Re: [Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
On 05/03/2013 04:27 PM, Caio Zanolla wrote: Everything seems to be working fine except for dns management. Hi Caio, this is exactly the same issue I am facing and no solution so far. It even resolves perfectly for existing dns records on the Samba4 server, but no chance to add new records or connect with the windows mmc. I am also very interested how to solve such issues. Or in general - how to handle samba integrated dns issues in a production environment. Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
I can add and remove A records, SRV and CNAMES but not for DNS. For instance, I cannot remove NS servers for top level domain and its been causing me trouble as there are 5 NS records which 4 of them are stale records with no server listening on them. The strangest thing is mmc cannot even connect to the dns server (samba internal). Atenciosamente, Caio Zanolla On Mon, May 6, 2013 at 9:30 AM, Peter Beck pe...@datentraeger.li wrote: On 05/03/2013 04:27 PM, Caio Zanolla wrote: Everything seems to be working fine except for dns management. Hi Caio, this is exactly the same issue I am facing and no solution so far. It even resolves perfectly for existing dns records on the Samba4 server, but no chance to add new records or connect with the windows mmc. I am also very interested how to solve such issues. Or in general - how to handle samba integrated dns issues in a production environment. Regards Peter -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/**mailman/options/sambahttps://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
Caio Zanolla wrote: One more detail. When browsing Domain Controllers on AD Users and Computers it says there are no domain controllers and the folder gets an exclamation mark. Also Im not sure it should, but the samba DC is not listed on the Computers list. Hi Caio, I've no idea what part of this is due to your DNS problems, but I had a similar problem with a similar domain (Samba DC joined to old Windows 2003 domain; see Samba bug 9828), and what helped for me was to execute the same steps on my Windows DC that MS instructs you to do before adding Windows 2008 DCs to old domains. See the following links: http://technet.microsoft.com/en-us/library/cc771461%28v=ws.10%29.aspx http://technet.microsoft.com/en-us/library/cc731243%28v=ws.10%29.aspx http://blogs.technet.com/b/askds/archive/2008/11/11/so-you-want-to-upgrade-to-windows-2008-domain-controllers-adprep.aspx Note also the adprep /rodcprep part that MS lists as optional: at least in my setup Samba was specifically looking for the msDS-isRODC -attributes (evident by errors in log.samba), even though I've no RODCs. Note that for this to work I had to run these commands before adding any Samba DCs to the mix (running these afterwards just broke replication, requiring me to forcibly demote my Samba DC and run ntdsutil/metadata cleanup). So as you've already seized the operations masters roles, you might want to re-install your Windows DC, re-transfer the roles to it and demote your Samba DC(s) before trying any of this. This probably won't solve your DNS problems, though. But at least for me, it got the RSAT working. Pekka L.J. Jalkanen -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
Hello All, As per the subject, we have recently joined a w2k3 domain folowing instructions on wiki as well as well as relying on valuble information on the list. The steps we took were the following: Join samba as secondary Created dns records by hand (ldbsearch, samba-tool dns add) Checked replication Copied sysvol Transferred some roles from windows Transferred some roles from samba (fsmo transfer) Shut down primary Seized remaining roles (fsmo seize) Changed SOA to point to samba Deleted old DCs objects from ldb (ldbdelete) Deleted old records from dns (nsupdate) Everything seems to be working fine except for dns management. We cannot manage dns from RAT dns which says it cannot contact the samba host Active Directory service was not found. Made sure dnsrpc was running on samba, but it wont connect. We can create/delete records using nsupdate and samba-tool, but some records we cannot manage. When running some specific queries (or updates/deletes) samba-tool will exit with message: root@smb01:/usr/local/samba/var# samba-tool dns query smb01 grupofw.local grupofw.local SOA Password for [administrator@GRUPOFW.LOCAL]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) Also, we cannot delete NS records pointing to old DCs. Tried nsupdate, which gives no error message. Also tried specifying the zone, also wo success. root@smb02:~# nsupdate -d server 192.168.0.158 update delete grupofw.local in ns serv-pdc03.grupofw.local. update delete grupofw.local in ns serv-pfw01.grupofw.local. update delete grupofw.local in ns serv-pdc02.grupofw.local. update delete grupofw.local in ns serv-pdc01.grupofw.local. send Reply from SOA query: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56115 ;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN SOA ;; ANSWER SECTION: grupofw.local. 3600IN SOA smb01.grupofw.local. hostmaster. 16363 900 600 86400 3600 Found zone name: grupofw.local The master is: smb01.grupofw.local Sending update to 192.168.0.158#53 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 52219 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 ;; UPDATE SECTION: grupofw.local. 0 NONENS serv-pdc03.grupofw.local. grupofw.local. 0 NONENS serv-pfw01.grupofw.local. grupofw.local. 0 NONENS serv-pdc02.grupofw.local. grupofw.local. 