Hai, Since your getting. finddcs: No matching server found> ERROR: Invalid IP address '3(NXDOMAIN)'!There is something wrong in the base of you setup. Check all DC's for ipnumbers (A) and PTR records. Dont forget to create the reverse zone yourself. https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record After you checked all and corrected verything, reboot first the DC with FSMO roles and the other DC('s) Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Mike Lykov [mailto:combr at samges.ru] > Verzonden: vrijdag 18 november 2016 18:40 > Aan: L.P.H. van Belle > Onderwerp: Re: [Samba] group policy update fails > > 18.11.2016 16:13, L.P.H. van Belle ??????????: > > Oeps. I did hit the send button. > > > > Get this one also and can you mail me the output. > > http://downloads.van-belle.nl/samba4/samba-info.sh > > > > you should see something link this. > > Server info: > > This server hostname = dc1 > > This server FQDN (hostname) = dc1.internal.domain.tld > > This server IP address = 192.168.0.1 > > The DC with FSMO roles = DC1 > > The DC (with FSMO) Site name = Default-First-Site-Name > > The Default Naming Context = DC=internal,DC=domain,DC=tld > > The Kerberos name used = KERBEROS.REALM.TLD > > The Ipadres of DC dc2.internal.domain.tld. = 192.168.0.2 > > The Ipadres of DC dc1.internal.domain.tld. = 192.168.0.1 > > Without fixing hostname > > root at ad41:~# ./samba-info.sh > .... > dns child failed to find name '3(NXDOMAIN)' of type A > finddcs: No matching server found > ERROR: Invalid IP address '3(NXDOMAIN)'! > File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line > 127, in run > res = netcmd_get_domain_infos_via_cldap(lp, None, address) > File "/usr/lib/python2.7/dist-packages/samba/netcmd/common.py", line > 70, in netcmd_get_domain_infos_via_cldap > flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) > Server info: > This server hostname = ad41 > This server FQDN (hostname) = ad41.samges.ru > This server IP address = 172.16.214.141 > The DC with FSMO roles = AD41 > The DC (with FSMO) Site name = Default-First-Site-Name > The Default Naming Context = DC=dc,DC=samges,DC=ru > The Kerberos name used = DC.SAMGES.RU > The Ipadres of DC 3(NXDOMAIN) = record > root at ad41:~# > > > > > > > Best regards, > > > > Louis > > > > > > > > > >> -----Oorspronkelijk bericht----- > >> Van: L.P.H. van Belle [mailto:belle at bazuin.nl] > >> Verzonden: vrijdag 18 november 2016 13:10 > >> Aan: 'Mike Lykov' > >> Onderwerp: RE: [Samba] group policy update fails > >> > >> Hai, > >> > >> Ok, these can be ignored, these exist per server and are not > replicated. > >>> msDS-NcType > >>> subRefs > >> ( i'll adjust the script for it. ) > >> > >> The script tests 2 ways. > >> samba-tool drs showrepl > >> and > >> samba-tool ldapcmp --filter='whenChanged' ldap://$SAMBA_DC1 ldap://$x" > >> > >> can you check again with : > >> samba-tool ldapcmp --filter='whenChanged,subRefs,msDS-NcType' > >> ldap://DC1_with_FSMO.domain.tld ldap://other_DC.domain.tld > >> > >> can you run this one also. > >> > >> > >>> -----Oorspronkelijk bericht----- > >>> Van: Mike Lykov [mailto:combr at samges.ru] > >>> Verzonden: vrijdag 18 november 2016 12:20 > >>> Aan: L.P.H. van Belle > >>> Onderwerp: Re: [Samba] group policy update fails > >>> > >>> 18.11.2016 12:04, L.P.H. van Belle via samba ??????????: > >>>> This looks all good. > >>>> > >>>> Can you check you database replication with my script. > >>>> http://downloads.van-belle.nl/samba4/samba-check-db-repl.sh > >>>> It does some basic checked to detect the AD DC's. > >>>> And it compaires the ad db database in 2 ways. > >>> > >>> May I ask you about my results interpretation? > >>> > >>> ------------- > >>> Result for [DOMAIN]: FAILURE > >>> Attributes found only in