[Samba] problems with sysvol aft
Thorsten Marquardt
Marquardt at koehler-bracht.de
Wed Jan 11 14:00:22 UTC 2023
Am 11.01.23 um 14:39 schrieb Rowland Penny via samba:
>
> On 11/01/2023 13:25, Thorsten Marquardt via samba wrote:
>> Am 11.01.23 um 14:11 schrieb Rowland Penny via samba:
>>> On 11/01/2023 12:35, Thorsten Marquardt via samba wrote:
>>>> Hi,
>>>>
>>>> I plan to upgrade/replace my somewhat crippled and outdated samba 4.7.4
>>>> domain controller. The OS is an openSUSE-Leap-42.3 which had no packages
>>>> for a samba-ad-dc. These packages have been introduced in successor
>>>> openSUSE releases starting with Leap-15.0. Leap-15.0 comes with samba
>>>> 4.7.11. So I set up a new Leap-15.0 host and joint it as a dc
>>>> controller. I set up the sysvol replication (rsync), transfered the fsmo
>>>> roles to the new host and switched replication source and target.
>>>> Everything apeared to run fine for the moment but if I stop samba on the
>>>> old server I'm getting trouble with the sysvol-share and I can't access
>>>> the gpo via the windows Group Policy Management Console. The console is
>>>> telling me that the old host is still the base domain controller for my
>>>> domain wheras samba-tool fsmo show lists all roles are served by the new
>>>> on.
>>>> My plan for the future is to demote the old dc, upgrade the new one step
>>>> by step (Leap 15.0 ->15.1 (samba 4.9.5) -> 15.2 (samba 4.11.14)-> 15.3
>>>> (samba 4.15.12) -> 15.4 ) and finally to set up a new second dc for
>>>> failover purposes.
>>>>
>>>> What can I do get these problems fixed?
>>>>
>>>> Thanks in advance.
>>>>
>>>>
>>>> Thorsten
>>>>
>>>>
>>> I wonder if you are hitting this bug:
>>>
>>> https://bugzilla.samba.org/show_bug.cgi?id=14518
>>>
>>> Rowland
>>>
>> the bug report refers to _ldap._tcp._pdc._msdcs.dom.tld which I don't
>> have. I have _ldap._tcp.dom.tld and yes there are two listed.
> If you are absolutely sure that you do not have:
>
> _ldap._tcp.pdc._msdcs.dom.tld
>
> Then you have really big problems. The 'samba_dnsupdate' script (which
> runs at Samba startup and then every 10 minutes) uses the file
> 'dns_update_list' to create missing dns records, one of which is this:
>
> # The PDC emulator
> ${IF_PDC}SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
> ${HOSTNAME} 389
>
> So, if you haven't got the dns record and your DC is the holder of the
> PDC_Emulator FSMO role, the script should create it.
>
> You can expect the other two records, one for each DC.
>
> Rowland
>
this is the result of my nslookup:
thorsten at hermes:~> nslookup -querytype=srv
_ldap._tcp._pdc._msdcs.my.local.dom srv-kb-primdc
Server: srv-kb-primdc
Address: 192.168.1.17#53
** server can't find _ldap._tcp._pdc._msdcs.my.local.dom: NXDOMAIN
thorsten at hermes:~> nslookup -querytype=srv
_ldap._tcp._pdc._msdcs.my.local.dom srv-kb-dc1
Server: srv-kb-dc1
Address: 192.168.1.243#53
** server can't find _ldap._tcp._pdc._msdcs.my.local.dom: NXDOMAIN
and the result of samba-tool-fsmo show:
srv-kb-dc1:~ # samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
and:
srv-kb-primdc:~ # samba-tool fsmo show
ldb_wrap open of secrets.ldb
SchemaMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
Is there a chance to create the missing records by hand?
More information about the samba
mailing list