I'm trying to join a Linux server running Samba 4.0.4 as a DC to an existing AD domain. The current DC (server1) is running Server 2008 not R2. The Samba server (server2) is using internal DNS. I'm following "Samba4/HOWTO/Join a domain as a DC" from the wiki. The join seems to work, but I'm having problems with DNS replication. During the join many DNS records for server2 are added to server1's DNS. The A records for server1 and several Windows workstations are also added to server2's DNS. After the join, I followed the steps listed under "Check required DNS entries of the new host", and I added the records that weren't added during the join. I also ran "samba-tool drs kcc". A "samba-tool dns query" of the Samba server shows server2 as "Name=server2, Records=0, Children=0" with no corresponding IP address. "samba-tool drs showrepl server1" shows inbound neighbors, outbound neighbors, and kcc connection objects. "samba-tool drs showrepl server2" shows no outbound neighbors and always ends with "Warning: No NC replicated for Connection". When I join a Windows 7 workstation to Active Directory, DNS entries are added to server1, but they never show up on server2. Running "samba_dnsupdate --verbose" shows no errors and ends with "No DNS Updates needed". Is DNS replication supposed to work between a DC running Server 2008 and Samba4 with internal DNS? There's nothing showing up in the logs about DNS, so what should I do to debug this? Thanks, Alan
On 3/26/2013 14:15, Alan Schmitz wrote:> I'm trying to join a Linux server running Samba 4.0.4 as a DC to an > existing AD domain. The current DC (server1) is running Server 2008 not > R2. The Samba server (server2) is using internal DNS. I'm following > "Samba4/HOWTO/Join a domain as a DC" from the wiki. The join seems to > work, but I'm having problems with DNS replication. > > During the join many DNS records for server2 are added to server1's DNS. > The A records for server1 and several Windows workstations are also > added to server2's DNS. > > After the join, I followed the steps listed under "Check required DNS > entries of the new host", and I added the records that weren't added > during the join. I also ran "samba-tool drs kcc". > > A "samba-tool dns query" of the Samba server shows server2 as > "Name=server2, Records=0, Children=0" with no corresponding IP address. > > "samba-tool drs showrepl server1" shows inbound neighbors, outbound > neighbors, and kcc connection objects. "samba-tool drs showrepl > server2" shows no outbound neighbors and always ends with "Warning: No > NC replicated for Connection". > > When I join a Windows 7 workstation to Active Directory, DNS entries are > added to server1, but they never show up on server2. > > Running "samba_dnsupdate --verbose" shows no errors and ends with "No > DNS Updates needed". > > Is DNS replication supposed to work between a DC running Server 2008 and > Samba4 with internal DNS? There's nothing showing up in the logs about > DNS, so what should I do to debug this? > > Thanks, > AlanThis sounds very similar to a problem I was having, though not quite. In my situation, DNS changes on the existing DC were replicated to the Samba server, but not vice versa. I ended up solving the problem by manually listing the Samba server as holding a replica of the DomainDnsZones and ForestDnsZones application partitions. Try running these commands on a Windows machine: ntdsutil "part man" "conn" "con to ser <windowsdc>" q "add nc replica DC=DomainDnsZones,DC=<domain>,DC=<tld> <linuxdc>" q q ntdsutil "part man" "conn" "con to ser <windowsdc>" q "add nc replica DC=ForestDnsZones,DC=<domain>,DC=<tld> <linuxdc>" q q Replace the items in angle brackets with their actual values (removing the brackets), of course. Hope this helps. -- ?Dustin
On 3/26/2013 14:48, Dustin C. Hatch wrote:> This sounds very similar to a problem I was having, though not quite. In > my situation, DNS changes on the existing DC were replicated to the > Samba server, but not vice versa. I ended up solving the problem by > manually listing the Samba server as holding a replica of the > DomainDnsZones and ForestDnsZones application partitions. Try running > these commands on a Windows machine: > > ntdsutil "part man" "conn" "con to ser <windowsdc>" q "add nc replica > DC=DomainDnsZones,DC=<domain>,DC=<tld> <linuxdc>" q q > ntdsutil "part man" "conn" "con to ser <windowsdc>" q "add nc replica > DC=ForestDnsZones,DC=<domain>,DC=<tld> <linuxdc>" q q > > Replace the items in angle brackets with their actual values (removing > the brackets), of course.I ran these commands on the Windows server (server1), and I'm seeing a slight improvement. Thanks for the help. Samba4 (server2) now shows some outbound neighbors. When I join a workstation to the domain, an incomplete record shows up on server2. The output of this: samba-tool dns query localhost ankeny.local @ ALL dumps a few records that look like this: Name=ADWKS6, Records=0, Children=0 Name=ADWKS7, Records=0, Children=0 Name=DomainDnsZones, Records=0, Children=2 Name=ForestDnsZones, Records=0, Children=2 Name=server1, Records=1, Children=0 A: 172.16.16.101 (flags=f0, serial=185, ttl=3600) Name=server2, Records=0, Children=0 adwks6 and adwks7 were joined to the domain after server2. Are the IPs supposed to be populated during DNS replication, or is the client supposed to update both DCs? Does the resolver on server2 need to be pointed to itself in order for DNS replication to work properly? Thanks, Alan