info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Re: Cannot manage DNS through Windows ADUC or samba-tool
2 views
Skip to first unread message
Bram Matthys
Feb 24, 2014, 4:38:26 AM2/24/14
to
Hi list,
Because of this, DNS entries are not being updated either, so all our
DNS entries now point to old IP's.
I also tried another solution, not changing any code but moving the
LDAP tree, bus was unsuccesful.
(see https://lists.samba.org/archive/samba/2014-February/179039.html )
Any help on resolving this issue (either way) would be appreciated.
Thanks,
Bram.
Bram Matthys schreef op 2014-02-17 22:09:
> Hi,
>
> I recently migrated from Windows 2003 + 2008 R2 to Samba 4 (and
> ditched the
> Windows servers). Unfortunately managing DNS from Windows doesn't
> seem to be
> working, and neither does samba-tool dns serverinfo 127.0.0.1 work:
> ERROR(runtime): uncaught exception - (9717,
> 'WERR_DNS_ERROR_DS_UNAVAILABLE')
>
> Just to be clear: DNS itself is working fine, I can ping my
> workstation from
> my server by name, etc.
>
> I found this post, which seems to find the source of the problem:
>
> https://lists.samba.org/archive/samba-technical/2012-April/083081.html
> Quoting:
>> On Wed, Apr 25, 2012 at 5:35 AM, Greg Dickie <greg at justaguy.ca>
>> wrote:
>>> Hi Amitay,
>>>
>>> I think I may have figured this out. My AD started out as a 2003
>>> SBS
>>> system so the schemas are a bit different. Looking in the rpcdce
>>> code
>>> for DNS I see that dnsserver_init_serverinfo
>>> (rpc_server/dnsserver/dnsutils.c ) is called and starts looking for
>>>
>>> CN=MicrosoftDNS,DC=DomainDnsZones,...,
>>>
>>> My schema does not have that, the closest I could find is something
>>> that
>>> looks like this:
>>>
>>> dn:
>>>
>>> DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=System,DC=example,DC=local
>
> I think I have the same setup.
> In CN=MicrosoftDNS,DC=DomainDnsZones,DC=COMPANY,DC=NET I only have
> DC=RootDNSServers.
> My DNS zones are under CN=MicrosoftDNS,CN=System,DC=COMPANY,DC=NET
> With host entries like:
> DC=D-99,DC=company.net,CN=MicrosoftDNS,CN=System,DC=COMPANY,DC=NET
>
> In this post Amitay suggests:
>> The older versions of window server (2003 and older) created the DNS
>> containers under CN=System in the domain partition, whereas the
>> newer
>> windows server (2008+) creates separate application partitions for
>> DNS. DNS RPC server uses DNS partitions to store the DNS zone
>> information. But for querying purposes, dlz_bind9 module and
>> internal
>> DNS server both can read records from CN=System in domain partition.
>> DNS RPC server can be easily modified to support CN=System for DNS
>> information. Patches are welcome! ;-)
>>
>> Amitay.
>
> Did such a patch fail to get in (yet)?
>
> I use samba 4.1.4 with it's internal DNS server.
>
> I checked dnsserver_init_serverinfo in
> source4/rpc_server/dnsserver/dnsutils.c and if I read the code well
> then
> this is all good:
> serverinfo->pszDsContainer = talloc_asprintf(mem_ctx,
> "CN=MicrosoftDNS,DC=DomainDnsZones,%s",
> ldb_dn_get_linearized(domain_dn));
>
> But later in the code it shows:
> serverinfo->pszDomainDirectoryPartition = talloc_asprintf(mem_ctx,
> "DC=DomainDnsZones,%s", ldb_dn_get_linearized(domain_dn));
> serverinfo->pszForestDirectoryPartition = talloc_asprintf(mem_ctx,
> "DC=ForestDnsZones,%s", ldb_dn_get_linearized(forest_dn));
> Is this the part I should get rid of or change?
>
> Thanks,
>
> Bram.
Because of this, DNS entries are not being updated either, so all our
DNS entries now point to old IP's.
I also tried another solution, not changing any code but moving the
LDAP tree, bus was unsuccesful.
(see https://lists.samba.org/archive/samba/2014-February/179039.html )
Any help on resolving this issue (either way) would be appreciated.
Thanks,
Bram.
Bram Matthys schreef op 2014-02-17 22:09:
> Hi,
>
> I recently migrated from Windows 2003 + 2008 R2 to Samba 4 (and
> ditched the
> Windows servers). Unfortunately managing DNS from Windows doesn't
> seem to be
> working, and neither does samba-tool dns serverinfo 127.0.0.1 work:
> ERROR(runtime): uncaught exception - (9717,
> 'WERR_DNS_ERROR_DS_UNAVAILABLE')
>
> Just to be clear: DNS itself is working fine, I can ping my
> workstation from
> my server by name, etc.
