[Samba] samba-tool join error : NO DNS zone information found in source domain, not replicating DNS

Dr. Hansjörg Maurer hansjoerg.maurer at itsd.de
Thu Feb 18 16:25:53 UTC 2021 

Hi Denis


Am 18.02.21 um 15:32 schrieb Denis CARDON via samba:
>
>>
>> OK, sorry to be so long in getting back to you, been to get my first 
>> covid vaccination 😁
>>
>> Do you have this dn in AD:
>>
>> DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=DomainDnsZones,DC=XXX,DC=lan 
>>
>>
>> Or this one:
>>
>> DC=_kerberos._tcp.dc,DC=_msdcs.XXX.lan,CN=MicrosoftDNS,DC=ForestDnsZones,DC=XXX,DC=lan 
>
>
> If the domain has old DNS layout (_msdcs in DomainDnsZones), it sure 
> can be fixed (even if it is easier to be fixed before migration), but 
> then there will be issues with schema upgrade anyway: recent Samba 
> version cannot upgrade from AD schema level 30/31 anymore...
yes, _msdcs is not a seperate domain, but under ForestDnsZones, 
DomainDnsZones does not exist

the schema should be at the latest level available for samba

[root at server01 ~]# ldbsearch -H /etc/samba/sam.ldb -b 
'cn=Schema,cn=Configuration,dc=XXX,dc=lan' -s base objectVersion
# record 1
dn: CN=Schema,CN=Configuration,DC=kadorpartner,DC=net
objectVersion: 69

# returned 1 records
# 1 entries
# 0 referrals

[root at server01 ~]# samba-tool domain  level show
Domain and forest function level for domain 'DC=XXX,DClan'

Forest function level: (Windows) 2008 R2
Domain function level: (Windows) 2008 R2
Lowest function level of a DC: (Windows) 2008 R2

Regards

Hansjörg



-- 
Dr. Hansjörg Maurer
itsystems Deutschland AG
Erzgießereistr. 22
80335 München
Tel:   +49-89-52 04 68-41
Fax:   +49-89-52 04 68-59
E-Mail: hansjoerg.maurer at itsd.de
Web:    http://www.itsd.de


Amtsgericht München HRB 132146
USt-IdNr. DE 812991301
Steuer-Nr. 143/100/81575

Aufsichtsratsvorsitzender:
Stefan Adam
Vorstand:
Dr. Michael Krocka
Dr. Hansjörg Maurer



----------------------------
Unser System ist mit einem Mailverschluesselungs-Gateway ausgestattet. Wenn Sie moechten, dass an Sie gerichtete E-Mails verschluesselt werden, senden Sie einfach eine S/MIME-signierte E-Mail oder Ihren PGP Public Key an hansjoerg.maurer at itsd.de.

Our system is equipped with an email encryption gateway. If you want email sent to you to be encrypted please send a S/MIME signed email or your PGP public key to hansjoerg.maurer at itsd.de.

More information about the samba mailing list