[Samba] Problems on joining samba DC to a Windows Domain while adding DNS record for new DC

Rowland Penny rpenny at samba.org
Sat Aug 10 08:29:15 UTC 2024


On Sat, 10 Aug 2024 09:34:32 +0200
Mitja Tavčar via samba <samba at lists.samba.org> wrote:

> Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via samba
> ha scritto:
> > On Fri, 09 Aug 2024 17:51:22 +0200
> > Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> > 
> > > 
> > > The original domain was not deployed as 2008R2 but as Windows2000
> > > and then upgraded to 2003 and subsequently to 2008R2 level. But
> > > we have not encountered any problems so far.
> > 
> > The DNS on a W2k is very different from what is used now, so when it
> > was updated was the DNS updated as well ?
> 
> Ok, according to the error that popped out also of Douglas patch it
> should be a missing DNS zone in my DNS.
> 
> (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
> 
> > If it wasn't, then the base NC will not be there to put the dns
> > record into.
> 
> Maybe you know how can i check if the correct NC exists? whith ADSI
> Edit or some other tool?
> 
> Should this be relevant to my?
> https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting#DNS_zone_does_not_exist
> 
> 
> Thank You
> 
> 
> Mitja Tavčar
> 

Do you have any Linux domain clients ?
If so try this command:

sudo ldbsearch --cross-ncs --show-binary -H
ldap://vmw2srvdc1.intra.comune.trento.it -P -b
'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' -d0
| grep 'dn:'

(that should be all on one line).

If you haven't got any Linux domain clients, then, on the computer you
are trying to join as a DC, check if you have a valid ticket in /tmp
for Administrator (usually /tmp/krb5cc_0), if not, run 'kinit
Administrator' as root and enter the Administrator password when
prompted, you should now have /tmp/krb5cc_0

Once you have the ticket, run the ldbsearch command again, but replace
'-P' with '--use-krb5-ccache=/tmp/krb5cc_0'

When I run the command, I get this:

dn: DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
dn: DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com

Yours will not be in the same order, I have re-ordered them to explain
them better.
The first is the forward domain dns zone.
the second is the forward forest dns zone.
the third is the reverse zone and in this case isn't important, you may
not have one, or you could have multiple, but can be created/deleted at
will.
The final two are 'root' dns servers and are not used by Samba.

Rowland
 



More information about the samba mailing list