samba4 from BDC to PDC

Daniele Dario d.dario76 at gmail.com
Thu Dec 29 06:09:20 MST 2011 

Hi Amitay,

On Thu, 2011-12-29 at 23:22 +1100, Amitay Isaacs wrote:
> Hi Daniele,
> 
> On Thu, Dec 29, 2011 at 10:18 PM, Daniele Dario <d.dario76 at gmail.com> wrote:
> 
> > I finished to prepare the VM and joined samba4 to the domain.
> > As in the past, after the domain join no dns.keytab will be present in
> > the private directory.
> >
> > As said by Gemes Geza, I exported the keytab using
> > [root at kdc01:/usr/local/samba/private]# samba-tool domain exportkeytab
> > dns.keytab
> > [root at kdc01:/usr/local/samba/private]# samba-tool user add dns-kdc02
> > --random-password
> > [root at kdc01:/usr/local/samba/private]# samba-tool spn add
> > DNS/kdc02.saitelitalia.local dns-kdc02
> >
> > At this point, if I start named
> > [root at kdc01:~]# named -u bind -d 10 -g -c /etc/bind/named.conf
> > it fails
> > ...
> > 29-Dec-2011 11:54:43.328 generating session key for dynamic DNS
> > 29-Dec-2011 11:54:43.328 sizing zone task pool based on 5 zones
> > 29-Dec-2011 11:54:43.329 decrement_reference: delete from rbt:
> > 0xb6d2d548 .
> > 29-Dec-2011 11:54:43.330 Loading 'AD DNS Zone' using driver dlopen
> > 29-Dec-2011 11:54:43.330 Loading SDLZ driver.
> > 29-Dec-2011 11:54:43.515 samba_dlz: Unable to get basedn
> > for /usr/local/samba/private/dns/sam.ldb - NULL Base DN invalid for a
> > base search
> > 29-Dec-2011 11:54:43.515 dlz_dlopen of 'AD DNS Zone' failed
> > 29-Dec-2011 11:54:43.515 SDLZ driver failed to load.
> > 29-Dec-2011 11:54:43.515 DLZ driver failed to load.
> > 29-Dec-2011 11:54:43.516 load_configuration: failure
> > 29-Dec-2011 11:54:43.516 loading configuration: failure
> > 29-Dec-2011 11:54:43.516 exiting (due to fatal error)
> > ...
> >
> > What am I missing?
> > If bind does not start I won't be able to see the AD DNS from windows (I
> > use XP to doublecheck what I'm doing) so I can't check if I can add the
> > reversed zone.
> 
> It appears that dlz_bind9 is unable to access the DNS partitions. May be there
> is something wrong with the copy of samdb in private/dns directory.
> private/dns/sam.ldb should be a copy of private/sam.ldb. Can you confirm that?
> Does private/dns/sam.ldb.d have all files similar to private/sam.ldb.d?
> 
> Amitay.

No, it was not. I copied private/sam.ldb and private/sam.ldb.d/* into
private/dns/ and changed permissions and now bind started, thank you.

If I try to nslookup on this DNS it fails and same happens with
[root at kdc02:~]# samba-tool dns query kdc02
saitelitalia.local .saitelitalia.local ALL -U administrator
Password for [SAITELITALIA\administrator]:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 167, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line
789, in run
    None)

Looking in private/sam.ldb.d/ or private/dns/sam.ldb.d/ it seems that
the DC=DOMAINDNSZONES,DC=SAITELITALIA,DC=LOCAL.ldb and the
DC=FORESTDNSZONES,DC=SAITELITALIA,DC=LOCAL.ldb aren't present on the
second DC (the one where dns query fails).

How do I replicate them?

Daniele.

More information about the samba-technical mailing list