[Samba] DNS management error accessing the domain zone

Nicolás Hermida nhermida at init.ar
Wed Mar 19 19:43:59 UTC 2025 

Hi everyone,

We have an Active Directory environment with a WS 2008 R2 functional
level. There are two Windows Server 2012 R2 systems, we started the
task of migrating these servers to Samba and we've added a Samba
domain controller (Version 4.19.5) under Ubuntu 24.04.

So we have:
SERVER1 (IP 172.30.16.10): Windows Server 2012 R2 Domain Controller
SERVER2 (IP 172.30.16.11): Windows Server 2012 R2 Domain Controller
SERVER3 (IP 172.30.16.14): Samba Domain Controller

Domain name: example.local

When we try to connect to SERVER3 (Samba DC) using the Windows DNS
Management Tool to manage the DNS server, we get an error when trying
to access the example.local forward lookup zone.

This error does not occur when accessing the _msdcs.example.local zone.

The error indicated by the Windows DNS tool is:
Zone Not Loaded by DNS Server

The DNS server encountered a problem while attempting to load the
zone. The transfer of zone data from the master server failed.

We ran the command to fix some errors detected by dbcheck:
# samba-tool dbcheck --cross-ncs --fix

In the Samba service log, we observed these errors that we consider relevant:
dnsserver: Invalid zone operation IsSigneddnsserver

ndr_pull_uint32: ndr_pull_error(Buffer Size Error): Pull bytes 4
(librpc/ndr/ndr_basic.c:193) at librpc/ndr/ndr_basic.c:193

Replications work correctly.

Here you have a copy of the main configuration files:

/etc/samba/smb.conf
# Global parameters
[global]
log level = 3
netbios name = SERVER3
realm = EXAMPLE.LOCAL
server role = active directory domain controller
workgroup = EXAMPLE
dns forwarder = 8.8.8.8
idmap_ldb:use rfc2307  = no

[sysvol]
path = /var/lib/samba/sysvol
read only = No

[netlogon]
path = /var/lib/samba/sysvol/example.local/scripts
read only = No


/etc/krb5.conf
[libdefaults]
default_realm = EXAMPLE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true

[realms]
EXAMPLE.LOCAL = {
default_domain = example.local
}

[domain_realm]
SERVER3 = EXAMPLE.LOCAL


/etc/hosts
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# --- BEGIN PVE ---
172.30.16.14 server3.example.local server
# --- END PVE ---


/etc/resolv.conf
# --- BEGIN PVE ---
search example.local
nameserver 172.30.16.10
# --- END PVE ---


Any ideas that might help us resolve this issue?

More information about the samba mailing list