Hi Team,
Samba Version = 4.2
Bind = 9.10 with dlz
Not able to to view replication.(samba-tool drs showrepl)
[root at dc2]# samba-tool drs showrepl (want to highlight the name which is
using to connect)
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
*dc2.ik.lan.mum* failed - drsException: DRS connection to dc2.ik.lan.mum
failed: (-1073741772, 'The object name is not found.')
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py",
line 39, in drsuapi_connect
(ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions)
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
line 54, in drsuapi_connect
raise drsException("DRS connection to %s failed: %s" % (server, e))
While provision I used Bind9_FLAT on DC and everything working fine.
Created Additional Domain Server and joined but gave error.
[root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator
--realm=ik.lan.mum --dns-backend=*BIND9_FLAT *
Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN]
[options]
samba-tool domain join: error: option --dns-backend: invalid choice:
'BIND9_FLAT' (choose from 'SAMBA_INTERNAL', 'BIND9_DLZ',
'NONE')
[root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator
--realm=ik.lan.mum --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ik.lan.mum'
Found DC dc1.ik.lan.mum
Password for [WORKGROUP\administrator]:
NO DNS zone information found in source domain, not replicating DNS
workgroup is IK.LAN
realm is ik.lan.mum
checking sAMAccountName
Adding CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Setting account password for DC2$
Enabling account
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=ik,DC=lan,DC=mum
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1206/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1608/1612]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1612/1612]
linked_values[20/0]
Replicating critical objects from the base DN of the domain
Partition[DC=ik,DC=lan,DC=mum] objects[98/98] linked_values[23/0]
Partition[DC=ik,DC=lan,DC=mum] objects[376/278] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain IK.LAN (SID S-1-5-21-3947581883-4033758009-2802199242) as a
DC
[root at dc2]# echo $?
0
[root at dc1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ -d 2
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
DNS accounts already exist
No zone file /usr/local/samba/private/dns/IK.LAN.MUM.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc1 account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
*After that upgraded the dns on DC1*
[root at dc1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ -d 2
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
Reading domain information
lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf
DNS accounts already exist
No zone file /usr/local/samba/private/dns/IK.LAN.MUM.zone
DNS records will be automatically created
DNS partitions already exist
dns-dc1 account already exists
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Finished upgrading DNS
*Then I tried to join the domain again using BIND9_DLZ (got success)*
[root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator
--realm=ik.lan.mum --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'ik.lan.mum'
Found DC dc1.ik.lan.mum
Password for [IK.LAN\administrator]:
workgroup is IK.LAN
realm is ik.lan.mum
checking sAMAccountName
Deleted CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Deleted CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Deleted
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Adding
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding CN=NTDS
Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum
Adding SPNs to CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum
Setting account password for DC2$
Enabling account
Adding DNS account CN=dns-DC2,CN=Users,DC=ik,DC=lan,DC=mum with dns/ SPN
Setting account password for dns-DC2
Calling bare provision
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
A Kerberos configuration suitable for Samba 4 has been generated at
/usr/local/samba/private/krb5.conf
Provision OK for domain DN DC=ik,DC=lan,DC=mum
Starting replication
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1550]
linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1206/1550] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum]
objects[1550/1550] linked_values[0/0]
Analyze and apply schema objects
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1206/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1608/1620]
