[Samba] FW: samba_kcc issue after joining the domain as a DC

Alex samba at abisoft.biz
Mon Feb 10 18:40:51 UTC 2020 

>>> The other option is to remove 'DC=DomainDnsZones,DC=domain,DC=com' and
>>> 'DC=ForestDnsZones,DC=domain,DC=com' after the join and then run
>>> 'samba_upgradedns', would this work ?
>> While it seems to be safe to delete DomainDnsZones context, the ForestDnsZones
>> context seems to contain the real DNS zone info:

> First and for most, this is just an idea I threw out for discussion.

> If you are running the old style of DNS, then things are in a different 
> place to what is now expected.

How can i check if it's an old style or not? I guess it should be new after
following the guide Louis provided.

> Samba has a script 'samba_upgradedns', its main task is to change 
> between the internal and Bind9 dns servers, but it can recreate the DNS 
> records given a certain set of circumstances.

Yeah, I've already tried to run it. No success:
# samba_upgradedns -d 3
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Traceback (most recent call last):
  File "/usr/local/samba/sbin/samba_upgradedns", line 293, in <module>
    paths, lp.configfile, lp)
  File "/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py", line 209, in find_provision_key_parameters
    names.netbiosname = str(res[0]["sAMAccountName"]).replace("$", "")
IndexError: list index out of range

This however might be expected b/c Samba failed to join the DC before.

> Can you clone your Samba DC and sandbox the clone ?

This is what I'd like to do in the very end if nothing else helped. I don't have
enough resources at the moment to sandbox all of that.

> Can you run this search on your Samba DC:

> ldbsearch -H /var/lib/samba/private/sam.ldb -b 
> 'CN=Configuration,DC=samdom,DC=example,DC=com' -s sub 
> '(|(dnsRoot=DomainDnsZones.samdom.example.com)(dnsRoot=ForestDnsZones.samdom.example.com))'
> nCName

# record 1
dn: CN=e099a041-eb07-4123-9325-15cd9edcaf54,CN=Partitions,CN=Configuration,DC=domain,DC=com
nCName: DC=DomainDnsZones,DC=domain,DC=com

# record 2
dn: CN=2400e56f-8acd-4764-9c51-23aba14730b7,CN=Partitions,CN=Configuration,DC=domain,DC=com
nCName: DC=ForestDnsZones,DC=domain,DC=com

-- 
Best regards,
Alex

More information about the samba mailing list