>
> I found this post, which seems to find the source of the problem:
>
> https://lists.samba.org/archive/samba-technical/2012-April/083081.html
> Quoting:
>> On Wed, Apr 25, 2012 at 5:35 AM, Greg Dickie <greg at justaguy.ca>
>> wrote:
>>> Hi Amitay,
>>>
>>> I think I may have figured this out. My AD started out as a 2003
>>> SBS
>>> system so the schemas are a bit different. Looking in the rpcdce
>>> code
>>> for DNS I see that dnsserver_init_serverinfo
>>> (rpc_server/dnsserver/dnsutils.c ) is called and starts looking for
>>>
>>> CN=MicrosoftDNS,DC=DomainDnsZones,...,
>>>
>>> My schema does not have that, the closest I could find is something
>>> that
>>> looks like this:
>>>
>>> dn:
>>>
>>> DC=DomainDnsZones,DC=example.local,CN=MicrosoftDNS,CN=System,DC=example,DC=local
>
> I think I have the same setup.
> In CN=MicrosoftDNS,DC=DomainDnsZones,DC=COMPANY,DC=NET I only have
> DC=RootDNSServers.
> My DNS zones are under CN=MicrosoftDNS,CN=System,DC=COMPANY,DC=NET
> With host entries like:
> DC=D-99,DC=company.net,CN=MicrosoftDNS,CN=System,DC=COMPANY,DC=NET
>
> In this post Amitay suggests:
>> The older versions of window server (2003 and older) created the DNS
>> containers under CN=System in the domain partition, whereas the
>> newer
>> windows server (2008+) creates separate application partitions for
>> DNS. DNS RPC server uses DNS partitions to store the DNS zone
>> information. But for querying purposes, dlz_bind9 module and
>> internal
>> DNS server both can read records from CN=System in domain partition.
>> DNS RPC server can be easily modified to support CN=System for DNS
>> information. Patches are welcome! ;-)
>>
>> Amitay.
>
> Did such a patch fail to get in (yet)?
>
> I use samba 4.1.4 with it's internal DNS server.
>
> I checked dnsserver_init_serverinfo in
> source4/rpc_server/dnsserver/dnsutils.c and if I read the code well
> then
> this is all good:
> serverinfo->pszDsContainer = talloc_asprintf(mem_ctx,
> "CN=MicrosoftDNS,DC=DomainDnsZones,%s",
> ldb_dn_get_linearized(domain_dn));
>
> But later in the code it shows:
> serverinfo->pszDomainDirectoryPartition = talloc_asprintf(mem_ctx,
> "DC=DomainDnsZones,%s", ldb_dn_get_linearized(domain_dn));
> serverinfo->pszForestDirectoryPartition = talloc_asprintf(mem_ctx,
> "DC=ForestDnsZones,%s", ldb_dn_get_linearized(forest_dn));
> Is this the part I should get rid of or change?
>
> Thanks,
>
> Bram.
Denis Cardon
Feb 24, 2014, 6:50:22 AM2/24/14
to
Hi Bram,
> Because of this, DNS entries are not being updated either, so all our
> DNS entries now point to old IP's.
>
> I also tried another solution, not changing any code but moving the LDAP
> tree, bus was unsuccesful.
> (see https://lists.samba.org/archive/samba/2014-February/179039.html )
>
> Any help on resolving this issue (either way) would be appreciated.
Did you happen to have changed the ip address of the samba4 server after
removing the win2k8 and win2k3? If yes, then try to add an alias ip
address on our interface with the old samba4 ip address and then restart
the samba4 server. I remember I had a similar issue once where the
samba4 server had to have its old ip in order to run the samba_dnsupdate
script properly.
In order to add the old ip as an alias on you eth0 interface, you may run :
ifconfig eth0 add old_samba4_ip netmask oldnetmask
Hope this helps,
Denis
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
> Because of this, DNS entries are not being updated either, so all our
> DNS entries now point to old IP's.
>
> I also tried another solution, not changing any code but moving the LDAP
> tree, bus was unsuccesful.
> (see https://lists.samba.org/archive/samba/2014-February/179039.html )
>
> Any help on resolving this issue (either way) would be appreciated.
removing the win2k8 and win2k3? If yes, then try to add an alias ip
address on our interface with the old samba4 ip address and then restart
the samba4 server. I remember I had a similar issue once where the
samba4 server had to have its old ip in order to run the samba_dnsupdate
script properly.
In order to add the old ip as an alias on you eth0 interface, you may run :
ifconfig eth0 add old_samba4_ip netmask oldnetmask
Hope this helps,
Denis
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
Danie Wessels
Feb 24, 2014, 8:21:21 AM2/24/14
to
Hi Dennis
>> Any help on resolving this issue (either way) would be appreciated.
>> Any help on resolving this issue (either way) would be appreciated.
Maybe you have a related problem to what I am experiencing.
I currently have a non working reverse DNS lookup situation.
Based on [http://www.professionalmuscle.com/forums/es/642463-post2.html], I suspect this to be the major cause of my problems.
AD does not require reverse lookup to work but Kerberos does, right?
Just check you system as well. Maybe it helps, maybe it doesn't...
Regards
Danie W
The perusal, use, dissemination, copying or storing of this message or its attachments and the opening of attachments is subject to PBMR's standard email disclaimer available at internet address: http://www.pbmr.com/index.asp?Content=233 - Disclaimer or on request from the sender.
Matthieu Patou
Feb 24, 2014, 5:49:09 PM2/24/14
to
It looks like the simplest way would be to create the DNS partition so
that bind/internal dns could store the information there instead of the
old 2000 location.
Matthieu.
that bind/internal dns could store the information there instead of the
old 2000 location.
Matthieu.
0 new messages