Peter Storkey
2013-Sep-01 23:03 UTC
[Samba] Samba4/Windows DNS replication and administration issue
Hi all,
I am having trouble with DNS replication between a Linux/Samba 4.0.9 box and
Windows Server 2012 domain controller, as well as administering the Linux DNS
from the Windows DNS Manager snap-in.
First a little background. I am trying to integrate a Samba 4.0.9 server as a
domain controller in an existing Windows Active Directory domain. The domain and
forest are at Windows 2008R2 functional level with a single domain controller
which was upgraded from Windows Server 2008 R2 to Windows Server 2012.
I am running CentOS 6.4 x64, patched to current levels. I downloaded and
installed the Sernet binaries for Samba 4.0.9 but ran into problems joining the
domain. It failed with the following error:
ERROR: no subClassOf 'top' for 'samDomain'
I found a bug report for this error at
https://bugzilla.samba.org/show_bug.cgi?id=8680 and rebuilt the Sernet RPMs with
the patches implemented. This time I was able to successfully join the domain.
Replication seems to be working but I do get a warning from samba-tool drs
showrepl:
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 3c20a62a-ad94-40ef-b346-ba8b15f829f8
Enabled : TRUE
Server DNS name : server.example.com
Server DN name : CN=NTDS
Settings,CN=server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
The inbound and outbound neighbors all appear to be ok.
I started out with internal DNS but when I was unable to get it working
correctly, I switched to bind (Centos package
bind-9.8.2-0.17.rc1.el6_4.6.x86_64).
The problem is that when I try to administer DNS through the Windows DNS Manager
snap-in, my forward domain fails to load, with an error indicating zone data may
be corrupt (it opens fine on the Windows DNS server). Additionally, my reverse
zone does not appear to have replicated to the Linux server.
When I click on the forward zone in DNS Manager, I see the following in
/var/log/messages:
smbd[24043]: [2013/09/01 15:30:21.091035, 0]
../source3/rpc_server/svcctl/srv_svcctl_nt.c:326(_svcctl_OpenServiceW)
smbd[24043]: _svcctl_OpenServiceW: Failed to get a valid security
descriptorfree_pipe_context: destroying talloc pool of size 275
samba[19596]: [2013/09/01 15:30:25.505483, 0]
../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1068(dnsserver_query_zone)
samba[19596]: dnsserver: Invalid zone operation IsSigneddnsserver: Invalid
zone operation IsSigneddnsserver: Invalid zone operation IsSigneddnsserver:
Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record
type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled
DNS record type=49ndr_push_error(2): Bad switch value 49 at
default/librpc/gen_ndr/ndr_dnsserver.c:544
samba[19596]: [2013/09/01 15:30:26.272723, 0]
../source4/rpc_server/dnsserver/dnsdata.c:354(dnsp_to_dns_copy)
samba[19596]: dnsserver: Found Unhandled DNS record type=49dnsserver: Found
Unhandled DNS record type=49dnsserver: Found Unhandled DNS record
type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad
switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544
Querying DNS via nslookup/dig/host works fine but querying through samba-tool
gives an error:
# samba-tool dns query server.domain.com domain.com @ ALL
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:server.example.com[,sign]
ERROR(runtime): uncaught exception - (-1073545204,
'NT_STATUS_RPC_BAD_STUB_DATA')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/dns.py", line
974, in run
None, record_type, select_flags, None, None)
and I see the following in /var/log/messages:
samba[19596]: [2013/09/01 15:31:55.207112, 0]
../source4/rpc_server/dnsserver/dnsdata.c:354(dnsp_to_dns_copy)
samba[19596]: dnsserver: Found Unhandled DNS record type=49dnsserver: Found
Unhandled DNS record type=49dnsserver: Found Unhandled DNS record
type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad
switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544
Any help would be much appreciated.
Thanks,
Pete
Pete Storkey
2013-Sep-01 23:14 UTC
[Samba] Samba4/Windows DNS replication and administration issue
Hi all,
I am having trouble with DNS replication between a Linux/Samba 4.0.9 box and
Windows Server 2012 domain controller, as well as administering the Linux DNS
from the Windows DNS Manager snap-in.
