Re: [Samba] Internal DNS and Replication
On 03/26/2013 08:32 PM, Dustin C. Hatch wrote: Can you post the full output of `samba-tool drs showrepl`? I joined and removed my Samba server from Active Directory several times while testing, so I decided to start everything over from scratch. After I rebuilt Server 2008 and the Active Directory on Server1, I joined a Windows 7 machine named adwks11 to the domain. Then I joined Server2 running Samba 4.0.4 as a DC. The A record and CNAME record weren't added, so added them following the HOW-TO. I also ran the ntdsutil commands that you provided earlier. Here's the output for samba-tool drs and samba-tool dns: samba-tool drs showrepl http://pastebin.com/UVczcQQJ samba-tool dns query localhost ankeny.local @ ALL http://pastebin.com/4TH5py8Y samba-tool dns query server1 ankeny.local @ ALL http://pastebin.com/VQHLwPb5 The record for server2 never shows up in it's own DNS. Later I joined another Windows 7 machine to the domain. It shows up in server1's DNS, but it never gets replicated to server2. No, the client is only supposed to update the DC it authenticated against. The replication should pass the information along. Does the internal DNS use Kerberos authentication for replication? I'm using Centos 6, so I think I'm using the kinit from MIT Kerberos. Could that be causing problems? Thanks, Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS and Replication
On 3/26/2013 14:15, Alan Schmitz wrote: I'm trying to join a Linux server running Samba 4.0.4 as a DC to an existing AD domain. The current DC (server1) is running Server 2008 not R2. The Samba server (server2) is using internal DNS. I'm following Samba4/HOWTO/Join a domain as a DC from the wiki. The join seems to work, but I'm having problems with DNS replication. During the join many DNS records for server2 are added to server1's DNS. The A records for server1 and several Windows workstations are also added to server2's DNS. After the join, I followed the steps listed under Check required DNS entries of the new host, and I added the records that weren't added during the join. I also ran samba-tool drs kcc. A samba-tool dns query of the Samba server shows server2 as Name=server2, Records=0, Children=0 with no corresponding IP address. samba-tool drs showrepl server1 shows inbound neighbors, outbound neighbors, and kcc connection objects. samba-tool drs showrepl server2 shows no outbound neighbors and always ends with Warning: No NC replicated for Connection. When I join a Windows 7 workstation to Active Directory, DNS entries are added to server1, but they never show up on server2. Running samba_dnsupdate --verbose shows no errors and ends with No DNS Updates needed. Is DNS replication supposed to work between a DC running Server 2008 and Samba4 with internal DNS? There's nothing showing up in the logs about DNS, so what should I do to debug this? Thanks, Alan This sounds very similar to a problem I was having, though not quite. In my situation, DNS changes on the existing DC were replicated to the Samba server, but not vice versa. I ended up solving the problem by manually listing the Samba server as holding a replica of the DomainDnsZones and ForestDnsZones application partitions. Try running these commands on a Windows machine: ntdsutil part man conn con to ser windowsdc q add nc replica DC=DomainDnsZones,DC=domain,DC=tld linuxdc q q ntdsutil part man conn con to ser windowsdc q add nc replica DC=ForestDnsZones,DC=domain,DC=tld linuxdc q q Replace the items in angle brackets with their actual values (removing the brackets), of course. Hope this helps. -- ♫Dustin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS and Replication
On 3/26/2013 14:48, Dustin C. Hatch wrote: This sounds very similar to a problem I was having, though not quite. In my situation, DNS changes on the existing DC were replicated to the Samba server, but not vice versa. I ended up solving the problem by manually listing the Samba server as holding a replica of the DomainDnsZones and ForestDnsZones application partitions. Try running these commands on a Windows machine: ntdsutil part man conn con to ser windowsdc q add nc replica DC=DomainDnsZones,DC=domain,DC=tld linuxdc q q ntdsutil part man conn con to ser windowsdc q add nc replica DC=ForestDnsZones,DC=domain,DC=tld linuxdc q q Replace the items in angle brackets with their actual values (removing the brackets), of course. I ran these commands on the Windows server (server1), and I'm seeing a slight improvement. Thanks for the help. Samba4 (server2) now shows some outbound neighbors. When I join a workstation to the domain, an incomplete record shows up on server2. The output of this: samba-tool dns query localhost ankeny.local @ ALL dumps a few records that look like this: Name=ADWKS6, Records=0, Children=0 Name=ADWKS7, Records=0, Children=0 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=server1, Records=1, Children=0 A: 172.16.16.101 (flags=f0, serial=185, ttl=3600) Name=server2, Records=0, Children=0 adwks6 and adwks7 were joined to the domain after server2. Are the IPs supposed to be populated during DNS replication, or is the client supposed to update both DCs? Does the resolver on server2 need to be pointed to itself in order for DNS replication to work properly? Thanks, Alan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] Internal DNS and Replication
On 3/26/2013 19:02, Alan Schmitz wrote: On 3/26/2013 14:48, Dustin C. Hatch wrote: This sounds very similar to a problem I was having, though not quite. In my situation, DNS changes on the existing DC were replicated to the Samba server, but not vice versa. I ended up solving the problem by manually listing the Samba server as holding a replica of the DomainDnsZones and ForestDnsZones application partitions. Try running these commands on a Windows machine: ntdsutil part man conn con to ser windowsdc q add nc replica DC=DomainDnsZones,DC=domain,DC=tld linuxdc q q ntdsutil part man conn con to ser windowsdc q add nc replica DC=ForestDnsZones,DC=domain,DC=tld linuxdc q q Replace the items in angle brackets with their actual values (removing the brackets), of course. I ran these commands on the Windows server (server1), and I'm seeing a slight improvement. Thanks for the help. Samba4 (server2) now shows some outbound neighbors. Can you post the full output of `samba-tool drs showrepl`? ... Are the IPs supposed to be populated during DNS replication, or is the client supposed to update both DCs? No, the client is only supposed to update the DC it authenticated against. The replication should pass the information along. Does the resolver on server2 need to be pointed to itself in order for DNS replication to work properly? While this is generally accepted as best practice, it shouldn't technically matter as long as server2 can resolve everything in the forest. Thanks, Alan -- ♫Dustin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