linked_values[0/0]
Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1620/1620]
linked_values[28/0]
Replicating critical objects from the base DN of the domain
Partition[DC=ik,DC=lan,DC=mum] objects[98/98] linked_values[23/0]
Partition[DC=ik,DC=lan,DC=mum] objects[379/281] linked_values[23/0]
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=ik,DC=lan,DC=mum
Partition[DC=DomainDnsZones,DC=ik,DC=lan,DC=mum] objects[40/40]
linked_values[0/0]
Replicating DC=ForestDnsZones,DC=ik,DC=lan,DC=mum
Partition[DC=ForestDnsZones,DC=ik,DC=lan,DC=mum] objects[18/18]
linked_values[0/0]
Committing SAM database
Sending DsReplicaUpdateRefs for all the replicated partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
See /usr/local/samba/private/named.conf for an example configuration
include file for BIND
and /usr/local/samba/private/named.txt for further documentation required
for secure DNS updates
Joined domain IK.LAN (SID S-1-5-21-3947581883-4033758009-2802199242) as a
DC
*I have strictly followed Samba wiki for joining additional domain *
*Right now everything seems to be working like I can authenticate the user
by putting DC down, creating / modifying user is replicated immediately.*
Thanks,
Vikas
On 25/03/15 16:50, VIKAS wrote:> Hi Team, > > Samba Version = 4.2 > > Bind = 9.10 with dlz > > > Not able to to view replication.(samba-tool drs showrepl) > > > [root at dc2]# samba-tool drs showrepl (want to highlight the name which is > using to connect) > > ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to > *dc2.ik.lan.mum* failed - drsException: DRS connection to dc2.ik.lan.mum > failed: (-1073741772, 'The object name is not found.') > > File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py", > line 39, in drsuapi_connect > > (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) > drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds) > > File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", > line 54, in drsuapi_connect > > raise drsException("DRS connection to %s failed: %s" % (server, e)) > > > > While provision I used Bind9_FLAT on DC and everything working fine. > > > Created Additional Domain Server and joined but gave error. > > > [root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator > --realm=ik.lan.mum --dns-backend=*BIND9_FLAT * > > Usage: samba-tool domain join <dnsdomain> [DC|RODC|MEMBER|SUBDOMAIN] > [options] > > samba-tool domain join: error: option --dns-backend: invalid choice: > 'BIND9_FLAT' (choose from 'SAMBA_INTERNAL', 'BIND9_DLZ', 'NONE') > > [root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator > --realm=ik.lan.mum --dns-backend=BIND9_DLZ > > Finding a writeable DC for domain 'ik.lan.mum' > > Found DC dc1.ik.lan.mum > > Password for [WORKGROUP\administrator]: > > NO DNS zone information found in source domain, not replicating DNS > > workgroup is IK.LAN > > realm is ik.lan.mum > > checking sAMAccountName > > Adding CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum > > Adding > CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum > > > Adding CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum > > > Adding SPNs to CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum > > Setting account password for DC2$ > > Enabling account > > Calling bare provision > > Looking up IPv4 addresses > > Looking up IPv6 addresses > > No IPv6 address will be assigned > > Setting up share.ldb > > Setting up secrets.ldb > > Setting up the registry > > Setting up the privileges database > > Setting up idmap db > > Setting up SAM db > > Setting up sam.ldb partitions and settings > > Setting up sam.ldb rootDSE > > Pre-loading the Samba 4 and AD schema > > A Kerberos configuration suitable for Samba 4 has been generated at > /usr/local/samba/private/krb5.conf > > Provision OK for domain DN DC=ik,DC=lan,DC=mum > > Starting replication > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1550] > linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1550] > linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] > objects[1206/1550] linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] > objects[1550/1550] linked_values[0/0] > > Analyze and apply schema objects > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1612] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1612] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1206/1612] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1608/1612] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1612/1612] > linked_values[20/0] > > Replicating