ldap://ad41.dc.samges.ru: > >>> msDS-NcType > >>> serverState > >>> Result for [CONFIGURATION]: FAILURE > >>> Attributes found only in ldap://ad41.dc.samges.ru: > >>> msDS-NcType > >>> subRefs > >>> > >>> Result for [SCHEMA]: FAILURE > >>> Attributes found only in ldap://ad41.dc.samges.ru: > >>> msDS-NcType > >>> --------------- > >>> > >>> What is this attributes means, why they could not replicate? > >>> And how to fix this case? > >>> "samba drs showrepl" show all is ok. > >>> > >>> ----------- > >>> * Comparing [DNSDOMAIN] context... > >>> Failed search of base=DC=DomainDnsZones,DC=dc,DC=samges,DC=ru > >>> ------------ > >>> > >>> Why it can happen? > >>> > >>> > >>> -- > >>> Mike Lykov, system administrator > > > >
21.11.2016 12:32, L.P.H. van Belle via samba пишет:> Hai, > > Since your getting. > finddcs: No matching server found >> ERROR: Invalid IP address '3(NXDOMAIN)'! > There is something wrong in the base of you setup.yes, and it is a server own local hostname see "DC server own hostname must be part of ad dc domain?" thread your script relies on "hostname -d" output, but my server have hostname domain != AD DC domain hostname domain : root at ad51:~# hostname -d samges.ru AD DC domain: dc.samges.ru local fqdn hostname for server root at ad51:~# hostname -f ad51.samges.ru server in ad dc domain: root at ad51:/var/log/samba# host -t A ad51.dc.samges.ru ad51.dc.samges.ru has address 172.16.214.151> Check all DC's for ipnumbers (A) and PTR records. > Dont forget to create the reverse zone yourself.I have not created reverse zone yet, because> https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_RecordNothing about PTR on wiki here ^ or here: https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory or here https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Configuring_the_DNS_Resolver ------------ Thanks, Mike> >> -----Oorspronkelijk bericht----- >> Van: Mike Lykov [mailto:combr at samges.ru] >> Verzonden: vrijdag 18 november 2016 18:40 >> Aan: L.P.H. van Belle >> Onderwerp: Re: [Samba] group policy update fails >> >> 18.11.2016 16:13, L.P.H. van Belle ??????????: >>> Oeps. I did hit the send button. >>> >>> Get this one also and can you mail me the output. >>> http://downloads.van-belle.nl/samba4/samba-info.sh >>> >>> you should see something link this. >>> Server info: >>> This server hostname = dc1 >>> This server FQDN (hostname) = dc1.internal.domain.tld >>> This server IP address = 192.168.0.1 >>> The DC with FSMO roles = DC1 >>> The DC (with FSMO) Site name = Default-First-Site-Name >>> The Default Naming Context = DC=internal,DC=domain,DC=tld >>> The Kerberos name used = KERBEROS.REALM.TLD >>> The Ipadres of DC dc2.internal.domain.tld. = 192.168.0.2 >>> The Ipadres of DC dc1.internal.domain.tld. = 192.168.0.1 >> >> Without fixing hostname >> >> root at ad41:~# ./samba-info.sh >> .... >> dns child failed to find name '3(NXDOMAIN)' of type A >> finddcs: No matching server found >> ERROR: Invalid IP address '3(NXDOMAIN)'! >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line >> 127, in run >> res = netcmd_get_domain_infos_via_cldap(lp, None, address) >> File "/usr/lib/python2.7/dist-packages/samba/netcmd/common.py", line >> 70, in netcmd_get_domain_infos_via_cldap >> flags=nbt.NBT_SERVER_LDAP | nbt.NBT_SERVER_DS) >> Server info: >> This server hostname = ad41 >> This server FQDN (hostname) = ad41.samges.ru >> This server IP address = 172.16.214.141 >> The DC with FSMO roles = AD41 >> The DC (with FSMO) Site name = Default-First-Site-Name >> The Default Naming Context = DC=dc,DC=samges,DC=ru >> The Kerberos name used = DC.SAMGES.RU >> The Ipadres of DC 3(NXDOMAIN) = record >> root at ad41:~# >> >>> >>> >>> Best regards, >>> >>> Louis >>> >>> >>> >>> >>>> -----Oorspronkelijk