So I wanted to test if something was broke in my DC so I setup a "new" 2003 DC with a different domain, example.com. I do the ldbsearch against that and I get the same error instead of it listing the dns entries....So maybe it is a 2003 thing? On Thu, Jul 7, 2016 at 11:55 AM, Rowland penny <rpenny at samba.org> wrote:> On 07/07/16 16:19, Jason Waters wrote: > > search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: > DSID-0310063C, data 0, 1 access points > ref 1: 'DomainDnsZones.fisherthompson.local' > > > <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local> > > > If you look here: https://www.ldap.com/ldap-result-code-reference > > You will find this: > > 10: Referral > > This indicates that the server could not process the requested operation, > but that it may succeed if attempted in another location, as specified by > the referral URIs included in the response. > > Never having seen this before, all I can suggest is trying what it is > telling you to do, only problem is, I don't really recognise the ldap URL > > Rowland > > > > On Thu, Jul 7, 2016 at 11:04 AM, Rowland penny <rpenny at samba.org> wrote: > >> On 07/07/16 13:56, Jason Waters wrote: >> >>> So I continue to struggle getting this moved away from windows 2003 to >>> samba. I've been working in VM's to test before doing it on >>> production. I >>> think something is just wrong/broken with my windows 2003 AD. These are >>> a >>> couple of the things I have tried. >>> >>> - Going from Windows 2003 to Windows 2008 to Samba >>> - Seizing the roles and then joining another samba domain controller. >>> But >>> I'm unable to move the DomainDnsZones and ForestDnsZones fsmo's to the >>> new >>> samba box. Like it is coping bad data. >>> - Setup a new domain with samba, joined Windows 2008 and migrated >>> everything around fine! Another reason why I think something is wrong in >>> my data. >>> >>> >>> So the last thing I've been trying to figure out is why the command >>> ldbsearch --cross-ncs -H ldap://pdc -b >>> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator >>> >>> returns a referral instead of the records. On my purely stock samba >>> domain >>> it works fine, so something about the windows 2003 ad? >>> >> >> I think it must be, on my DC it dumps all the domain DNS records. What >> does it actually return ? >> >> Rowland >> >> >>> But if I open ASDIEDIT and connect to >>> DC=DomainDnsZones,DC=fisherthompson,DC=local on the windows 2003 DC I see >>> everything like I should..... >>> >>> >>> It seems like samba and ldbtools isn't following the referrals. Or they >>> shouldn't be referrals? Or something else that I have no idea about! >>> >>> Any other suggestions? Thanks! >>> >>> Jason >>> >>> >>> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > > >
I'm going to keep going and see if I can get samba joined and then migrated over. Maybe I'm still focusing on the wrong thing! Ugh.... On Thu, Jul 7, 2016 at 12:12 PM, Jason Waters <jason at geeknocity.com> wrote:> So I wanted to test if something was broke in my DC so I setup a "new" > 2003 DC with a different domain, example.com. I do the ldbsearch against > that and I get the same error instead of it listing the dns entries....So > maybe it is a 2003 thing? > > On Thu, Jul 7, 2016 at 11:55 AM, Rowland penny <rpenny at samba.org> wrote: > >> On 07/07/16 16:19, Jason Waters wrote: >> >> search error - LDAP error 10 LDAP_REFERRAL - <0000202B: RefErr: >> DSID-0310063C, data 0, 1 access points >> ref 1: 'DomainDnsZones.fisherthompson.local' >> > >> <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local> >> >> >> If you look here: https://www.ldap.com/ldap-result-code-reference >> >> You will find this: >> >> 10: Referral >> >> This indicates that the server could not process the requested operation, >> but that it may succeed if attempted in another location, as specified by >> the referral URIs included in the response. >> >> Never having seen this before, all I can suggest is trying what it is >> telling you to do, only problem is, I don't really recognise the ldap URL >> >> Rowland >> >> >> >> On Thu, Jul 7, 2016 at 11:04 AM, Rowland penny <rpenny at samba.org> wrote: >> >>> On 07/07/16 13:56, Jason Waters wrote: >>> >>>> So I continue to struggle getting this moved away from windows 2003 to >>>> samba. I've been working in VM's to test before doing it on >>>> production. I >>>> think something is just wrong/broken with my windows 2003 AD. These >>>> are a >>>> couple of the things I have tried. >>>> >>>> - Going from Windows 2003 to Windows 2008 to Samba >>>> - Seizing the roles and then joining another samba domain controller. >>>> But >>>> I'm unable to move the DomainDnsZones and ForestDnsZones fsmo's to the >>>> new >>>> samba box. Like