[Samba] Replication not working for remote Domain Controller
Rowland penny
rpenny at samba.org
Wed Dec 18 13:35:19 UTC 2019
On 18/12/2019 11:56, shacky wrote:
> Hi Rowland,
>
> I have been doing a bit of investigation and I 'think' we do have
> a tool ;-)
> If you examine 'samba_upgradedns', at the top it says this:
> # Upgrade DNS provision from BIND9_FLATFILE to BIND9_DLZ or
> SAMBA_INTERNAL
> I think if you use it to upgrade to either BIND_DLZ or
> SAMBA_INTERNAL,
> it should create the required AD objects.
>
>
> I cloned the DC in a sandbox and tries samba_upgradedns:
>
> ===============================================
> root at dc1:/ # samba_upgradedns --dns-backend=BIND9_DLZ
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Reading domain information
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> DNS accounts already exist
> No zone file /var/lib/samba/private/dns/MY.DOMAIN.COM.zone
> DNS records will be automatically created
> DNS partitions already exist
> dns-dc1 account already exists
> See /var/lib/samba/private/named.conf for an example configuration
> include file for BIND
> and /var/lib/samba/private/named.txt for further documentation
> required for secure DNS updates
> Finished upgrading DNS
> ===============================================
>
> But after that ldbsearch output is empty anyway:
>
> ===============================================
> root at dc1:/ (17:23:33)# ldbsearch --cross-ncs -H
> /var/lib/samba/private/sam.ldb -b 'DC=my.domain.com
> <http://my.domain.com/>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=my,DC=domain,DC=com'
> -s sub '(objectclass=dnsnode)' | grep dn
>
> root at dc1:/ (17:23:36)#
> ===============================================
>
> :-(
I think I understand what is happening. It checks if a couple of records
exist and if they don't, it creates them along with other missing
records, but it looks like they do exist, but the other records don't.
You can check this with:
ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
'dc=samdom,dc=example,dc=com' -s sub
'(|(dnsRoot=DomainDnsZones.samdom.example.com)(dnsRoot=ForestDnsZones.samdom.example.com))'
nCName
I can probably use parts of samba_upgradedns to add your missing
records, just have to decide what parts to use ;-)
Rowland
More information about the samba
mailing list