0 NONENS serv-pdc01.grupofw.local. Reply from update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 52219 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 ;; ZONE SECTION: ;grupofw.local. IN SOA ;; UPDATE SECTION: grupofw.local. 0 NONENS serv-pdc03.grupofw.local. grupofw.local. 0 NONENS serv-pfw01.grupofw.local. grupofw.local. 0 NONENS serv-pdc02.grupofw.local. grupofw.local. 0 NONENS serv-pdc01.grupofw.local. After the update dns query still returns old DCs records. root@smb02:~# dig -t soa grupofw.local @192.168.0.158 ; DiG 9.8.1-P1 -t soa grupofw.local @192.168.0.158 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN SOA ;; ANSWER SECTION: grupofw.local. 3600IN SOA smb01.grupofw.local. hostmaster. 16363 900 600 86400 3600 ;; Query time: 7 msec ;; SERVER: 192.168.0.158#53(192.168.0.158) ;; WHEN: Fri May 3 11:25:28 2013 ;; MSG SIZE rcvd: 83 root@smb02:~# dig -t ns grupofw.local @192.168.0.158 ; DiG 9.8.1-P1 -t ns grupofw.local @192.168.0.158 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 14304 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN NS ;; ANSWER SECTION: grupofw.local. 3600IN NS serv-pdc03.grupofw.local. grupofw.local. 3600IN NS serv-pfw01.grupofw.local. grupofw.local. 3600IN NS serv-pdc01.grupofw.local. grupofw.local. 3600IN NS serv-pdc02.grupofw.local. grupofw.local. 3600IN NS smb01.grupofw.local. ;; Query time: 5 msec ;; SERVER: 192.168.0.158#53(192.168.0.158) ;; WHEN: Fri May 3 11:25:37 2013 ;; MSG SIZE rcvd: 151 Any pointers? kind regards, Caio. -- To unsubscribe from this list go to the following URL and read the instructions:
Re: [Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
One more detail. When browsing Domain Controllers on AD Users and Computers it says there are no domain controllers and the folder gets an exclamation mark. Also Im not sure it should, but the samba DC is not listed on the Computers list. Atenciosamente, Caio Zanolla On Fri, May 3, 2013 at 11:27 AM, Caio Zanolla zano...@gmail.com wrote: Hello All, As per the subject, we have recently joined a w2k3 domain folowing instructions on wiki as well as well as relying on valuble information on the list. The steps we took were the following: Join samba as secondary Created dns records by hand (ldbsearch, samba-tool dns add) Checked replication Copied sysvol Transferred some roles from windows Transferred some roles from samba (fsmo transfer) Shut down primary Seized remaining roles (fsmo seize) Changed SOA to point to samba Deleted old DCs objects from ldb (ldbdelete) Deleted old records from dns (nsupdate) Everything seems to be working fine except for dns management. We cannot manage dns from RAT dns which says it cannot contact the samba host Active Directory service was not found. Made sure dnsrpc was running on samba, but it wont connect. We can create/delete records using nsupdate and samba-tool, but some records we cannot manage. When running some specific queries (or updates/deletes) samba-tool will exit with message: root@smb01:/usr/local/samba/var# samba-tool dns query smb01 grupofw.local grupofw.local SOA Password for [administrator@GRUPOFW.LOCAL]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py, line 175, in _run return self.run(*args, **kwargs) File /usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py, line 974, in run None, record_type, select_flags, None, None) Also, we cannot delete NS records pointing to old DCs. Tried nsupdate, which gives no error message. Also tried specifying the zone, also wo success. root@smb02:~# nsupdate -d server 192.168.0.158 update delete grupofw.local in ns serv-pdc03.grupofw.local. update delete grupofw.local in ns serv-pfw01.grupofw.local. update delete grupofw.local in ns serv-pdc02.grupofw.local. update delete grupofw.local in ns serv-pdc01.grupofw.local. send Reply from SOA query: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 56115 ;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN SOA ;; ANSWER SECTION: grupofw.local. 3600IN SOA smb01.grupofw.local. hostmaster. 16363 900 600 86400 3600 Found zone name: grupofw.local The master is: smb01.grupofw.local Sending update to 192.168.0.158#53 Outgoing update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 52219 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 ;; UPDATE SECTION: grupofw.local. 0 NONENS serv-pdc03.grupofw.local. grupofw.local. 0 NONENS serv-pfw01.grupofw.local. grupofw.local. 0 NONENS serv-pdc02.grupofw.local. grupofw.local. 0 NONENS serv-pdc01.grupofw.local. Reply from update query: ;; -HEADER- opcode: UPDATE, status: NOERROR, id: 52219 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 ;; ZONE SECTION: ;grupofw.local. IN SOA ;; UPDATE SECTION: grupofw.local. 0 NONENS serv-pdc03.grupofw.local. grupofw.local. 0 NONENS serv-pfw01.grupofw.local. grupofw.local. 0 NONENS serv-pdc02.grupofw.local. grupofw.local. 0 NONENS serv-pdc01.grupofw.local. After the update dns query still returns old DCs records. root@smb02:~# dig -t soa grupofw.local @192.168.0.158 ; DiG 9.8.1-P1 -t soa grupofw.local @192.168.0.158 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 51461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN SOA ;; ANSWER SECTION: grupofw.local. 3600IN SOA smb01.grupofw.local. hostmaster. 16363 900 600 86400 3600 ;; Query time: 7 msec ;; SERVER: 192.168.0.158#53(192.168.0.158) ;; WHEN: Fri May 3 11:25:28 2013 ;; MSG SIZE rcvd: 83 root@smb02:~# dig -t ns grupofw.local @192.168.0.158 ; DiG 9.8.1-P1 -t ns grupofw.local @192.168.0.158 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 14304 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN NS ;; ANSWER SECTION: grupofw.local. 3600IN NS serv-pdc03.grupofw.local. grupofw.local. 3600IN NS serv-pfw01.grupofw.local. grupofw.local. 3600IN NS
