[Samba] Problems on joining samba DC to a Windows Domain while adding DNS record for new DC
Rowland Penny
rpenny at samba.org
Sun Aug 11 15:39:45 UTC 2024
On Sun, 11 Aug 2024 16:51:27 +0200
Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> Il giorno sab, 10/08/2024 alle 09.29 +0100, Rowland Penny via samba
> ha scritto:
> > On Sat, 10 Aug 2024 09:34:32 +0200
> > Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> >
> > > Il giorno ven, 09/08/2024 alle 17.32 +0100, Rowland Penny via
> > > samba ha scritto:
> > > > On Fri, 09 Aug 2024 17:51:22 +0200
> > > > Mitja Tavčar via samba <samba at lists.samba.org> wrote:
> > > >
> > > > >
> > > > > The original domain was not deployed as 2008R2 but as
> > > > > Windows2000 and then upgraded to 2003 and subsequently to
> > > > > 2008R2 level. But we have not encountered any problems so far.
> > > >
> > > > The DNS on a W2k is very different from what is used now, so
> > > > when it was updated was the DNS updated as well ?
> > >
> > > Ok, according to the error that popped out also of Douglas patch
> > > it should be a missing DNS zone in my DNS.
> > >
> > > (9601, 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
> > >
> > > > If it wasn't, then the base NC will not be there to put the dns
> > > > record into.
> > >
> > > Maybe you know how can i check if the correct NC exists? whith
> > > ADSI Edit or some other tool?
> > >
> >
> > Do you have any Linux domain clients ?
> > If so try this command:
> >
> > sudo ldbsearch --cross-ncs --show-binary -H
> > ldap://vmw2srvdc1.intra.comune.trento.it -P -b
> > 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)'
> > -d0
> > > grep 'dn:'
> >
> > When I run the command, I get this:
> >
> > dn:
> > DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> > dn:
> > DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
> > dn:
> > DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> > dn:
> > DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> > dn:
> > DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
> >
> > Yours will not be in the same order, I have re-ordered them to
> > explain them better.
> > The first is the forward domain dns zone.
> > the second is the forward forest dns zone.
> > the third is the reverse zone and in this case isn't important, you
> > may not have one, or you could have multiple, but can be
> > created/deleted at will.
> > The final two are 'root' dns servers and are not used by Samba.
>
> I ran the command as domain administrator
>
> sudo ldbsearch --cross-ncs --show-binary -H
> ldap://vmw2srvdc1.intra.comune.trento.it -P -b
> 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)'
> -d0 | grep 'dn:'
>
> and received this response:
>
> dn:
> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
> dn:
> DC=10.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
> dn:
> DC=11.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
> (...cut all similar lines...) dn:
> DC=27.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
> dn:
> DC=43.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
> dn:
> DC=37.168.192.in-addr.arpa,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it
>
>
> I can see that, apart for the reverse zone records, only one of the
> 'root' dns servers records exist in my directory. So almost all the
> relevant top level DNS objects are missing.
>
> I think I need to verify and correct the zones in Active Directory
> and maybe recreate them. The system is in production and so I think I
> will have to plan to work with some notice.
>
> Thank You for the help
>
> Mitja Tavčar
Do you want the good news or the bad news ??
I will start with the good news: I know what your problem is.
The bad news is: I do not know how to fix it :-(
You are still using the W2k dns system, this means that your dns knows
nothing about ForestDnsZones. There used to be a Microsoft webpage, but
that disappeared quite some time ago, but I have found a copy:
https://ftp.zx.net.nz/pub/archive/ftp.microsoft.com/MISC/KB/en-us/817/470.HTM
See if that helps. Sorry that I cannot really help further, but I have
never directly faced this problem. I know vaguely what needs to be
done, but not how precisely to do it, perhaps some else knows the
secret incantations required ;-)
Rowland
More information about the samba
mailing list