Caio Zanolla
2013-May-03 14:27 UTC
[Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
Hello All, As per the subject, we have recently joined a w2k3 domain folowing instructions on wiki as well as well as relying on valuble information on the list. The steps we took were the following: Join samba as secondary Created dns records by hand (ldbsearch, samba-tool dns add) Checked replication Copied sysvol Transferred some roles from windows Transferred some roles from samba (fsmo transfer) Shut down primary Seized remaining roles (fsmo seize) Changed SOA to point to samba Deleted old DCs objects from ldb (ldbdelete) Deleted old records from dns (nsupdate) Everything seems to be working fine except for dns management. We cannot manage dns from RAT dns which says it cannot contact the samba host "Active Directory service was not found". Made sure dnsrpc was running on samba, but it wont connect. We can create/delete records using nsupdate and samba-tool, but some records we cannot manage. When running some specific queries (or updates/deletes) samba-tool will exit with message: root at smb01:/usr/local/samba/var# samba-tool dns query smb01 grupofw.local grupofw.local SOA Password for [administrator at GRUPOFW.LOCAL]: ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run return self.run(*args, **kwargs) File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", line 974, in run None, record_type, select_flags, None, None) Also, we cannot delete NS records pointing to old DCs. Tried nsupdate, which gives no error message. Also tried specifying the zone, also wo success. root at smb02:~# nsupdate -d> server 192.168.0.158 > update delete grupofw.local in ns serv-pdc03.grupofw.local. > update delete grupofw.local in ns serv-pfw01.grupofw.local. > update delete grupofw.local in ns serv-pdc02.grupofw.local. > update delete grupofw.local in ns serv-pdc01.grupofw.local. > sendReply from SOA query: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56115 ;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN SOA ;; ANSWER SECTION: grupofw.local. 3600 IN SOA smb01.grupofw.local. hostmaster. 16363 900 600 86400 3600 Found zone name: grupofw.local The master is: smb01.grupofw.local Sending update to 192.168.0.158#53 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52219 ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 ;; UPDATE SECTION: grupofw.local. 0 NONE NS serv-pdc03.grupofw.local. grupofw.local. 0 NONE NS serv-pfw01.grupofw.local. grupofw.local. 0 NONE NS serv-pdc02.grupofw.local. grupofw.local. 0 NONE NS serv-pdc01.grupofw.local. Reply from update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52219 ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 ;; ZONE SECTION: ;grupofw.local. IN SOA ;; UPDATE SECTION: grupofw.local. 0 NONE NS serv-pdc03.grupofw.local. grupofw.local. 0 NONE NS serv-pfw01.grupofw.local. grupofw.local. 0 NONE NS serv-pdc02.grupofw.local. grupofw.local. 0 NONE NS serv-pdc01.grupofw.local. After the update dns query still returns old DCs records. root at smb02:~# dig -t soa grupofw.local @192.168.0.158 ; <<>> DiG 9.8.1-P1 <<>> -t soa grupofw.local @192.168.0.158 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51461 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN SOA ;; ANSWER SECTION: grupofw.local. 3600 IN SOA smb01.grupofw.local. hostmaster. 16363 900 600 86400 3600 ;; Query time: 7 msec ;; SERVER: 192.168.0.158#53(192.168.0.158) ;; WHEN: Fri May 3 11:25:28 2013 ;; MSG SIZE rcvd: 83 root at smb02:~# dig -t ns grupofw.local @192.168.0.158 ; <<>> DiG 9.8.1-P1 <<>> -t ns grupofw.local @192.168.0.158 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14304 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;grupofw.local. IN NS ;; ANSWER SECTION: grupofw.local. 3600 IN NS serv-pdc03.grupofw.local. grupofw.local. 3600 IN NS serv-pfw01.grupofw.local. grupofw.local. 3600 IN NS serv-pdc01.grupofw.local. grupofw.local. 3600 IN NS serv-pdc02.grupofw.local. grupofw.local. 3600 IN NS smb01.grupofw.local. ;; Query time: 5 msec ;; SERVER: 192.168.0.158#53(192.168.0.158) ;; WHEN: Fri May 3 11:25:37 2013 ;; MSG SIZE rcvd: 151 Any pointers? kind regards, Caio.