critical objects from the base DN of the domain > > Partition[DC=ik,DC=lan,DC=mum] objects[98/98] linked_values[23/0] > > Partition[DC=ik,DC=lan,DC=mum] objects[376/278] linked_values[23/0] > > Done with always replicated NC (base, config, schema) > > Committing SAM database > > Sending DsReplicaUpdateRefs for all the replicated partitions > > Setting isSynchronized and dsServiceName > > Setting up secrets database > > Joined domain IK.LAN (SID S-1-5-21-3947581883-4033758009-2802199242) as a > DC > > [root at dc2]# echo $? > > 0 > > > [root at dc1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ -d 2 > > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > > Reading domain information > > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > > DNS accounts already exist > > No zone file /usr/local/samba/private/dns/IK.LAN.MUM.zone > > DNS records will be automatically created > > DNS partitions already exist > > dns-dc1 account already exists > > See /usr/local/samba/private/named.conf for an example configuration > include file for BIND > > and /usr/local/samba/private/named.txt for further documentation required > for secure DNS updates > > Finished upgrading DNS > > > *After that upgraded the dns on DC1* > > > [root at dc1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ -d 2 > > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > > Reading domain information > > lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf > > DNS accounts already exist > > No zone file /usr/local/samba/private/dns/IK.LAN.MUM.zone > > DNS records will be automatically created > > DNS partitions already exist > > dns-dc1 account already exists > > See /usr/local/samba/private/named.conf for an example configuration > include file for BIND > > and /usr/local/samba/private/named.txt for further documentation required > for secure DNS updates > > Finished upgrading DNS > > > *Then I tried to join the domain again using BIND9_DLZ (got success)* > > > [root at dc2]# samba-tool domain join ik.lan.mum DC -Uadministrator > --realm=ik.lan.mum --dns-backend=BIND9_DLZ > > Finding a writeable DC for domain 'ik.lan.mum' > > Found DC dc1.ik.lan.mum > > Password for [IK.LAN\administrator]: > > workgroup is IK.LAN > > realm is ik.lan.mum > > checking sAMAccountName > > Deleted CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum > > Deleted CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum > > > Deleted > CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum > > > Adding CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum > > Adding > CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum > > > Adding CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ik,DC=lan,DC=mum > > > Adding SPNs to CN=DC2,OU=Domain Controllers,DC=ik,DC=lan,DC=mum > > Setting account password for DC2$ > > Enabling account > > Adding DNS account CN=dns-DC2,CN=Users,DC=ik,DC=lan,DC=mum with dns/ SPN > > Setting account password for dns-DC2 > > Calling bare provision > > Looking up IPv4 addresses > > Looking up IPv6 addresses > > No IPv6 address will be assigned > > Setting up secrets.ldb > > Setting up the registry > > Setting up the privileges database > > Setting up idmap db > > Setting up SAM db > > Setting up sam.ldb partitions and settings > > Setting up sam.ldb rootDSE > > Pre-loading the Samba 4 and AD schema > > A Kerberos configuration suitable for Samba 4 has been generated at > /usr/local/samba/private/krb5.conf > > Provision OK for domain DN DC=ik,DC=lan,DC=mum > > Starting replication > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1550] > linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1550] > linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] > objects[1206/1550] linked_values[0/0] > > Schema-DN[CN=Schema,CN=Configuration,DC=ik,DC=lan,DC=mum] > objects[1550/1550] linked_values[0/0] > > Analyze and apply schema objects > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[402/1620] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[804/1620] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1206/1620] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1608/1620] > linked_values[0/0] > > Partition[CN=Configuration,DC=ik,DC=lan,DC=mum] objects[1620/1620] > linked_values[28/0] > > Replicating critical objects from the base DN of the domain > > Partition[DC=ik,DC=lan,DC=mum] objects[98/98] linked_values[23/0] > > Partition[DC=ik,DC=lan,DC=mum] objects[379/281] linked_values[23/0] > > Done