[Samba] Problems on joining samba DC to a Windows Domain while adding DNS record for new DC
Mitja Tavčar
mitja at mttv.it
Sun Aug 11 14:51:27 UTC 2024
Il giorno sab, 10/08/2024 alle 09.29 +0100, Rowland Penny via samba ha scritto:
> On Sat, 10 Aug 2024 09:34:32 +0200
> Mitja Tavčar via samba <samba at lists.samba.org> wrote:
>
> > Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via samba
> > ha scritto:
> > > On Fri, 09 Aug 2024 17:51:22 +0200
> > > Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> > >
> > > >
> > > > The original domain was not deployed as 2008R2 but as Windows2000
> > > > and then upgraded to 2003 and subsequently to 2008R2 level. But
> > > > we have not encountered any problems so far.
> > >
> > > The DNS on a W2k is very different from what is used now, so when it
> > > was updated was the DNS updated as well ?
> >
> > Ok, according to the error that popped out also of Douglas patch it
> > should be a missing DNS zone in my DNS.
> >
> > (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
> >
> > > If it wasn't, then the base NC will not be there to put the dns
> > > record into.
> >
> > Maybe you know how can i check if the correct NC exists? whith ADSI
> > Edit or some other tool?
> >
>
> Do you have any Linux domain clients ?
> If so try this command:
>
> sudo ldbsearch --cross-ncs --show-binary -H
> ldap://vmw2srvdc1.intra.comune.trento.it -P -b
> 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' -d0
> > grep 'dn:'
>
> When I run the command, I get this:
>
> dn: DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> dn: DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
> dn: DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> dn: DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
>
> Yours will not be in the same order, I have re-ordered them to explain
> them better.
> The first is the forward domain dns zone.
> the second is the forward forest dns zone.
> the third is the reverse zone and in this case isn't important, you may
> not have one, or you could have multiple, but can be created/deleted at
> will.
> The final two are 'root' dns servers and are not used by Samba.
I ran the command as domain administrator
sudo ldbsearch --cross-ncs --show-binary -H ldap://vmw2srvdc1.intra.comune.trento.it -P -b 'dc=intra,dc=comune,dc=trento,dc=it' -s sub
'(objectclass=dnszone)' -d0 | grep 'dn:'
and received this response:
dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
dn: DC=10.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
dn: DC=11.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
(...cut all similar lines...)
dn: DC=27.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
dn: DC=43.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
dn: DC=37.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
I can see that, apart for the reverse zone records, only one of the 'root' dns servers records exist in my directory.
So almost all the relevant top level DNS objects are missing.
I think I need to verify and correct the zones in Active Directory and maybe recreate them. The system is in production and so I think I will have to
plan to work with some notice.
Thank You for the help
Mitja Tavčar
More information about the samba
mailing list