Many thanks! I'll give this a try.
See ya...
Garth
On 08/28/2013 01:18 PM, Antun Horvat wrote:
To clarify things a bit for others with the same problem, I will try
to explain exact things that I did.
Like I said, one of my issues was that the domain was functioning in
level 2003 native, but the forest remained in the 2000 native
functioning level.
So you need to be sure that both domain and forest levels are indeed
functioning in 2003 native level.
If your domain and forest is not running in that level, you need to
transfer all FSMO roles to your Windows server. These roles are (RID,
PDC, Infrastructure, Naming master, Schema master).
At that point I removed all samba servers from the domain which may
not be needed, but I wanted to decrease the chance of Samba to
interfere with the process
of raising the level.
Since I could not demote the samba for some reason from the domain, i
simply stopped the Samba process on Linux servers and removed Samba
metadata on windows using ntdsutil tool. You must be careful with that
command since you can destroy all your domain data with it.
Now with just Windows 2003 server in the domain I have simply raised
the forest level and did not experience any problems with it.
Next, I opened DNS MMC in Windows2003 and selected my domain zones,
right clicked the zone and in options selected forest wide replication.
I don't remember the exact name of the tab, but it is easily identified.
Now I have reinstalled (make uninstall; make install) Samba on the
Linux servers and joined them as DC's to Windows server.
Now it is a good time to test replication of LDAP data between server
by adding for example user1 to Windows and user2 to Linux server and see
if the users are being replicated between the servers. Also check the
status of "samba-tool drs showrepl".
Then if the data is replicating without any error using the
"samba-tool fsmo transfer --role=all" transfer all FSMO roles to Linux
server.
Now wait few minutes and shutdown Windows 2003 server from the
network. At this point the domain should be running just fine and
everything can be
based on Samba4 AD's. Now you can manage your Domain and DNS data
through Windows MMC tools or through samba-tool CLI tool.
Also if you experience some issue with slow logins in Domain
workstations, be sure to delete ipv6 address from DNS zone, as it
fixed login times in my case.
If you are doing this in fully functional environment where everything
is depending on your DC, and people are using workstations 24H don't
worry, it can
be done since I did that without any downtime. I have successfully
converted old windows 2000 domain into 2003 compatible domain running
only on
(for now) two Samba DC's.
On 08/28/2013 06:29 PM, Garth Keesler wrote:
Wow! I'm impressed! :-) I also ensured that the domain was at 2003
native but with no improvement.
When you say that "in the DNS tool I configured forest wide zone
replication", is that the Win DNS MMC or samba-tool? Can you be
specific? That may have been my problem.
Thanx,
Garth
On 08/28/2013 09:52 AM, Antun Horvat wrote:
Hello again,
I wanted to notify everybody that I managed to overcome this problem.
The issue was that CN=MicrosoftDNS,DC=ForestDnsZones,... branch was
missing because
the Forest was operating in Windows 2000 native functional level.
The thing that I did was, transfer all FSMO roles back to Windows
2003 server plugged off Samba servers, cleaned Samba server metadata
and then raised the level of the domain to Windows 2003 Native.
Then in the DNS tool I configured forest wide zone replication.
Then i did fresh install of Samba on Linux servers and joined the
them to the domain.
When I was sure that all changes are being replicated across all
domain controllers, I transfered all FSMO roles
back to one Linux server and unplugged Windows 2003 from the network.
Now I have full access to DNS services and all other levels of
Domain are functional.
To be exact, I still have some minor issues such as long logon times
, but soon I will resolve them to.
All best,
Antun
On 08/27/2013 09:00 PM, Antun Horvat wrote:
Well that's the thing, I can only replicate DNS changes from WinDC
to Samba, but not in other way.
I can't even update DNS records on Samba side, only on Windows side.
I managed to figure out an error on Samba caused by RPC call:
dnsserver: Found DNS zone .
Failed to find DNS Zones in
CN=MicrosoftDNS,DC=ForestDnsZones,DC=Radio101,DC=local
Now I am surfing on the web trying to find some kind of solution.
All best,
Antun
On 08/27/2013 08:46 PM, Garth Keesler wrote:
Interesting. Are Forest and Domain records being replicated in
both directions from all DCs? It always worked from the WinDC to
the S4DC but not in the other direction. Also, were you able to
use the WIN DNS MMC to examine the DNS records on any of the Samba
DCs? If so, you are probably close to having it working; something
I never managed to do.
See ya...
Garth
On 08/27/2013 12:07 PM, Antun Horvat wrote:
Thanks for such quick reply,
I have just executed "samba-tool drs showrepl" command and it
seems that Forest and Domain LDAP DIT are being replicated
successfully.
But I still doubt that it can not be fixed since all RR records
that are added to w2k3 server are successfully propagated and
present. All name resolution queries on samba reflect the state
of w2k3 DNS.
Is there some way to debug RPC calls so that we can more
precisely locate the error?
All best,
Antun
On 08/27/2013 06:40 PM, Garth Keesler wrote:
This issue has been discussed at length before with no
resolution to my knowledge. If you use "samba-tool drs
showrepl", you will probably notice that Forest and Domain DNS
is not being replicated to/from all DCs. Additionally, if you
use Win2003 DNS MMC, you will not be able to detect that DNS is
running on the Samba DCs nor that they are DCs at all. I have
only tested this using internal Samba DNS but have found no
workaround and have dropped trying to use Samba to
demote/replace a Win2003 DC for now.
Good luck,
Garth
On 08/27/2013 09:58 AM, Antun Horvat wrote:
Hello,
i have an issue with existing installation of samba4 domain
controller
that is specific to dns managment.
In the domain I have two samba4 4.0.7 and one windows 2003
server that I
plug periodically to manage the dns.
All fsmo roles are transfered to samba.
All aspects of the domain work perfectly, except one, the
samba-tool dns
commands do not work.
All commands when executed on samba server return "ERROR(runtime):
uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')"
error. The
same command pointed to windows server works fine.
All commands that add hosts to window are replicated to samba
instances.
The domain is functioning at 2003 native level (reported by
windows
tool), but samba can't figure out the level.
Also when i try to demote the w2k3 server i get the error that
"Active
Directory could not find another domain controller to transfer the
remaining data in the directory partition
DC=DomainDnsZones,Dc=example,dc=com"
Could you please point me to the right resources so that i can
resolve
my current issues.
Thanks in advance, and I wish best to all Samba community.
ps
If you need some kind of help, such as testing rc's in certain
configuration, please contact me.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba