samba - Jul 2016 - Successes an failures with Samba 4.3.9 and FreeBSD-10.3

OK.  "net cache flush" worked (dunno why a restart isn't
equivalent, but
hey).  So let's start peeling back other issues!

On Mon, Jul 11, 2016 at 1:54 PM, Rowland penny <rpenny at samba.org>
wrote:
> On 11/07/16 17:57, Zaphod Beeblebrox wrote:
>
>>
>>
>>             - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL,
>>         samba_dnsupdate
>>             complains.  Strange thing, tho: all the domains seem to
>>         lookup fine.  I
>>             can't exactly find the problem here.
>>
>>
>>
>>     I understand this is a known problem and can possibly be
'fixed'
>>     by adding 'allow dns updates = nonsecure and secure' to
smb.conf
>>     on the DC.
>>
>>
>> Not in my case.  Already have that line.
>>
>
> How are you using samba_dnsupdate ?
>
An example would be "/usr/local/sbin/samba_dnsupdate --verbose --all-names
-d 15"

But even just samba_dnsupdate by itself squaks.  I put the output in
https://owncloud.eicat.ca/index.php/s/vAKUymZr3OD59i7

On Mon, Jul 11, 2016 at 6:18 PM, Zaphod Beeblebrox <zbeeble at gmail.com>
wrote:
> OK.  "net cache flush" worked (dunno why a restart isn't
equivalent, but
> hey).  So let's start peeling back other issues!
>
> On Mon, Jul 11, 2016 at 1:54 PM, Rowland penny <rpenny at samba.org>
wrote:
>
>> On 11/07/16 17:57, Zaphod Beeblebrox wrote:
>>
>>>
>>>
>>>             - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL,
>>>         samba_dnsupdate
>>>             complains.  Strange thing, tho: all the domains seem to
>>>         lookup fine.  I
>>>             can't exactly find the problem here.
>>>
>>>
>>>
>>>     I understand this is a known problem and can possibly be
'fixed'
>>>     by adding 'allow dns updates = nonsecure and secure' to
smb.conf
>>>     on the DC.
>>>
>>>
>>> Not in my case.  Already have that line.
>>>
>>
>> How are you using samba_dnsupdate ?
>>
>
> An example would be "/usr/local/sbin/samba_dnsupdate --verbose
> --all-names  -d 15"
>
> But even just samba_dnsupdate by itself squaks.  I put the output in
> https://owncloud.eicat.ca/index.php/s/vAKUymZr3OD59i7
>
>
aargh.  That link is all better as of now.  Has the output (with debug
turned on).

OK.  Here's an update.  Since I got the IDMAP stuff working, I decided to
join my other home FreeBSD server into the 'forest' ... urgh...
metaphors
in this space grind a little... but when I did the samba-tool join, it
succeeded ... save the DNS was not updated.  So I tried manually... and
it's still wrong.

Joined domain HOME (SID S-1-5-21-3505373935-2275348003-3197909400) as a DC
[2:39:339]root at strike:/usr/local/etc> samba-tool dns add VR HOME.XXX.YY
STRIKE A 192.168.0.1 -Uadministrator
Password for [HOME\administrator]:
Record added successfully
[2:40:340]root at strike:/usr/local/etc> samba-tool dns add VR HOME.XXX.YY
STRIKE A 192.168.0.1 -Uadministrator
Password for [HOME\administrator]:
ERROR: Record already exists
[2:41:341]root at strike:/usr/local/etc> host strike.home.XXX.YY
Host strike.home.xxx.yy not found: 3(NXDOMAIN)

Further as I try to debug this, I did samba_upgradedns
--dns-backend=SAMBA_INTERNAL ... which passed and then:

[2:69:369]root at strike:/usr/local/etc> samba_upgradedns
--dns-backend=BIND9_DLZ
Reading domain information
DNS accounts already exist
No zone file /var/db/samba4/private/dns/home.dclg.ca.zone
DNS records will be automatically created
DNS partitions already exist
Adding dns-strike account
Traceback (most recent call last):
  File "/usr/local/sbin/samba_upgradedns", line 438, in <module>
    "DNSNAME" : dnsname }
  File
"/usr/local/lib/python2.7/site-packages/samba/provision/common.py",
line 55, in setup_add_ldif
    ldb.add_ldif(data, controls)
  File "/usr/local/lib/python2.7/site-packages/samba/__init__.py",
line
225, in add_ldif
    self.add(msg, controls)
_ldb.LdbError: (53, '../source4/dsdb/samdb/ldb_modules/ridalloc.c:551: No
RID Set DN - Request for remote creation of RID Set for this DC failed:
Failed to send MSG_DREPL_ALLOCATE_RID, unable to locate dreplsrv')

help?

On Mon, Jul 11, 2016 at 7:58 PM, Zaphod Beeblebrox <zbeeble at gmail.com>
wrote:
>
>
> On Mon, Jul 11, 2016 at 6:18 PM, Zaphod Beeblebrox <zbeeble at
gmail.com>
> wrote:
>
>> OK.  "net cache flush" worked (dunno why a restart isn't
equivalent, but
>> hey).  So let's start peeling back other issues!
>>
>> On Mon, Jul 11, 2016 at 1:54 PM, Rowland penny <rpenny at
samba.org> wrote:
>>
>>> On 11/07/16 17:57, Zaphod Beeblebrox wrote:
>>>
>>>>
>>>>
>>>>             - Whether I use BIND9_DLZ or I use SAMBA_INTERNAL,
>>>>         samba_dnsupdate
>>>>             complains.  Strange thing, tho: all the domains
seem to
>>>>         lookup fine.  I
>>>>             can't exactly find the problem here.
>>>>
>>>>
>>>>
>>>>     I understand this is a known problem and can possibly be
'fixed'
>>>>     by adding 'allow dns updates = nonsecure and
secure' to smb.conf
>>>>     on the DC.
>>>>
>>>>
>>>> Not in my case.  Already have that line.
>>>>
>>>
>>> How are you using samba_dnsupdate ?
>>>
>>
>> An example would be "/usr/local/sbin/samba_dnsupdate --verbose
>> --all-names  -d 15"
>>
>> But even just samba_dnsupdate by itself squaks.  I put the output in
>> https://owncloud.eicat.ca/index.php/s/vAKUymZr3OD59i7
>>
>>
> aargh.  That link is all better as of now.  Has the output (with debug
> turned on).
>
>