First a little background. I am trying to integrate a Samba 4.0.9 server as a
domain controller in an existing Windows Active Directory domain. The domain and
forest are at Windows 2008R2 functional level with a single domain controller
which was upgraded from Windows Server 2008 R2 to Windows Server 2012.
I am running CentOS 6.4 x64, patched to current levels. I downloaded and
installed the Sernet binaries for Samba 4.0.9 but ran into problems joining the
domain. It failed with the following error:
ERROR: no subClassOf 'top' for 'samDomain'
I found a bug report for this error at
https://bugzilla.samba.org/show_bug.cgi?id=8680 and rebuilt the Sernet RPMs with
the patches implemented. This time I was able to successfully join the domain.
Replication seems to be working but I do get a warning from samba-tool drs
showrepl:
==== KCC CONNECTION OBJECTS ===
Connection --
Connection name: 3c20a62a-ad94-40ef-b346-ba8b15f829f8
Enabled : TRUE
Server DNS name : server.example.com
Server DN name : CN=NTDS
Settings,CN=server,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
The inbound and outbound neighbors all appear to be ok.
I started out with internal DNS but when I was unable to get it working
correctly, I switched to bind (Centos package
bind-9.8.2-0.17.rc1.el6_4.6.x86_64).
The problem is that when I try to administer DNS through the Windows DNS Manager
snap-in, my forward domain fails to load, with an error indicating zone data may
be corrupt (it opens fine on the Windows DNS server). Additionally, my reverse
zone does not appear to have replicated to the Linux server.
When I click on the forward zone in DNS Manager, I see the following in
/var/log/messages:
smbd[24043]: [2013/09/01 15:30:21.091035, 0]
../source3/rpc_server/svcctl/srv_svcctl_nt.c:326(_svcctl_OpenServiceW)
smbd[24043]: _svcctl_OpenServiceW: Failed to get a valid security
descriptorfree_pipe_context: destroying talloc pool of size 275
samba[19596]: [2013/09/01 15:30:25.505483, 0]
../source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1068(dnsserver_query_zone)
samba[19596]: dnsserver: Invalid zone operation IsSigneddnsserver: Invalid
zone operation IsSigneddnsserver: Invalid zone operation IsSigneddnsserver:
Found Unhandled DNS record type=49dnsserver: Found Unhandled DNS record
type=49dnsserver: Found Unhandled DNS record type=49dnsserver: Found Unhandled
DNS record type=49ndr_push_error(2): Bad switch value 49 at
default/librpc/gen_ndr/ndr_dnsserver.c:544
samba[19596]: [2013/09/01 15:30:26.272723, 0]
../source4/rpc_server/dnsserver/dnsdata.c:354(dnsp_to_dns_copy)
samba[19596]: dnsserver: Found Unhandled DNS record type=49dnsserver: Found
Unhandled DNS record type=49dnsserver: Found Unhandled DNS record
type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad
switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544
Querying DNS via nslookup/dig/host works fine but querying through samba-tool
gives an error:
# samba-tool dns query server.domain.com domain.com @ ALL
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'sasl-DIGEST-MD5' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:server.example.com[,sign]
ERROR(runtime): uncaught exception - (-1073545204,
'NT_STATUS_RPC_BAD_STUB_DATA')
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/dns.py", line
974, in run
None, record_type, select_flags, None, None)
and I see the following in /var/log/messages:
samba[19596]: [2013/09/01 15:31:55.207112, 0]
../source4/rpc_server/dnsserver/dnsdata.c:354(dnsp_to_dns_copy)
samba[19596]: dnsserver: Found Unhandled DNS record type=49dnsserver: Found
Unhandled DNS record type=49dnsserver: Found Unhandled DNS record
type=49dnsserver: Found Unhandled DNS record type=49ndr_push_error(2): Bad
switch value 49 at default/librpc/gen_ndr/ndr_dnsserver.c:544
Any help would be much appreciated.
Thanks,
Pete