[Samba] Replication not working for remote Domain Controller

Rowland penny rpenny at samba.org
Wed Dec 18 13:35:19 UTC 2019


On 18/12/2019 11:56, shacky wrote:
> Hi Rowland,
>
>     I have been doing a bit of investigation and I 'think' we do have
>     a tool ;-)
>     If you examine 'samba_upgradedns', at the top it says this:
>     # Upgrade DNS provision from BIND9_FLATFILE to BIND9_DLZ or
>     SAMBA_INTERNAL
>     I think if you use it to upgrade to either BIND_DLZ or
>     SAMBA_INTERNAL,
>     it should create the required AD objects.
>
>
> I cloned the DC in a sandbox and tries samba_upgradedns:
>
> ===============================================
> root at dc1:/ # samba_upgradedns --dns-backend=BIND9_DLZ
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> Reading domain information
> lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> DNS accounts already exist
> No zone file /var/lib/samba/private/dns/MY.DOMAIN.COM.zone
> DNS records will be automatically created
> DNS partitions already exist
> dns-dc1 account already exists
> See /var/lib/samba/private/named.conf for an example configuration 
> include file for BIND
> and /var/lib/samba/private/named.txt for further documentation 
> required for secure DNS updates
> Finished upgrading DNS
> ===============================================
>
> But after that ldbsearch output is empty anyway:
>
> ===============================================
> root at dc1:/ (17:23:33)# ldbsearch --cross-ncs -H 
> /var/lib/samba/private/sam.ldb -b 'DC=my.domain.com 
> <http://my.domain.com/>,CN=MicrosoftDNS,DC=DomainDnsZones,DC=my,DC=domain,DC=com' 
> -s sub '(objectclass=dnsnode)' | grep dn
>
> root at dc1:/ (17:23:36)#
> ===============================================
>
> :-(

I think I understand what is happening. It checks if a couple of records 
exist and if they don't, it creates them along with other missing 
records, but it looks like they do exist, but the other records don't.

You can check this with:

ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b 
'dc=samdom,dc=example,dc=com' -s sub 
'(|(dnsRoot=DomainDnsZones.samdom.example.com)(dnsRoot=ForestDnsZones.samdom.example.com))' 
nCName

I can probably use parts of samba_upgradedns to add your missing 
records, just have to decide what parts to use ;-)

Rowland





More information about the samba mailing list