with always replicated NC (base, config, schema) > > Replicating DC=DomainDnsZones,DC=ik,DC=lan,DC=mum > > Partition[DC=DomainDnsZones,DC=ik,DC=lan,DC=mum] objects[40/40] > linked_values[0/0] > > Replicating DC=ForestDnsZones,DC=ik,DC=lan,DC=mum > > Partition[DC=ForestDnsZones,DC=ik,DC=lan,DC=mum] objects[18/18] > linked_values[0/0] > > Committing SAM database > > Sending DsReplicaUpdateRefs for all the replicated partitions > > Setting isSynchronized and dsServiceName > > Setting up secrets database > > See /usr/local/samba/private/named.conf for an example configuration > include file for BIND > > and /usr/local/samba/private/named.txt for further documentation required > for secure DNS updates > > Joined domain IK.LAN (SID S-1-5-21-3947581883-4033758009-2802199242) as a > DC > > *I have strictly followed Samba wiki for joining additional domain * > > *Right now everything seems to be working like I can authenticate the user > by putting DC down, creating / modifying user is replicated immediately.* > > > Thanks, > > VikasWelcome to the 'I have found a bug' club :-) Firstly though, it is 'BIND9_FLATFILE' not 'BIND9_FLAT' , not that this would have helped. If you run 'samba-tool domain provision --help' , amongst the output is this: --dns-backend=NAMESERVER-BACKEND The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_FLATFILE uses bind9 text database to store zone information, BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (not recommended) OK, this shows 'BIND9_FLATFILE', but if you run 'samba-tool domain join --help' , you will find this: --dns-backend=NAMESERVER-BACKEND The DNS server backend. SAMBA_INTERNAL is the builtin name server (default), BIND9_DLZ uses samba4 AD to store zone information, NONE skips the DNS setup entirely (this DC will not be a DNS server) Whoops, 'BIND9_FLATFILE' has disappeared. I wouldn't think that using 'BIND9_FLATFILE' is a good idea, using this will store the dns info outside AD and what isn't in AD cannot be replicated. I actually think the bug is that 'samba-tool domain provision' will accept 'BIND9_FLATFILE'. Rowland
yes i realized that there is something wrong with BIND9_FLATFILE while encountering with samba_upgradedns -h which doesn't show BIND9_FLATFILE Any help on*drs repl* not working i think it is pointing to wrong FQDN how do i correct that ?> >/ Not able to to view replication.(samba-tool drs showrepl) > />/ > />/ > />/ [root at dc2 <https://lists.samba.org/mailman/listinfo/samba>]# samba-tool drs showrepl (want to highlight the name which is > />/ using to connect) > />/ > />/ ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to > />/ *dc2.ik.lan.mum* failed - drsException: DRS connection to dc2.ik.lan.mum > />/ failed: (-1073741772, 'The object name is not found.') > />/ > />/ File "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/drs.py", > />/ line 39, in drsuapi_connect > />/ > />/ (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) > />/ drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds) > />/ > />/ File "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py", > />/ line 54, in drsuapi_connect > />/ > />/ raise drsException("DRS connection to %s failed: %s" % (server, e)) > />> Welcome to the 'I have found a bug' club :-) > > Firstly though, it is 'BIND9_FLATFILE' not 'BIND9_FLAT' , not that this > would have helped. > > If you run 'samba-tool domain provision --help' , amongst the output is > this: > > --dns-backend=NAMESERVER-BACKEND > The DNS server backend. SAMBA_INTERNAL is the > builtin > name server (default), BIND9_FLATFILE uses > bind9 text > database to store zone information, BIND9_DLZ uses > samba4 AD to store zone information, NONE skips the > DNS setup entirely (not recommended) > > OK, this shows 'BIND9_FLATFILE', but if you run 'samba-tool domain join > --help' , you will find this: > > --dns-backend=NAMESERVER-BACKEND > The DNS server backend. SAMBA_INTERNAL is the > builtin > name server (default), BIND9_DLZ uses samba4 AD to > store zone information, NONE skips the DNS setup > entirely (this DC will not be a DNS server) > > Whoops, 'BIND9_FLATFILE' has disappeared. > > I wouldn't think that using 'BIND9_FLATFILE' is a good idea, using this > will store the dns info outside AD and what isn't in AD cannot be > replicated. > > I actually think the bug is that 'samba-tool domain provision' will > accept 'BIND9_FLATFILE'. > > Rowland