Yes, DNS runnig on Windows Server 2008R2(srv-dc01.example.ru)
DNS integrated to AD
in the domain management snap-in is created RODC,
is it possible to translate it into a normal DC?
What are the zones to check, example.ru?
dig example.ru
; <<>> DiG 9.9.4-RedHat-9.9.4-51.el7_4.2 <<>> example.ru
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42712
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 63, AUTHORITY: 0, ADDITIONAL:
1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;example.ru. IN A
;; ANSWER SECTION:
example.ru. 600 IN A 10.2.1.4
example.ru. 600 IN A 10.2.1.5
example.ru. 600 IN A 10.3.1.4
.......
;; Query time: 3 msec
;; SERVER: 192.168.55.1#53(192.168.55.1)
;; WHEN: Пн фев 19 16:07:15 +05 2018
;; MSG SIZE rcvd: 1048
[root at srv-site2-dc1 x86_64]# nslookup srv-dc01
Server: 192.168.55.1
Address: 192.168.55.1#53
Name: srv-dc01.example.ru
Address: 192.168.55.2
[root at srv-site2-dc1 x86_64]# nslookup srv-dc01.example.ru
Server: 192.168.55.1
Address: 192.168.55.1#53
Name: srv-dc01.example.ru
Address: 192.168.55.2
[root at srv-site2-dc1 x86_64]# nslookup srv-
dc02.example.ru
Server: 192.168.55.1
Address: 192.168.55.1#53
Name: srv-dc02.example.ru
Address: 192.168.55.1
[root at srv-site2-dc1 x86_64]# nslookup srv-dc02
Server: 192.168.55.1
Address: 192.168.55.1#53
Name: srv-dc02.example.ru
Address: 192.168.55.1
В Пн, 19/02/2018 в 10:47 +0000, Rowland Penny via samba
пишет:> > username=vas.lah --password=password --realm=EXAMPLE.RU --
> > site=SITE2
>
> That's better ;-)
>
> >
> >
> > srv-dc01.example.ru - windows server 2008
>
> Should work.
>
> >
> > netdom query fsmo
>
> Only problem with that command is, it doesn't show the dns FSMO
> roles,
> even if they are there.
>
> Simple question: Is a dns server running on the windows server 2008 ?
>
> If it is, have you checked if the dns zones exist in AD ?
>
> If they do, try pre-creating the new DC in AD.
On Mon, 19 Feb 2018 16:28:37 +0500 "denis.shigapov" <denis.shigapov at stroylandiya.ru> wrote:> Yes, DNS runnig on Windows Server 2008R2(srv-dc01.example.ru) > DNS integrated to AD > in the domain management snap-in is created RODC,I think what you are trying to say is, you are trying to join the Samba machine (as a DC) to a windows RODC. I don't think this will work, an RODC contains all the AD records except the passwords, but they are read-only.> is it possible to translate it into a normal DC?No, I am fairly sure you would have to demote it, then promote it as a a DC, If you can do this, then why not just point the Samba machine at a normal DC instead ? Rowland
No I'm join samba to Windows DC(srv-dc01), he not server RODC>> If they do, try pre-creating the new DC in AD.in Windows manager console AD may create only RODC, it does not suit me run samba-tool domain join example.ru DC --server=srv-dc01.example.ru --username=vas.lah --password=password --realm=EXAMPLE.RU --site=SITE2 Failed to fetch machine account password for EXAMPLE from both secrets.ldb (Could not find entry to match filter: '(&(f$atname=EXAMPLE)(objectclass=primaryDomain))' base: 'cn=Primary Domains': No such object: dsdb_search at ../source4/dsdb/common/util.c:4636) and from /var/lib/samba/private$secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFODeleted CN=RID Set,CN=SRV-SITE2- DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=SRV-SITE2- DC1,OU=Domain Controllers,DC=example,DC=ruDeleted CN=NTDS Settings,CN=SRV-SITE2- DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruDelet ed CN=SRV-SITE2- DC1,CN=Servers,CN=SITE2,CN=Sites,CN=Configuration,DC=example,DC=ruERROR (runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') File "/usr/lib64/python2.7/site- packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site- packages/samba/netcmd/domain.py", line 661, in run machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend) File "/usr/lib64/python2.7/site- packages/samba/join.py", line 1474, in join_DC ctx.do_join() File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1384, in do_join ctx.join_add_dns_records() File "/usr/lib64/python2.7/site- packages/samba/join.py", line 1116, in join_add_dns_records dns_partition=domaindns_zone_dn) File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 939, in dns_lookup dns_partition=dns_partition) В Пн, 19/02/2018 в 11:43 +0000, Rowland Penny via samba пишет:> On Mon, 19 Feb 2018 16:28:37 +0500 > > > Yes, DNS runnig on Windows Server 2008R2(srv-dc01.example.ru) > > DNS integrated to AD > > in the domain management snap-in is created RODC, > > I think what you are trying to say is, you are trying to join the > Samba > machine (as a DC) to a windows RODC. I don't think this will work, > an RODC contains all the AD records except the passwords, but they > are > read-only. > > > is it possible to translate it into a normal DC? > > No, I am fairly sure you would have to demote it, then promote it as > a > a DC, If you can do this, then why not just point the Samba machine > at > a normal DC instead ? > > Rowland >