[Samba] FW: samba_kcc issue after joining the domain as a DC

Alex samba at abisoft.biz
Wed Feb 12 09:54:58 UTC 2020


I'm  sorry,  after  double-checking  the Louis's link I've found that the domain
zone  should  be domain-wide, while the _msdcs stuff should be forest wide. I'll
change it and try again. Apologies.

>>>>> # samba-tool dns zonelist 172.26.1.81
>>>>> Password for [administrator at domain.com]:
>>>>>     2 zone(s) found
>>>>>
>>>>>     pszZoneName                 : _msdcs.domain.com
>>>>>     Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
>>>>>     ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>>>>>     Version                     : 50
>>>>>     dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
>>>>>     pszDpFqdn                   : ForestDnsZones.domain.com
>>>>>
>>>>>     pszZoneName                 : domain.com
>>>>>     Flags                       : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE
>>>>>     ZoneType                    : DNS_ZONE_TYPE_PRIMARY
>>>>>     Version                     : 50
>>>>>     dwDpFlags                   : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED
>>>>>     pszDpFqdn                   : ForestDnsZones.domain.com
>>>>>
>>>> I have three zones, one being the reverse zone, but my domain zone is this:
>>>>     pszZoneName        : samdom.example.com
>>>>     Flags                       : DNS_RPC_ZONE_DSINTEGRATED
>>>> DNS_RPC_ZONE_UPDATE_SECURE
>>>>     ZoneType                : DNS_ZONE_TYPE_PRIMARY
>>>>     Version                    : 50
>>>>     dwDpFlags               : DNS_DP_AUTOCREATED DNS_DP_DOMAIN_DEFAULT
>>>> DNS_DP_ENLISTED
>>>>     pszDpFqdn               : DomainDnsZones.samdom.example.com
>>>> Notice the difference in the last line.
>>> I see the difference. I guess it's b/c you didn't upgrade the zone to
>>> forest-wide. Should I revert my zones to be domain-wide?
>>>
>> Alex, mine is correct, yours is wrong.

> Rowland,  I really appreciate your help and you're probably right. But could you
> please  shed  some  light  on why yours is correct (or why mine is not)? At this
> moment, my AD is fully functional, no issues at all.

> In my humble opinion, this looks more like a bug in Samba joining procedure, b/c
> it should work well the existing AD configuration. However, it doesn't.

>> I could probably dump a list of dns DN's if needed.

> Yes, please do.

-- 
Best regards,
Alex Alex




More information about the samba mailing list