[Samba] Fwd: No DNS/Kerberos after DC OS upgrade
Nicolas Canonne
me at electronico.nc
Sun Mar 30 07:32:28 UTC 2025
Le 30/03/2025 à 18:04, Nicolas Canonne via samba a écrit :
> Hello Rowland and thanks for the reply !
>
> I simply used :
>
> sudo do-release-upgrade
>
> Samba on the 2 DC is well updated to 4.19.5 (I posted the logs
> starting from 4.15.13 trying to show the upgrade process)
>
>> @dc1:~$ samba -V
>> Version 4.19.5-Ubuntu
>
>> @dc2:~$ samba -V
>> Version 4.19.5-Ubuntu
>
> Nicolas Canonne
>
> Electronico
> NEW-CALEDONIA (South Pacific)
>
> Le 30/03/2025 à 17:48, Rowland Penny via samba a écrit :
>> On Sun, 30 Mar 2025 17:35:12 +1100
>> Nicolas Canonne via samba <samba at lists.samba.org> wrote:
>>
>>> Hi again,
>>>
>>> Had to remove log as email was to big (more than 128K) and rejected
>>>
>>> Nicolas
>>>
>>> -------- Message transféré --------
>>> Sujet : Re: No DNS/Kerberos after DC OS upgrade
>>> Date : Sun, 30 Mar 2025 16:00:57 +1100
>>> De : Nicolas Canonne <me at electronico.nc>
>>> Pour : samba at lists.samba.org
>>>
>>>
>>>
>>>
>> You say that you have upgraded DC1 from 4.15.13 to 4.19.5, but from
>> your logs there is this:
>>
>> [2025/03/30 10:05:52.445395, 0] ../../source3/smbd/server.c:1734(main)
>> smbd version 4.15.13-Ubuntu started.
>>
>> That (along with other things in the logs) suggests to me that the
>> upgrade hasn't worked, how did you upgrade ?
>>
>> Rowland
>>
>
Sorry for top posting (haven't used mailing list for a while)
It seems that DC2 is now the main DC :
> @dc1:~$ sudo net ads lookup
> Information for Domain Controller: 10.10.20.4
>
> Response Type: LOGON_SAM_LOGON_RESPONSE_EX
> GUID: e53f608d-1eee-4e2c-8fec-e570450cf59c
> Flags:
> Is a PDC: no
> Is a GC of the forest: yes
> Is an LDAP server: yes
> Supports DS: yes
> Is running a KDC: yes
> Is running time services: yes
> Is the closest DC: yes
> Is writable: yes
> Has a hardware clock: yes
> Is a non-domain NC serviced by LDAP server: no
> Is NT6 DC that has some secrets: no
> Is NT6 DC that has all secrets: yes
> Runs Active Directory Web Services: no
> Runs on Windows 2012 or later: no
> Runs on Windows 2012R2 or later: no
> Runs on Windows 2016 or later: no
> Has a DNS name: no
> Is a default NC: no
> Is the forest root: no
> Forest: smb.rdk.nc
> Domain: smb.rdk.nc
> Domain Controller: dc2.smb.rdk.nc
> Pre-Win2k Domain: SMB
> Pre-Win2k Hostname: DC2
> Server Site Name: Default-First-Site-Name
> Client Site Name: Default-First-Site-Name
> NT Version: 5
> LMNT Token: ffff
> LM20 Token: ffff
> @dc2:~$ sudo net ads lookup
> Information for Domain Controller: 10.10.20.4
>
> Response Type: LOGON_SAM_LOGON_RESPONSE_EX
> GUID: e53f608d-1eee-4e2c-8fec-e570450cf59c
> Flags:
> Is a PDC: no
> Is a GC of the forest: yes
> Is an LDAP server: yes
> Supports DS: yes
> Is running a KDC: yes
> Is running time services: yes
> Is the closest DC: yes
> Is writable: yes
> Has a hardware clock: yes
> Is a non-domain NC serviced by LDAP server: no
> Is NT6 DC that has some secrets: no
> Is NT6 DC that has all secrets: yes
> Runs Active Directory Web Services: no
> Runs on Windows 2012 or later: no
> Runs on Windows 2012R2 or later: no
> Runs on Windows 2016 or later: no
> Has a DNS name: no
> Is a default NC: no
> Is the forest root: no
> Forest: smb.rdk.nc
> Domain: smb.rdk.nc
> Domain Controller: dc2.smb.rdk.nc
> Pre-Win2k Domain: SMB
> Pre-Win2k Hostname: DC2
> Server Site Name: Default-First-Site-Name
> Client Site Name: Default-First-Site-Name
> NT Version: 5
> LMNT Token: ffff
> LM20 Token: ffff
but FSMO role seems to still be on DC1:
> @dc1:~$ sudo samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> @dc2:~$ sudo samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=smb,DC=rdk,DC=nc
Nicolas
More information about the samba
mailing list