thr3ads.net - samba - [Samba] missing DomainDnsZones and ForestDnsZones ? [Mar 2016]

If this information is useful, please help other people find it:
Share via:

Robert Moulton

2016-Mar-18 18:19 UTC

[Samba] missing DomainDnsZones and ForestDnsZones ?

Greetings - On our samba 4 (4.3.3) AD controller I just noticed 
something odd. When I run 'samba-tool fsmo show' I get an error:

# samba-tool fsmo show
ERROR(ldb): uncaught exception - No such Base DN: 
CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
   File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
     return self.run(*args, **kwargs)
   File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
line 395, in run
     domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
   File 
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
line 40, in get_fsmo_roleowner
     scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])

And 'ldbsearch' verifies that DomainDnsZones is missing:

# ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb 
'(fsmoroleowner=*)' | grep 'dn:'
dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu
dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu
dn: DC=biostat,DC=washington,DC=edu
dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu
dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu

What might explain this anomaly, and more importantly, what should be 
done to address it?

thanks,
-r

Rowland penny

2016-Mar-18 18:48 UTC

head link

[Samba] missing DomainDnsZones and ForestDnsZones ?

On 18/03/16 18:19, Robert Moulton wrote:> Greetings - On our samba 4 (4.3.3) AD controller I just noticed 
> something odd. When I run 'samba-tool fsmo show' I get an error:
>
> # samba-tool fsmo show
> ERROR(ldb): uncaught exception - No such Base DN: 
> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>   File 
>
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>     return self.run(*args, **kwargs)
>   File 
>
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
> line 395, in run
>     domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>   File 
>
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
> line 40, in get_fsmo_roleowner
>     scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>
> And 'ldbsearch' verifies that DomainDnsZones is missing:
>
> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb 
> '(fsmoroleowner=*)' | grep 'dn:'
> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu
> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu
> dn: DC=biostat,DC=washington,DC=edu
> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu
> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu
>
> What might explain this anomaly, and more importantly, what should be 
> done to address it?
>
> thanks,
> -r
>
OK, as for how did you get to here, how was the domain provisioned ??

You are actually missing two fsmo roleowners, your ldbsearch should 
return these as well as the other 5:

dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
dn: CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu

Do the 'DNs' exist ?

try this:

ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b 
'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub 
'(cn=Infrastructure)'

Does it return anything ?

Run it again, but replace 'DC=DomainDnsZones' with
'DC=ForestDnsZones',
does this return anything ?

If the objects exist, then you need to add the fsmo roleowners with 
ldbmodify

You need to create an ldif

dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
changetype: modify
add: fSMORoleOwner
fSMORoleOwner: CN=NTDS 
Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu

Then use ldbmodify to add the ldif, repeat for the ForestDnsZones

Rowland

Robert Moulton

2016-Mar-18 19:27 UTC

head link

[Samba] missing DomainDnsZones and ForestDnsZones ?

Rowland penny wrote on 3/18/16 11:48 AM:> On 18/03/16 18:19, Robert Moulton wrote:
>> Greetings - On our samba 4 (4.3.3) AD controller I just noticed
>> something odd. When I run 'samba-tool fsmo show' I get an
error:
>>
>> # samba-tool fsmo show
>> ERROR(ldb): uncaught exception - No such Base DN:
>> CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
>>   File
>>
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
>> line 175, in _run
>>     return self.run(*args, **kwargs)
>>   File
>>
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
>> line 395, in run
>>     domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>>   File
>>
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
>> line 40, in get_fsmo_roleowner
>>     scope=ldb.SCOPE_BASE, attrs=["fSMORoleOwner"])
>>
>> And 'ldbsearch' verifies that DomainDnsZones is missing:
>>
>> # ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb
>> '(fsmoroleowner=*)' | grep 'dn:'
>> dn: CN=Schema,CN=Configuration,DC=biostat,DC=washington,DC=edu
>> dn: CN=Partitions,CN=Configuration,DC=biostat,DC=washington,DC=edu
>> dn: DC=biostat,DC=washington,DC=edu
>> dn: CN=Infrastructure,DC=biostat,DC=washington,DC=edu
>> dn: CN=RID Manager$,CN=System,DC=biostat,DC=washington,DC=edu
>>
>> What might explain this anomaly, and more importantly, what should be
>> done to address it?
>>
>> thanks,
>> -r
>>
>
> OK, as for how did you get to here, how was the domain provisioned ??
Provisioning was a 'classicupgrade' of a samba 3 domain with LDAP
backend.
> You are actually missing two fsmo roleowners, your ldbsearch should
> return these as well as the other 5:
>
> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
> dn: CN=Infrastructure,DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu
>
> Do the 'DNs' exist ?
>
> try this:
>
> ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b
> 'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub
> '(cn=Infrastructure)'
>
> Does it return anything ?
>
uh-oh, no such base dn ...

# ldbsearch --cross-ncs -H /usr/local/samba/private/sam.ldb -b 
'DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu' -s sub 
'(cn=Infrastructure)'
search error - No such Base DN:
DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
> Run it again, but replace 'DC=DomainDnsZones' with
'DC=ForestDnsZones',
> does this return anything ?
... and again:

[root at porter ~]# ldbsearch --cross-ncs -H 
/usr/local/samba/private/sam.ldb -b 
'DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu' -s sub 
'(cn=Infrastructure)'
search error - No such Base DN: 
DC=ForestDnsZones,DC=biostat,DC=washington,DC=edu

should they be added with ldbadd?
> If the objects exist, then you need to add the fsmo roleowners with
> ldbmodify
>
> You need to create an ldif
>
> dn: CN=Infrastructure,DC=DomainDnsZones,DC=biostat,DC=washington,DC=edu
> changetype: modify
> add: fSMORoleOwner
> fSMORoleOwner: CN=NTDS
>
Settings,CN=DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=biostat,DC=washington,DC=edu
>
>
> Then use ldbmodify to add the ldif, repeat for the ForestDnsZones
>
> Rowland
>
>
>

Reasonably Related Threads

Search for more apparently analagous threads

samba - Mar 2016 - missing DomainDnsZones and ForestDnsZones ?

[Samba] missing DomainDnsZones and ForestDnsZones ?

[Samba] missing DomainDnsZones and ForestDnsZones ?

[Samba] missing DomainDnsZones and ForestDnsZones ?

Reasonably Related Threads