[Samba] problems with sysvol aft

Rowland Penny rpenny at samba.org
Wed Jan 11 13:39:14 UTC 2023 


On 11/01/2023 13:25, Thorsten Marquardt via samba wrote:
> 
> Am 11.01.23 um 14:11 schrieb Rowland Penny via samba:
>>
>> On 11/01/2023 12:35, Thorsten Marquardt via samba wrote:
>>> Hi,
>>>
>>> I plan to upgrade/replace my somewhat crippled and outdated samba 4.7.4
>>> domain controller. The OS is an openSUSE-Leap-42.3 which had no packages
>>> for a samba-ad-dc. These packages have been introduced in successor
>>> openSUSE releases starting with Leap-15.0. Leap-15.0 comes with samba
>>> 4.7.11. So I set up a new Leap-15.0 host and joint it as a dc
>>> controller. I set up the sysvol replication (rsync), transfered the fsmo
>>> roles to the new host and switched replication source and target.
>>> Everything apeared to run fine for the moment but if I stop samba on the
>>> old server I'm getting trouble with the sysvol-share and I can't access
>>> the gpo via the windows Group Policy Management Console. The console is
>>> telling me that the old host is still the base domain controller for my
>>> domain wheras samba-tool fsmo show lists all roles are served by the new
>>> on.
>>> My plan for the future is to demote the old dc, upgrade the new one step
>>> by step (Leap 15.0 ->15.1 (samba 4.9.5) -> 15.2 (samba 4.11.14)-> 15.3
>>> (samba 4.15.12) -> 15.4  ) and finally to set up a new second dc for
>>> failover purposes.
>>>
>>> What can I do get these problems fixed?
>>>
>>> Thanks in advance.
>>>
>>>
>>> Thorsten
>>>
>>>
>> I wonder if you are hitting this bug:
>>
>> https://bugzilla.samba.org/show_bug.cgi?id=14518
>>
>> Rowland
>>
> the bug report refers to _ldap._tcp._pdc._msdcs.dom.tld which I don't 
> have. I have _ldap._tcp.dom.tld and yes there are two listed.

If you are absolutely sure that you do not have:

_ldap._tcp.pdc._msdcs.dom.tld

Then you have really big problems. The 'samba_dnsupdate' script (which 
runs at Samba startup and then every 10 minutes) uses the file 
'dns_update_list' to create missing dns records, one of which is this:

# The PDC emulator
${IF_PDC}SRV           _ldap._tcp.pdc._msdcs.${DNSDOMAIN} 
     ${HOSTNAME} 389

So, if you haven't got the dns record and your DC is the holder of the 
PDC_Emulator FSMO role, the script should create it.

You can expect the other two records, one for each DC.

Rowland

More information about the samba mailing list