Caio Zanolla
2013-May-03 15:05 UTC
[Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
One more detail. When browsing "Domain Controllers" on AD Users and Computers it says there are no domain controllers and the folder gets an exclamation mark. Also Im not sure it should, but the samba DC is not listed on the Computers list. Atenciosamente, Caio Zanolla On Fri, May 3, 2013 at 11:27 AM, Caio Zanolla <zanolla at gmail.com> wrote:> Hello All, > > As per the subject, we have recently joined a w2k3 domain folowing > instructions on wiki as well as well as relying on valuble information on > the list. The steps we took were the following: > > Join samba as secondary > Created dns records by hand (ldbsearch, samba-tool dns add) > Checked replication > Copied sysvol > Transferred some roles from windows > Transferred some roles from samba (fsmo transfer) > Shut down primary > Seized remaining roles (fsmo seize) > Changed SOA to point to samba > Deleted old DCs objects from ldb (ldbdelete) > Deleted old records from dns (nsupdate) > > Everything seems to be working fine except for dns management. > > We cannot manage dns from RAT dns which says it cannot contact the samba > host "Active Directory service was not found". Made sure dnsrpc was running > on samba, but it wont connect. > > We can create/delete records using nsupdate and samba-tool, but some > records we cannot manage. When running some specific queries (or > updates/deletes) samba-tool will exit with message: > > root at smb01:/usr/local/samba/var# samba-tool dns query smb01 grupofw.local > grupofw.local SOA > Password for [administrator at GRUPOFW.LOCAL]: > ERROR(runtime): uncaught exception - (9717, > 'WERR_DNS_ERROR_DS_UNAVAILABLE') > File > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 175, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/dns.py", > line 974, in run > None, record_type, select_flags, None, None) > > > > Also, we cannot delete NS records pointing to old DCs. Tried nsupdate, > which gives no error message. Also tried specifying the zone, also wo > success. > > root at smb02:~# nsupdate -d > > server 192.168.0.158 > > update delete grupofw.local in ns serv-pdc03.grupofw.local. > > update delete grupofw.local in ns serv-pfw01.grupofw.local. > > update delete grupofw.local in ns serv-pdc02.grupofw.local. > > update delete grupofw.local in ns serv-pdc01.grupofw.local. > > send > Reply from SOA query: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56115 > ;; flags: qr aa ra; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > ;; QUESTION SECTION: > ;grupofw.local. IN SOA > > ;; ANSWER SECTION: > grupofw.local. 3600 IN SOA smb01.grupofw.local. > hostmaster. 16363 900 600 86400 3600 > > Found zone name: grupofw.local > The master is: smb01.grupofw.local > Sending update to 192.168.0.158#53 > Outgoing update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52219 > ;; flags:; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 > ;; UPDATE SECTION: > grupofw.local. 0 NONE NS serv-pdc03.grupofw.local. > grupofw.local. 0 NONE NS serv-pfw01.grupofw.local. > grupofw.local. 0 NONE NS serv-pdc02.grupofw.local. > grupofw.local. 0 NONE NS serv-pdc01.grupofw.local. > > > Reply from update query: > ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 52219 > ;; flags: qr ra; ZONE: 1, PREREQ: 0, UPDATE: 4, ADDITIONAL: 0 > ;; ZONE SECTION: > ;grupofw.local. IN SOA > > ;; UPDATE SECTION: > grupofw.local. 0 NONE NS serv-pdc03.grupofw.local. > grupofw.local. 0 NONE NS serv-pfw01.grupofw.local. > grupofw.local. 0 NONE NS serv-pdc02.grupofw.local. > grupofw.local. 0 NONE NS serv-pdc01.grupofw.local. > > > > After the update dns query still returns old DCs records. > > root at smb02:~# dig -t soa grupofw.local @192.168.0.158 > > ; <<>> DiG 9.8.1-P1 <<>> -t soa grupofw.local @192.168.0.158 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51461 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;grupofw.local. IN SOA > > ;; ANSWER SECTION: > grupofw.local. 3600 IN SOA smb01.grupofw.local. > hostmaster. 16363 900 600 86400 3600 > > ;; Query time: 7 msec > ;; SERVER: 192.168.0.158#53(192.168.0.158) > ;; WHEN: Fri May 3 11:25:28 2013 > ;; MSG SIZE rcvd: 83 > > root at smb02:~# dig -t ns grupofw.local @192.168.0.158 > > ; <<>> DiG 9.8.1-P1 <<>> -t ns grupofw.local @192.168.0.158 > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14304 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;grupofw.local. IN NS > > ;; ANSWER SECTION: > grupofw.local. 3600 IN NS serv-pdc03.grupofw.local. > grupofw.local. 3600 IN NS serv-pfw01.grupofw.local. > grupofw.local. 3600 IN NS serv-pdc01.grupofw.local. > grupofw.local. 3600 IN NS serv-pdc02.grupofw.local. > grupofw.local. 3600 IN NS smb01.grupofw.local. > > ;; Query time: 5 msec > ;; SERVER: 192.168.0.158#53(192.168.0.158) > ;; WHEN: Fri May 3 11:25:37 2013 > ;; MSG SIZE rcvd: 151 > > > > Any pointers? > > > kind regards, > Caio. >
Peter Beck
2013-May-06 12:30 UTC
[Samba] Recently joined 2k3, shut down primary, seized roles, now have slight dns (maybe) problem.
On 05/03/2013 04:27 PM, Caio Zanolla wrote:> Everything seems to be working fine except for dns management.Hi Caio, this is exactly the same issue I am facing and no solution so far. It even resolves perfectly for existing dns records on the Samba4 server, but no chance to add new records or connect with the windows mmc. I am also very interested how to solve such issues. Or in general - how to handle samba integrated dns issues in a production environment. Regards Peter