L.P.H. van Belle
2020-Feb-10 14:40 UTC
[Samba] FW: samba_kcc issue after joining the domain as a DC
@Rowland. I now see he only mailed me. Here you go.. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Alex [mailto:samba at abisoft.biz] > Verzonden: maandag 10 februari 2020 14:53 > Aan: L.P.H. van Belle > Onderwerp: Re: [Samba] samba_kcc issue after joining the > domain as a DC > > Hello L.P.H., > > Thank you for your quick reply! > > > Im betting this is a Windows 2000/2003 upgraded domain.. > > You're absolutely right! > > > And since he is still running the windows domain. > > > https://support.microsoft.com/en-gb/help/817470/how-to-reconfi > gure-an-msdcs-subdomain-to-a-forest-wide-dns-application > > Should help if thats done before the samba DC join. > > I'll give it a try and let you know. Thanks again! > > >> > I'm trying to promote samba4 as a 3rd DC in Windows 2008 > >> R2 AD domain (to get > >> > rid of Windows Servers in future). It's joined well, but > >> failing on samba_kcc > >> > run (it's happened when I launched samba after joining the > >> domain, so for > >> > debugging purposes I then started samba_kcc manually): > >> > # /usr/local/samba/sbin/samba_kcc > >> > Traceback (most recent call last): > >> > File > >> "/usr/local/samba/lib64/python3.6/site-packages/samba/kcc/kcc_ > >> utils.py", line 87, in load_nc > >> > >> Hmm, 'lib64', is this on Fedora ? > >> > >> If so, are you using the Fedora Samba packages ? > >> > >> If so, then are you aware that using MIT kerberos with a > >> Samba AD DC is > >> experimental and shouldn't be used in production. > >> > >> If non of the above applies, can you provide more info, > what OS, What > >> Samba packages ? etc > >> > >> Rowland > >> > >> > >> > scope=ldb.SCOPE_BASE, attrs=attrs) > >> > _ldb.LdbError: (32, 'No such Base DN: > >> DC=DomainDnsZones,DC=domain,DC=com') > >> > ... > >> > File > >> "/usr/local/samba/lib64/python3.6/site-packages/samba/kcc/kcc_ > >> utils.py", line 92, in load_nc > >> > (self.nc_dnstr, estr)) > >> > samba.kcc.kcc_utils.KCCError: Unable to find naming context > >> (DC=DomainDnsZones,DC=domain,DC=com) - (No such Base DN: > >> DC=DomainDnsZones,DC=domain,DC=com) > >> > > >> > I joined the domain with the following command: > >> > samba-tool domain join domain.com DC -k yes --dns-backend > >> NONE --server=vm-dc1.domain.com > >> > > >> > vm-dc1 does have the mentioned context b/c it's a domain > >> naming master. > >> > Wondering why samba tries to find it - it's not a domain > >> naming master.. > > -- > Best regards, > Alex Alex > >
Rowland penny
2020-Feb-10 14:47 UTC
[Samba] FW: samba_kcc issue after joining the domain as a DC
On 10/02/2020 14:40, L.P.H. van Belle via samba wrote:> @Rowland. > > I now see he only mailed me. > Here you go..No, he emailed me as well, but I missed this: samba-tool domain join domain.com DC -k yes --dns-backend NONE --server=vm-dc1.domain.com Why did he do that ? why no dns server ????? Rowland
Guys,> On 10/02/2020 14:40, L.P.H. van Belle via samba wrote: >> @Rowland. >> >> I now see he only mailed me. >> Here you go..> No, he emailed me as well, but I missed this:> samba-tool domain join domain.com DC -k yes --dns-backend NONE > --server=vm-dc1.domain.com> Why did he do that ? why no dns server ?????This is b/c we used to host AD zone on a separate DNS server(s), not in the AD. I thought to keep that setup b/c it's much easier to administrator the AD zone in bind9, rather than in MS DNS. -- Best regards, Alex Alex
Possibly Parallel Threads
- samba_kcc issue after joining the domain as a DC
- samba_kcc RODC failes with NT_STATUS_ACCESS_DENIED
- FW: samba_kcc issue after joining the domain as a DC
- WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
- FW: samba_kcc issue after joining the domain as a DC