Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[Samba] Samba4 Join a domain as a DC

125 views
Skip to first unread message

zorg

unread,
Jul 9, 2015, 11:30:03 AM7/9/15
to
Hi
I m trying to join an ad as a dc

following this
https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins

But i do
samba-tool dns add EPSILUM _msdcs.myos.local
d4aBdfb0-8937-465a-af2d-d657fgh145ee CNAME smb4.myos.local
If have got
ERROR(runtime): uncaught exception - (9601,
'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
‎ File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
‎ return self.run(*args, **kwargs)
‎ File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1070, in run
‎0, server, zone, name, add_rec_buf, None)


I have seen other people asking about this but noone explains what to do
to solve this

Hope someone can help

--
probeSys - spécialiste GNU/Linux
site web : http://www.probesys.com


--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba

Marc Muehlfeld

unread,
Jul 9, 2015, 12:00:03 PM7/9/15
to
Hello,

Am 09.07.2015 um 17:04 schrieb zorg:
> following this
> https://wiki.samba.org/index.php/Check_and_fix_DNS_entries_on_DC_joins
>
> But i do
> samba-tool dns add EPSILUM _msdcs.myos.local
> d4aBdfb0-8937-465a-af2d-d657fgh145ee CNAME smb4.myos.local
> If have got
> ERROR(runtime): uncaught exception - (9601,
> 'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
> ‎ File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run
> ‎ return self.run(*args, **kwargs)
> ‎ File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
> 1070, in run
> ‎0, server, zone, name, add_rec_buf, None)


During the DC join, have you configured that the new DC should not be a
DNS? E. g. by
# samba-tool domain join ... --dns-backend=NONE
or did you choose DNS backend=NONE if you used the interactive way?

In that case run this command on one of your DCs, having a DNS.

Regards,
Marc

zorg

unread,
Jul 9, 2015, 12:10:03 PM7/9/15
to
But If i want my samba4 to be dns after when i ll decide to stop the
other dc

can't i keep the to dns

Could you explain a bit


--

probeSys - spécialiste GNU/Linux
site web : http://www.probesys.com

Marc Muehlfeld

unread,
Jul 9, 2015, 12:20:04 PM7/9/15
to
Hello,

Am 09.07.2015 um 18:06 schrieb zorg:
> But If i want my samba4 to be dns after when i ll decide to stop the
> other dc
>
> can't i keep the to dns

Sorry, I'm not sure, if I understand you. But before talking about
demoting other DCs, etc. we need to complete the domain join of the new DC.

Did you setup the new DC to be a DNS as well during the join (see my
last post)?


Regards,
Marc

Rowland Penny

unread,
Jul 9, 2015, 12:30:03 PM7/9/15
to

Hi, Active directory lives on DNS, if no DNS there is no Active Directory.

Best plan would be to run DNS on all DCs, this way if there is a problem
with one DC, you still have DNS. You should point each DC at another DC,
then have its own address to fall back on i.e. if the ipaddress of DC1
is 192.168.0.2 and the ipaddress of DC2 is 192.168.0.3, then the
/etc/resolv.conf on DC1 would be:

search example.com
nameserver 192.168.0.3
nameserver 192.168.0.2

and on DC2:

search example.com
nameserver 192.168.0.2
nameserver 192.168.0.3

Rowland

zorg

unread,
Jul 10, 2015, 3:00:04 AM7/10/15
to
I'll try to be more clear

My first AD is a windows 2008
I want to join my samba4 to the domain as a dc and then stop the windows
2008. but
when i do


samba-tool dns add EPSILUM _msdcs.myos.local
d4aBdfb0-8937-465a-af2d-d657fgh145ee CNAME smb4.myos.local
If have got
ERROR(runtime): uncaught exception - (9601,
'WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST')
‎ File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run
‎ return self.run(*args, **kwargs)
‎ File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line
1070, in run
‎0, server, zone, name, add_rec_buf, None)

is this a samba-tool bug or what should i do to add it to my windows
2008 dns

thanks

--
probeSys - spécialiste GNU/Linux
site web : http://www.probesys.com

Daniel Müller

unread,
Jul 10, 2015, 4:00:04 AM7/10/15
to
Confusing!!!??