it is coping bad data. >>>> - Setup a new domain with samba, joined Windows 2008 and migrated >>>> everything around fine! Another reason why I think something is wrong >>>> in >>>> my data. >>>> >>>> >>>> So the last thing I've been trying to figure out is why the command >>>> ldbsearch --cross-ncs -H ldap://pdc -b >>>> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub -Uadministrator >>>> >>>> returns a referral instead of the records. On my purely stock samba >>>> domain >>>> it works fine, so something about the windows 2003 ad? >>>> >>> >>> I think it must be, on my DC it dumps all the domain DNS records. What >>> does it actually return ? >>> >>> Rowland >>> >>> >>>> But if I open ASDIEDIT and connect to >>>> DC=DomainDnsZones,DC=fisherthompson,DC=local on the windows 2003 DC I >>>> see >>>> everything like I should..... >>>> >>>> >>>> It seems like samba and ldbtools isn't following the referrals. Or they >>>> shouldn't be referrals? Or something else that I have no idea about! >>>> >>>> Any other suggestions? Thanks! >>>> >>>> Jason >>>> >>>> >>>> >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> >> >
On 07/07/16 17:14, Jason Waters wrote:> I'm going to keep going and see if I can get samba joined and then > migrated over. Maybe I'm still focusing on the wrong thing! Ugh.... > > On Thu, Jul 7, 2016 at 12:12 PM, Jason Waters <jason at geeknocity.com > <mailto:jason at geeknocity.com>> wrote: > > So I wanted to test if something was broke in my DC so I setup a > "new" 2003 DC with a different domain, example.com > <http://example.com>. I do the ldbsearch against that and I get > the same error instead of it listing the dns entries....So maybe > it is a 2003 thing? > > On Thu, Jul 7, 2016 at 11:55 AM, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > On 07/07/16 16:19, Jason Waters wrote: >> search error - LDAP error 10 LDAP_REFERRAL - <0000202B: >> RefErr: DSID-0310063C, data 0, 1 access points >> ref 1: 'DomainDnsZones.fisherthompson.local' >> > <ldap://DomainDnsZones.fisherthompson.local/DC=DomainDnsZones,DC=fisherthompson,DC=local> > > If you look here: https://www.ldap.com/ldap-result-code-reference > > You will find this: > > > 10: Referral > > This indicates that the server could not process the requested > operation, but that it may succeed if attempted in another > location, as specified by the referral URIs included in the > response. > > Never having seen this before, all I can suggest is trying > what it is telling you to do, only problem is, I don't really > recognise the ldap URL > > Rowland > > >> >> On Thu, Jul 7, 2016 at 11:04 AM, Rowland penny >> <rpenny at samba.org <mailto:rpenny at samba.org>> wrote: >> >> On 07/07/16 13:56, Jason Waters wrote: >> >> So I continue to struggle getting this moved away >> from windows 2003 to >> samba. I've been working in VM's to test before >> doing it on production. I >> think something is just wrong/broken with my windows >> 2003 AD. These are a >> couple of the things I have tried. >> >> - Going from Windows 2003 to Windows 2008 to Samba >> - Seizing the roles and then joining another samba >> domain controller. But >> I'm unable to move the DomainDnsZones and >> ForestDnsZones fsmo's to the new >> samba box. Like it is coping bad data. >> - Setup a new domain with samba, joined Windows 2008 >> and migrated >> everything around fine! Another reason why I think >> something is wrong in >> my data. >> >> >> So the last thing I've been trying to figure out is >> why the command >> ldbsearch --cross-ncs -H ldap://pdc -b >> "DC=DomainDnsZones,DC=fisherthompson,DC=local" -s sub >> -Uadministrator >> >> returns a referral instead of the records. On my >> purely stock samba domain >> it works fine, so something about the windows 2003 ad? >> >> >> I think it must be, on my DC it dumps all the domain DNS >> records. What does it actually return ? >> >> Rowland >> >> >> But if I open ASDIEDIT and connect to >> DC=DomainDnsZones,DC=fisherthompson,DC=local on the >> windows 2003 DC I see >> everything like I should..... >> >> >> It seems like samba and ldbtools isn't following the >> referrals. Or they >> shouldn't be referrals? Or something else that I >> have no idea about! >> >> Any other suggestions? Thanks! >> >> Jason >> >> >> >> >> -- >> To unsubscribe from this list go to the following URL and >> read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > > >Try reading this: https://support.microsoft.com/en-us/kb/304489 I have also had another thought, join the samba4 DC using the internal DNS server, then use samba_upgradedns to upgrade to Bind9, this should create the dns partitions etc. Not really sure if this will work, I have never had this problem, but it worth trying in a test environment. Rowland