[Samba] Samba Migration and AD integration
PGhimire at sundata.com.au
Wed Feb 7 11:51:35 UTC 2018
The computer indeed is in the same IP range. The /etc/resolv.conf points to it's IP and not the loopback
Had to use the --use-samba-tool as it errored out
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/server1.realmname as SERVER1$
ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 1098, in run
Failed 'samba-tool dns' based update: A server1.realmname 172.16.24.1 : local variable 'estr' referenced before assignment
Traceback (most recent call last):
File "/usr/sbin/samba_dnsupdate", line 834, in <module>
File "/usr/sbin/samba_dnsupdate", line 563, in call_samba_tool
print("Failed 'samba-tool dns' based update: %s : %s" % (str(d), estr))
UnboundLocalError: local variable 'estr' referenced before assignment
After that I did the combination of the following which allowed me to add the machine to the domain
- disabled ufw
- flushed and re-registered dns on the machine, rebooted the machine
- added search realmname in the /etc/resolv.conf
The next issue is that the machine I added to the domain is a Server2008R2. When I tried to DCPROMO it , the DNS server option was greyed out with
DNS cannot be installed on this domain controller because this domain does not host DNS.
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Wednesday, 7 February 2018 8:56 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Samba Migration and AD integration
On Wed, 7 Feb 2018 10:02:10 +0000
Praveen Ghimire <PGhimire at sundata.com.au> wrote:
> Hi Rowland,
> Following the
> AD_DC, ran some tests migrating from Bind9 to Samba Internal with the
> following results
> Stopped the BIND, Samba-AD-DC services
> samba_upgradedns --dns-backend=SAMBA_INTERNAL Reading domain
> information DNS accounts already exist Reading records from zone file
> /var/lib/samba/private/dns/<REALMNAME>.zone DNS partitions already
> exist Finished upgrading DNS You have switched to using SAMBA_INTERNAL
> as your dns backend, but you still have samba starting looking for a
> BIND backend. Please remove the -dns from your server services line.
Did you remove the 'server services' line ?
> Started the Samba-AD-DC service and left the Bind9 stopped.
> The .zone file had the all the SOA records for the REALM. The issue
> (after the change from Bind9 to Samba and also from Samba Internal to
> Bind9) we get the following when trying to add a machine to the
> The error was: "This operation returned because the timeout period
> expired." (error code 0x000005B4 ERROR_TIMEOUT) The query was for the
> SRV record for _ldap._tcp.dc._msdcs.<realmname> The DNS servers used
> by this computer for name resolution are not responding. This computer
> is configured to use DNS servers with the following IP addresses:
> 172.16.24.1 Verify that this computer is connected to the network,
> that these are the correct DNS server IP addresses, and that at least
> one of the DNS servers is running.
Does the computer you are trying to join have an ipaddress in the 172.16.24.x range ?
Does the nameserver in /etc/resolv.conf point to the Samba DCs ipaddress or '127.0.0.1' ?
try running this:
samba_dnsupdate --verbose --all-names
This should try to create/update all the required dns records, if it errors out add '--use-samba-tool'
> The SRV records are missing by the looks of it.
> service --status-all
> [ + ] apparmor
Have you tried turning apparmor off ?
> [ + ] isc-dhcp-server
I could never get isc-dhcp-server to update the server records in AD when using the internal dns server.
> [ + ] ufw
Are all the required ports open ?
> Also, does the Realm name needs to be something like abcd.local
> instead of abcdef?
It would probably better if it had a TLD (just don't use .local), but should work without one.
To unsubscribe from this list go to the following URL and read the
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
More information about the samba