Did you made on your 2cnd DC (Linux/Samba4) no provision but: samba-tool domain join Yourdomain DC -Uadministrator --realm=your.realm --dns-backend=BIND9_DLZ (your type of dns)
Output should be ex:


samba-tool domain join tplk.loc DC -Uadministrator --realm=tplk.loc --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'tplk.loc'
Found DC s4master.tplk.loc
Password for [WORKGROUP\administrator]:
workgroup is TPLK
realm is tplk.loc
checking sAMAccountName
Adding CN=S4SLAVE,OU=Domain Controllers,DC=tplk,DC=loc
Adding CN=S4SLAVE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tplk,DC=loc
Adding CN=NTDS Settings,CN=S4SLAVE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tplk,DC=loc
Adding SPNs to CN=S4SLAVE,OU=Domain Controllers,DC=tplk,DC=loc
Setting account password for S4SLAVE$
Enabling account
Calling bare provision
No IPv6 address will be assigned
Provision OK for domain DN DC=tplk,DC=loc
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=tplk,DC=loc] objects[402/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=tplk,DC=loc] objects[804/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=tplk,DC=loc] objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=tplk,DC=loc] objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=tplk,DC=loc] objects[402/1615] linked_values[0/0]
Partition[CN=Configuration,DC=tplk,DC=loc] objects[804/1615] linked_values[0/0]
Partition[CN=Configuration,DC=tplk,DC=loc] objects[1206/1615] linked_values[0/0]
Partition[CN=Configuration,DC=tplk,DC=loc] objects[1608/1615] linked_values[0/0]
Partition[CN=Configuration,DC=tplk,DC=loc] objects[1615/1615] linked_values[28/0]
Replicating critical objects from the base DN of the domain
Partition[DC=tplk,DC=loc] objects[98/98] linked_values[23/0]
Partition[DC=tplk,DC=loc] objects[365/267] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=tplk,DC=loc
Partition[DC=DomainDnsZones,DC=tplk,DC=loc] objects[43/43] linked_values[0/0]
Replicating DC=ForestDnsZones,DC=tplk,DC=loc
Partition[DC=ForestDnsZones,DC=tplk,DC=loc] objects[18/18] linked_values[0/0]
Partition[DC=ForestDnsZones,DC=tplk,DC=loc] objects[36/18] linked_values[0/0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain TPLK (SID S-1-5-21-3992219130-3766839027-700341254) as a DC
##------


And on your windows 2008 you look into your dns if samba is in the zone? If not add the dns entries there.


Greetings
Daniel


EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mue...@tropenklinik.de
Internet: www.tropenklinik.de

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-...@lists.samba.org] Im Auftrag von zorg
Gesendet: Freitag, 10. Juli 2015 08:46
An: sa...@lists.samba.org
Betreff: [SPAMVERDACHT] Re: [Samba] Samba4 Join a domain as a DC

Denis Cardon

unread,
Jul 10, 2015, 4:40:05 AM7/10/15
to
Hi Roland,

> Hi, Active directory lives on DNS, if no DNS there is no Active Directory.

about this one, while the first part is very true, I'd say that the
second part is only 99.99% correct :-)

Indeed I once had to migrate a win2k-AD domain to samba4-AD with 30
workstations where the DC's DNS service was simply disabled, yeah
_disabled_, and there where no other DC in the domain.

All the workstation found the AD through NetBIOS/WINS and had a external
bind9 for internet browsing. And actually it was working... perhaps not
as it was intended to, but it was working. I don't remember if the DC
was still in mixed mode or not though.

Anyway, I totally agree with you that proper DNS configuration is
paramout to have a well running AD domain!

Cheers,

Denis

>
> Best plan would be to run DNS on all DCs, this way if there is a problem
> with one DC, you still have DNS. You should point each DC at another DC,
> then have its own address to fall back on i.e. if the ipaddress of DC1
> is 192.168.0.2 and the ipaddress of DC2 is 192.168.0.3, then the
> /etc/resolv.conf on DC1 would be:
>
> search example.com
> nameserver 192.168.0.3
> nameserver 192.168.0.2
>
> and on DC2:
>
> search example.com
> nameserver 192.168.0.2
> nameserver 192.168.0.3
>
> Rowland
>

--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

Rowland Penny

unread,
Jul 10, 2015, 5:10:03 AM7/10/15
to

Ah, I think I understand now, you don't seem to have the required DNS
zones, what does:

samba-tool dns zonelist 127.0.0.1 -UAdministrator

show when run on the samba4 DC ?

Is your windows 2008 DC running as a dns server ?

Rowland

0 new messages