On Wed, 19 Oct 2016 23:12:50 +0200 Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hi Rowland, > > thanks for testing and your feedback. > > > Am 19.10.2016 um 21:50 schrieb Rowland Penny via samba: > > Workaround: > > turn off samba on the first DC, then restart samba on the second DC. > > There is a gotcha however, I had to force replication with > > 'samba-tool drs replicate' (after I restarted samba on the first DC) > > This sounds more complicated and the user has to turn of the existing > DC(s?) what makes the domain unavailable. > > I think we should continue recommending to add the two records > manually. :-) > > > Regards, > Marc >I will try again to see if it was just a one off, but at least it gives us a pointer to what is wrong ;-) When samba_dnsupdate tries to get the credentials, there is this line: creds.guess(lp) I 'think' it is guessing wrong ?? Rowland
On Thu, 20 Oct 2016 09:02:22 +0100 Rowland Penny via samba <samba at lists.samba.org> wrote:> On Wed, 19 Oct 2016 23:12:50 +0200 > Marc Muehlfeld <mmuehlfeld at samba.org> wrote: > > > Hi Rowland, > > > > thanks for testing and your feedback. > > > > > > Am 19.10.2016 um 21:50 schrieb Rowland Penny via samba: > > > Workaround: > > > turn off samba on the first DC, then restart samba on the second > > > DC. There is a gotcha however, I had to force replication with > > > 'samba-tool drs replicate' (after I restarted samba on the first > > > DC) > > > > This sounds more complicated and the user has to turn of the > > existing DC(s?) what makes the domain unavailable. > > > > I think we should continue recommending to add the two records > > manually. :-) > > > > > > Regards, > > Marc > > > > I will try again to see if it was just a one off, but at least it > gives us a pointer to what is wrong ;-) > > When samba_dnsupdate tries to get the credentials, there is this line: > > creds.guess(lp) > > I 'think' it is guessing wrong ?? > > Rowland >OK, after a lot more testing, I can get the records created without turning the first DC off. Provision the first DC. Set the nameserver in /etc/resolv.conf on what will become the second DC to the first DC. Join the second DC Before starting samba on the second DC, change these lines in samba_dnsupdate: creds = credentials.Credentials() creds.guess(lp) To: creds = credentials.Credentials() creds.set_workstation(host) change the nameserver to now be the second DCs ipaddress start samba and then immediately restart samba (no,I don't know why) now change the nameserver on each DC to point to the other DC. Go for a walk, have a brew, whatever, but just wait for replication to kick in. You will now find all the required records have been created and replicated. I think samba_upgradedns needs to start replication after updating any records, it also needs to be made to use the credentials of the machine it is running on. I am unsure if the modification I made is valid, but it seems work. Rowland
On 10/20/2016 12:41 PM, Rowland Penny via samba wrote:> On Thu, 20 Oct 2016 09:02:22 +0100 > Rowland Penny via samba <samba at lists.samba.org> wrote: > >> On Wed, 19 Oct 2016 23:12:50 +0200 >> Marc Muehlfeld <mmuehlfeld at samba.org> wrote: >> >>> Hi Rowland, >>> >>> thanks for testing and your feedback. >>> >>> >>> Am 19.10.2016 um 21:50 schrieb Rowland Penny via samba: >>>> Workaround: >>>> turn off samba on the first DC, then restart samba on the second >>>> DC. There is a gotcha however, I had to force replication with >>>> 'samba-tool drs replicate' (after I restarted samba on the first >>>> DC) >>> This sounds more complicated and the user has to turn of the >>> existing DC(s?) what makes the domain unavailable. >>> >>> I think we should continue recommending to add the two records >>> manually. :-) >>> >>> >>> Regards, >>> Marc >>> >> I will try again to see if it was just a one off, but at least it >> gives us a pointer to what is wrong ;-) >> >> When samba_dnsupdate tries to get the credentials, there is this line: >> >> creds.guess(lp) >> >> I 'think' it is guessing wrong ?? >> >> Rowland >> > OK, after a lot more testing, I can get the records created without > turning the first DC off. > > Provision the first DC. > Set the nameserver in /etc/resolv.conf on what will become the second > DC to the first DC. > Join the second DC > Before starting samba on the second DC, change these lines in > samba_dnsupdate: > > creds = credentials.Credentials() > creds.guess(lp) > > To: > creds = credentials.Credentials() > creds.set_workstation(host) > > change the nameserver to now be the second DCs ipaddress > > start samba and then immediately restart samba (no,I don't know why) > > now change the nameserver on each DC to point to the other DC. > > Go for a walk, have a brew, whatever, but just wait for replication to > kick in. > > You will now find all the required records have been created and > replicated. > > I think samba_upgradedns needs to start replication after updating any > records, it also needs to be made to use the credentials of the machine > it is running on. I am unsure if the modification I made is valid, but > it seems work. > > Rowland >Rowland, I assume your testing is with bind? Will this modification be applicable to the internal DNS server as well? -- -James