samba - May 2015 - second DC behavior when first switched off

Hello all,

I'm always trying to migrate from W2000 server to Samba 4.

For doing this, I tried this :
- install a W2003 server with AD and DNS services, join it to W2000, 
transfer roles and after demote the old W2000 -> done
- install a Sernet Samba4 with Bind9, join W2003, transfer all 7 roles 
-> done ( thanks to Rowland )

the sync process is working well in two way, I can manage DNS and AD 
with rsat tool even directly connected on the Samba4 server

But the samba4 server does not have a good behavior when I switch off 
the W2003 server...

For example in this case ( W2003 switched off ), if I try to use RSAT AD 
user and group connected to Samba and go to the directory "Domain 
Controllers" I see an error message "domain controllers data not 
available..."
and in the samba4 syslog :

May 21 11:09:09 S4 samba[2455]: [2015/05/21 11:09:09.682170,  0] 
../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
May 21 11:09:09 S4 samba[2455]:   ldb: acl_read: CN=W2003,OU=Domain 
Controllers,DC=ariane,DC=intra cannot find attr[msDS-isRODC] in of schema
May 21 11:09:09 S4 samba[2455]:

It seems that it missing a Samba4 entry? For asking Samba4 too?

Another question... How to be sure that the sync process between 2 AD is 
fully terminated and that the servers are ready for a demote process?

Thanks a lot!

Sam

I think The problem is here, when the 2 DC are on line, and debug level 
is 3, I can see a lot of messages like :

May 21 16:52:29 S4 named[2289]: samba_dlz: starting transaction on zone 
ariane.intra
May 21 16:52:29 S4 named[2289]: client 172.20.2.33#1226: update 
'ariane.intra/IN' denied
May 21 16:52:29 S4 named[2289]: samba_dlz: cancelling transaction on 
zone ariane.intra

I try to set transactions for DNS to "non secure and secure" to
"secure
only" on the W2003 server, without any effects...
And it can't be changed for Samba4 ( "secure only" by default )
172.20.2.33 is my W2003 server...

Sam


Le 21/05/2015 11:50, Sam a ?crit :
> Hello all,
>
> I'm always trying to migrate from W2000 server to Samba 4.
>
> For doing this, I tried this :
> - install a W2003 server with AD and DNS services, join it to W2000, 
> transfer roles and after demote the old W2000 -> done
> - install a Sernet Samba4 with Bind9, join W2003, transfer all 7 roles 
> -> done ( thanks to Rowland )
>
> the sync process is working well in two way, I can manage DNS and AD 
> with rsat tool even directly connected on the Samba4 server
>
> But the samba4 server does not have a good behavior when I switch off 
> the W2003 server...
>
> For example in this case ( W2003 switched off ), if I try to use RSAT 
> AD user and group connected to Samba and go to the directory "Domain 
> Controllers" I see an error message "domain controllers data not 
> available..."
> and in the samba4 syslog :
>
> May 21 11:09:09 S4 samba[2455]: [2015/05/21 11:09:09.682170,  0] 
> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
> May 21 11:09:09 S4 samba[2455]:   ldb: acl_read: CN=W2003,OU=Domain 
> Controllers,DC=ariane,DC=intra cannot find attr[msDS-isRODC] in of schema
> May 21 11:09:09 S4 samba[2455]:
>
> It seems that it missing a Samba4 entry? For asking Samba4 too?
>
> Another question... How to be sure that the sync process between 2 AD 
> is fully terminated and that the servers are ready for a demote process?
>
> Thanks a lot!
>
> Sam
>
>

On 21/05/15 16:00, Sam wrote:
> I think The problem is here, when the 2 DC are on line, and debug 
> level is 3, I can see a lot of messages like :
>
> May 21 16:52:29 S4 named[2289]: samba_dlz: starting transaction on 
> zone ariane.intra
> May 21 16:52:29 S4 named[2289]: client 172.20.2.33#1226: update 
> 'ariane.intra/IN' denied
> May 21 16:52:29 S4 named[2289]: samba_dlz: cancelling transaction on 
> zone ariane.intra
>
> I try to set transactions for DNS to "non secure and secure" to 
> "secure only" on the W2003 server, without any effects...
> And it can't be changed for Samba4 ( "secure only" by default
)
> 172.20.2.33 is my W2003 server...
>
> Sam
Do you have a dhcp server ?
Also, why is your w2003 server trying to update named ?
'secure only' means that you need a secure connection to update named, 
you can set 'allow dns updates = nonsecure' in smb.conf on the samba AD
DC

Rowland
>
>
> Le 21/05/2015 11:50, Sam a ?crit :
>> Hello all,
>>
>> I'm always trying to migrate from W2000 server to Samba 4.
>>
>> For doing this, I tried this :
>> - install a W2003 server with AD and DNS services, join it to W2000, 
>> transfer roles and after demote the old W2000 -> done
>> - install a Sernet Samba4 with Bind9, join W2003, transfer all 7 
>> roles -> done ( thanks to Rowland )
>>
>> the sync process is working well in two way, I can manage DNS and AD 
>> with rsat tool even directly connected on the Samba4 server
>>
>> But the samba4 server does not have a good behavior when I switch off 
>> the W2003 server...
>>
>> For example in this case ( W2003 switched off ), if I try to use RSAT 
>> AD user and group connected to Samba and go to the directory
"Domain
>> Controllers" I see an error message "domain controllers data
not
>> available..."
>> and in the samba4 syslog :
>>
>> May 21 11:09:09 S4 samba[2455]: [2015/05/21 11:09:09.682170,  0] 
>> ../lib/ldb-samba/ldb_wrap.c:71(ldb_wrap_debug)
>> May 21 11:09:09 S4 samba[2455]:   ldb: acl_read: CN=W2003,OU=Domain 
>> Controllers,DC=ariane,DC=intra cannot find attr[msDS-isRODC] in of 
>> schema
>> May 21 11:09:09 S4 samba[2455]:
>>
>> It seems that it missing a Samba4 entry? For asking Samba4 too?
>>
>> Another question... How to be sure that the sync process between 2 AD 
>> is fully terminated and that the servers are ready for a demote
process?
>>
>> Thanks a lot!
>>
>> Sam
>>
>>
>