bericht----- >>>> Van: L.P.H. van Belle [mailto:belle at bazuin.nl] >>>> Verzonden: vrijdag 18 november 2016 13:10 >>>> Aan: 'Mike Lykov' >>>> Onderwerp: RE: [Samba] group policy update fails >>>> >>>> Hai, >>>> >>>> Ok, these can be ignored, these exist per server and are not >> replicated. >>>>> msDS-NcType >>>>> subRefs >>>> ( i'll adjust the script for it. ) >>>> >>>> The script tests 2 ways. >>>> samba-tool drs showrepl >>>> and >>>> samba-tool ldapcmp --filter='whenChanged' ldap://$SAMBA_DC1 ldap://$x" >>>> >>>> can you check again with : >>>> samba-tool ldapcmp --filter='whenChanged,subRefs,msDS-NcType' >>>> ldap://DC1_with_FSMO.domain.tld ldap://other_DC.domain.tld >>>> >>>> can you run this one also. >>>> >>>> >>>>> -----Oorspronkelijk bericht----- >>>>> Van: Mike Lykov [mailto:combr at samges.ru] >>>>> Verzonden: vrijdag 18 november 2016 12:20 >>>>> Aan: L.P.H. van Belle >>>>> Onderwerp: Re: [Samba] group policy update fails >>>>> >>>>> 18.11.2016 12:04, L.P.H. van Belle via samba ??????????: >>>>>> This looks all good. >>>>>> >>>>>> Can you check you database replication with my script. >>>>>> http://downloads.van-belle.nl/samba4/samba-check-db-repl.sh >>>>>> It does some basic checked to detect the AD DC's. >>>>>> And it compaires the ad db database in 2 ways. >>>>> >>>>> May I ask you about my results interpretation? >>>>> >>>>> ------------- >>>>> Result for [DOMAIN]: FAILURE >>>>> Attributes found only in ldap://ad41.dc.samges.ru: >>>>> msDS-NcType >>>>> serverState >>>>> Result for [CONFIGURATION]: FAILURE >>>>> Attributes found only in ldap://ad41.dc.samges.ru: >>>>> msDS-NcType >>>>> subRefs >>>>> >>>>> Result for [SCHEMA]: FAILURE >>>>> Attributes found only in ldap://ad41.dc.samges.ru: >>>>> msDS-NcType >>>>> --------------- >>>>> >>>>> What is this attributes means, why they could not replicate? >>>>> And how to fix this case? >>>>> "samba drs showrepl" show all is ok. >>>>> >>>>> ----------- >>>>> * Comparing [DNSDOMAIN] context... >>>>> Failed search of base=DC=DomainDnsZones,DC=dc,DC=samges,DC=ru >>>>> ------------ >>>>> >>>>> Why it can happen? >>>>> >>>>> >>>>> -- >>>>> Mike Lykov, system administrator >>> >>> > > >-- Mike Lykov, system administrator
On Mon, 21 Nov 2016 13:28:39 +0400 Mike Lykov via samba <samba at lists.samba.org> wrote:> 21.11.2016 12:32, L.P.H. van Belle via samba пишет: > > Hai, > > > > Since your getting. > > finddcs: No matching server found > >> ERROR: Invalid IP address '3(NXDOMAIN)'! > > There is something wrong in the base of you setup. > > yes, and it is a server own local hostname > see "DC server own hostname must be part of ad dc domain?" thread > > your script relies on "hostname -d" output, but my server have > hostname domain != AD DC domainThere is your problem!! 'hostname domain' MUST be the same as 'AD DC domain' If it isn't, they are not the same domains and kerberos will not work.> > hostname domain : > root at ad51:~# hostname -d > samges.ru > > AD DC domain: > dc.samges.ru > > local fqdn hostname for server > root at ad51:~# hostname -f > ad51.samges.ru > > server in ad dc domain: > > root at ad51:/var/log/samba# host -t A ad51.dc.samges.ru > ad51.dc.samges.ru has address 172.16.214.151 > > > Check all DC's for ipnumbers (A) and PTR records. > > Dont forget to create the reverse zone yourself. > > I have not created reverse zone yet, because > > > > https://wiki.samba.org/index.php/Verifying_and_Creating_a_DC_DNS_Record > > Nothing about PTR on wiki here ^ or here: > https://wiki.samba.org/index.php/Joining_a_Samba_DC_to_an_Existing_Active_Directory > > or here > https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller#Configuring_the_DNS_Resolver >You are quite correct, if there is anything it is hard to find, I will correct this. Rowland