[Samba] Samba Migration and AD integration

Praveen Ghimire PGhimire at sundata.com.au
Tue Feb 6 03:05:18 UTC 2018 

Hi,

We migrated from Samba 3 to 4 (4.6.7-Ubuntu) and added promoted a Server 2008R2 as a Domain Controller. We've come across the following issues and request some suggestions to resolve them


-          The migration didn't generate DNS entries for the new realm. We had to manually create a new zone file (/var/cache/bind) for the new realm. Only then we were able to promote the Server2008 R2 as the DC. Is this an expected outcome post migration?

-          Similarly, the dhcpd.conf file exhibited the same outcome as above.

-          When we added a new machine to the domain, it didn't update the DNS record in the Samba box.  The machine joins to the domain but there is no DNS record for it.

-          We added the DNS role in the Server2008 R2 DC, what we found that any record created in Bind9 gets replicated to the Windows server but no vice-versa.

The AD user bit seems to sync ok between the servers.

The samba-tool dbcheck -cross-ncs gives the following


samba-tool dbcheck --cross-ncs
Checking 3835 objects
ERROR(<type 'exceptions.ValueError'>): uncaught exception - unable to parse dn string
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py", line 157, in run
    controls=controls, attrs=attrs)
  File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 198, in check_database
    error_count += self.check_object(object.dn, attrs=attrs)
  File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 1839, in check_object
    expected_dn = ldb.Dn(self.samdb, "RDN=RDN,%s" % (parent_dn))


smb.conf

[global]
        netbios name = TEST
        realm = TESTDC
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = TESTDC
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes

[netlogon]
        path = /var/lib/samba/sysvol/testdc/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No




Regards,

Praveen Ghimire

More information about the samba mailing list