[Samba] Setup a Samba AD DC as an additional DC

Barry D. Adkins Barry at daram.com
Wed Dec 5 18:24:00 UTC 2018 

On Tue, Dec 4, 2018 at 11:46 PM Andrew Bartlett <abartlet at samba.org<mailto:abartlet at samba.org>> wrote:
...
It is very likely 'just a bug'.  We do some DNS things trying to make
sure the new DC can work the moment it starts (before that, folks had a
lot of difficulty with the new DC not being in global DNS).

This is different to what windows does, and there is a variety of
different ways DNS can be set up on windows, so clearly it isn't
interoperable right now.

Sorry about that.
Andrew Bartlett


>Thank you for the responses, Andrew and Barry;

>I have achieved success:  it was necessary to (re)create the _msdcs.my.domain zone at Windows DNS.  It previously did not exist, for reasons unknown to >me. I'm assuming related to the domain functional level being upgraded over time from 2003 to 2008R2.

>There are a number of guidelines out there to accomplish this, but when doing so, but some miss a required option for Samba: you must ensure the >Replication is set to all DNS servers in the forest.

If only this would have been my problem, yet the _msdcs.my.domain zone is in Windows DNS.  Strange we are getting the same error.

Could not find machine account in secrets database: Failed to fetch machine account password for DOMAIN from both secrets.ldb (Could not find entry to match filter: '(&(flatname=DOMAIN)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4702) and from /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
ERROR(runtime): uncaught exception - (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 716, in run
    backend_store=backend_store)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1500, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1405, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1164, in join_add_dns_records
    None)

I’m not certain if the join fails because of one of these 2 errors or because of both.

I’ve looked at all the AD Partitions and the DNS AD Partitions are there and proper.  I don’t know what “Zone” it is that doesn’t exist from this DNS error reported.

How did you figure out your problem was related to the _msdcs zone?

-Barry Adkins

More information about the samba mailing list