[Samba] Problems on joining samba DC to a Windows Domain while adding DNS record for new DC - Solved

Mitja Tavčar mitja at mttv.it
Tue Aug 27 10:11:38 UTC 2024


Il 11/08/24 17:39, Rowland Penny via samba ha scritto:

Hi Rowland,
it took me some time to setup a testing environment. Now i have al relevant machines cloned in a test domain and i can freely experiment with DNS settings.

 > Do you want the good news or the bad news ??
 >
 > I will start with the good news: I know what your problem is.
 > The bad news is: I do not know how to fix it :-(
 >
 > You are still using the W2k dns system, this means that your dns knows
 > nothing about ForestDnsZones. There used to be a Microsoft webpage, but
 > that disappeared quite some time ago, but I have found a copy:
 >
 > https://ftp.zx.net.nz/pub/archive/ftp.microsoft.com/MISC/KB/en-us/817/470.HTM


Following this document i have fixed the missing DNS zones.
I verified that the Naming Contexts object are created using ADSIEdit tool.
Once all relevant Naming Context objects were createad and replicated across other DC's i tried the join of the new samba DC and now it work works correctly.


I just wanted to add a note about the ldbsearch command suggested.

 >>> sudo ldbsearch --cross-ncs --show-binary -H
 >>> ldap://vmw2srvdc1.intra.comune.trento.it -P -b
 >>> 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)'
 >>> -d0
 >>>> grep 'dn:'
 >>>
 >>> When I run the command, I get this:
 >>>
 >>> dn:
 >>> DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 >>> dn:
 >>> DC=_msdcs.samdom.example.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
 >>> dn:
 >>> DC=1.168.192.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 >>> dn:
 >>> DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
 >>> dn:
 >>> DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=samdom,DC=example,DC=com
 >>>
 >>> Yours will not be in the same order, I have re-ordered them to
 >>> explain them better.
 >>> The first is the forward domain dns zone.
 >>> the second is the forward forest dns zone.
 >>> the third is the reverse zone and in this case isn't important, you
 >>> may not have one, or you could have multiple, but can be
 >>> created/deleted at will.
 >>> The final two are 'root' dns servers and are not used by Samba.

Even now that join works correctly and it seems to me that all the naming contexts are populated as exepcted (verified witha AdsiEdit) the output of ldbsearch 
command still does not report the objects outside the default naming context. Despite using --cross-ncs, it seems that ldbsearch only looks inside default 
naming context.

ldbsearch --cross-ncs --show-binary -H ldap://vmw2srvdc1.intra.comune.trento.it -P -b 'dc=intra,dc=comune,dc=trento,dc=it' -s sub '(objectclass=dnszone)' -d0 | 
grep 'dn:'

still outputs: dn: DC=RootDNSServers,CN=MicrosoftDNS,CN=System,DC=intra,DC=comune,DC=trento,DC=it


The dnsZones under DC=ForestDnsZones,DC=intra,DC=comune,DC=trento,DC=it and DC=DomainDnsZones,DC=intra,DC=comune,DC=trento,DC=it NC's are not found by ldbsearch 
but using with AdsiEdit to connect to NCs  and also "samba-tool dns zonelist" now i can find the zones correctly.


Anyway i solved the join problem and also some old misconfiguration.
Thank You very much.

-- 
Mitja Tavčar



More information about the samba mailing list