Joining Samba 4.0.1 AD DC to Win2k3 domain

Carlos Miguel Bustillo Rdguez cbustillo at uclv.edu.cu
Tue Jan 22 11:05:08 MST 2013 

Hello lists:

     to join my Samba 4.0.1 as DC to Win2k3 existing domain I followed
the steps in
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC

When I join to existing domain:

root at debian:~# samba-tool domain join ict.net DC -Uadministrator
--realm=ict.net --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ict.net'
Found DC msad2003.ict.net
Password for [WORKGROUP\administrator]:
workgroup is ICT
realm is ict.net
checking sAMAccountName
Deleted CN=NTDS
Settings,CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
Deleted
CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
Adding CN=DEBIAN,OU=Domain Controllers,DC=ict,DC=net
Adding
CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
Adding CN=NTDS
Settings,CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
Adding SPNs to CN=DEBIAN,OU=Domain Controllers,DC=ict,DC=net
Setting account password for DEBIAN$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=ict,DC=net
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[267]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[534]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[801]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[1068]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[1335]
linked_values[0]
Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[1378]
linked_values[0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=ict,DC=net] objects[267] linked_values[0]
Partition[CN=Configuration,DC=ict,DC=net] objects[534] linked_values[0]
Partition[CN=Configuration,DC=ict,DC=net] objects[801] linked_values[0]
Partition[CN=Configuration,DC=ict,DC=net] objects[1068] linked_values[0]
Partition[CN=Configuration,DC=ict,DC=net] objects[1335] linked_values[0]
Partition[CN=Configuration,DC=ict,DC=net] objects[1525] linked_values[10]
Replicating critical objects from the base DN of the domain
Partition[DC=ict,DC=net] objects[93] linked_values[0]
Partition[DC=ict,DC=net] objects[296] linked_values[0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=ict,DC=net
Partition[DC=DomainDnsZones,DC=ict,DC=net] objects[43] linked_values[0]
Replicating DC=ForestDnsZones,DC=ict,DC=net
Partition[DC=ForestDnsZones,DC=ict,DC=net] objects[19] linked_values[0]
Partition[DC=ForestDnsZones,DC=ict,DC=net] objects[38] linked_values[0]
Committing SAM database
descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=ict,DC=net not
found under DC=ict,DC=net
descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=ict,DC=net not
found under DC=ict,DC=net
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain ICT (SID S-1-5-21-78866413-693563199-3619600819) as a DC

There are two lines that worry me:
     descriptor_sd_propagation_recursive:
DC=DomainDnsZones,DC=ict,DC=net not found under DC=ict,DC=net
     descriptor_sd_propagation_recursive:
DC=ForestDnsZones,DC=ict,DC=net not found under DC=ict,DC=net

Is normal this output??

My next step is configure Bind9 and "Check required DNS entries of the
new host" (from
https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Check_required_DNS_entries_of_the_new_host)

Then start Samba 4.0.1 AD DC:
     samba -i -M single -d2

Everything ok, but this output:
     /usr/local/samba/sbin/smbd: Unable to connect to CUPS server
localhost:631 - Connection refused
     /usr/local/samba/sbin/smbd: failed to retrieve printer list:
NT_STATUS_UNSUCCESSFUL

Is showed because I don't have configured CUPS server??

Another question:

Is possible to configure Bind9 as DNS Sever in my second DC (Samba)???
Because in the future I need to poweroff my Win2k3 DC, and the domain
must be available.

I noticed that when join Samba 4.0.1 as Second DC, it not create SOA
zone and NS record in DNS entries that points to the address of the
second DC (samba). Is possible that samba_upgradedns may be fix this??

Regards, Carlos



La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en:  http://www.uclv.edu.cu

More information about the samba-technical mailing list