[Samba] win2003 AD migration to SAMBA 4.6 - dnsupdate problem
Denis Cardon
dcardon at tranquil.it
Wed Feb 21 13:44:40 UTC 2018
Hi Tomas,
> I want to migrate old 2003 domain to Samba - join SAMBA 4.6(DC2) to win
> 2003 domain like DC, move sysvol, FSMO, demote old server(DC1), etc.,
> etc. -
> https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory
>
>
> My problem are DNS Updates, I have kerberos working (added enctypes =
> rc4-hmac for compatibility),
May I ask you where did you add that? Where did you read that you had to
do that? Could you try to just remove it?
> SAMBA join without errors, I have created
> DNS records,
how did you create the records? Could you try the following on your two
DCs to force the update without going through the authenticated DNS process
samba_dnsupdate --use-samba-tool
By the way, is your /etc/resolv.conf pointing to yourself? Is your
/etc/krb5.conf and /var/lib/samba/private/krb5.conf identical?
Denis
> can move FSMO. But DNS if working only on DC1, not on DC2,
> I have found in logs troubles with dnsupdates. DC1 thinks it is only one
> DC in domain.
>
> _ldap._tcp.Default-First-Site._sites.gc._msdcs.test.local. 900 IN SRV 0
> 100 3268 dc2.test.local.
> tkey query failed: GSSAPI error: Major = Unspecified GSS failure. Minor
> code may provide more information, Minor = KDC has no support for
> encryption type.
> Failed nsupdate: 1
> Failed update of 20 entries
>
> bB
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it
Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr
More information about the samba
mailing list