 LTS was fresh. The provisioning
> > scripts worked differently. 14.04 has been upgraded to 16.04, and I
> > think that I do not have all of the DNSes configured properly and
> > this might be the cause of the synchronization items.
>
> The basic provision has always worked in the same way, it has just been
> tweaked.
>
> >
> > I would really like to get to the bottom of this and understand the
> > issue to fix it on the old DC. Is there a checklist on what needs to
> > be done during the initial provisioning and what are the requirements
> > for samba-tool to be able to join another DC to the AD?
>
> I take it you have read the DC join page on the wiki and followed all
> the hyperlinks.
>
> >
> > Traces:
> >
> > 1. running the following on the new DC starts with the following
> > errors: # samba-tool drs showrepl
> > SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed:
> > NT_STATUS_INVALID_PARAMETER
> >
> > NT_STATUS_INVALID_PARAMETER is usually associated with DNS update
> > issues.
> >
> > 2. I had to update "objectGUID CNAME Record" as defined here
> > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record
>
> Yes, but you shouldn't have to do this with 4.7.6, it has code to
> create those records during the join
>
> >
> > 3. querying the domain name in the DNS shows up only the old DC
> > # host biuro.gpm-vindexus.pl
> > biuro.gpm-vindexus.pl has address 192.168.0.251
> > biuro.gpm-vindexus.pl has address 192.168.1.251
> > (it has 2 addresses in 2 subnets)
> >
> > and it should show 192.168.0.252 (qdc, the second server) as well
>
> Why ? you are checking one DC FQDN, to get the info for the second DC,
> you would have to check that DCs FQDN.
>
> >
> >
> > 3. running samba_dnsupdate on the old primary DC showes a lot of
> > errors # samba_dnsupdate --all-names
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > ; TSIG error with server: tsig verify failure
> > Failed update of 24 entries
>
> Try 'samba_dnsupdate --all-names --use-samba-tool
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list