Hello,
Replication from backup Active Directory Domain Controler to primary
Active Directory Domain Controler does not work, reporting error '
WERR_BADFILE '. The reverse works.
* Linux: Raspbian, debian stretch lite
* Samba version 4.5.12-Debian
* DNS: BIND9_DLZ 9.10.x
* Installed packages: ntp ntpdate samba smbclient winbind libcups2
samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user
root at ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc
dc=ry11cit,dc=local
Replicate from ry11citdc to ry11citsdc was successful.
root at ry11citdc:~# root at ry11citdc:~# samba-tool drs replicate ry11citsdc
ry11citdc dc=ry11cit,dc=local
-bash: root at ry11citdc:~#: command not found
root at ry11citdc:~# samba-tool drs replicate ry11citdc ry11citsdc
dc=ry11cit,dc=local
*ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync
failed -
drsException: DsReplicaSync failed (2, 'WERR_BADFILE')**
** File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line
368, in run**
** drs_utils.sendDsReplicaSync(server_bind, server_bind_handle,
source_dsa_guid, NC, req_options)**
** File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line
83,
in sendDsReplicaSync**
** raise drsException("DsReplicaSync failed %s" % estr)*
Please help, I don 't know the advice.
System integrator Jiří Knotek
Primary Active Directory Domain
Controler:---------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------
krb5.conf:
[libdefaults]
default_realm = RY11CIT.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
RY11CIT.LOCAL = {
kdc = ry11citdc.ry11cit.local
admin_server = ry11citdc.ry11cit.local
default_domain = ry11cit.local
}
named.conf:------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options:-----------------------
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
smb.conf:------------------------------
# Global parameters
[global]
netbios name = RY11CITDC
realm = RY11CIT.LOCAL
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Samba Provision---------------:
samba-tool domain provision --realm=RY11CIT.LOCAL --domain=RY11CIT
--server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'
samba_dnsupdate --verbose --all-names
:-------------------------------------------------------------------------
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11citdc.ry11cit.local. 900 IN A 10.44.1.10
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local. 900 IN NS ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.ry11cit.local. 900 IN NS ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local. 900 IN A 10.44.1.10
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ry11cit.local. 900 IN SRV 0 100 389
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 389
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local.
900 IN SRV 0 100 389 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.ry11cit.local. 900 IN SRV 0 100 88
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.ry11cit.local. 900 IN SRV 0 100 88
ry11citdc.ry11cit.local.
IPs: ['10.44.1.10']
force update: A ry11citdc.ry11cit.local 10.44.1.10
force update: NS ry11cit.local ry11citdc.ry11cit.local
force update: NS _msdcs.ry11cit.local ry11citdc.ry11cit.local
force update: A ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389
force update: SRV _ldap._tcp.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
force update: SRV
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
force update: SRV _kerberos._tcp.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kerberos._udp.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kerberos._tcp.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 88
force update: SRV _kpasswd._tcp.ry11cit.local ry11citdc.ry11cit.local 464
force update: SRV _kpasswd._udp.ry11cit.local ry11citdc.ry11cit.local 464
force update: CNAME
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local
ry11citdc.ry11cit.local
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 88
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 88
force update: SRV _ldap._tcp.pdc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
force update: A gc._msdcs.ry11cit.local 10.44.1.10
force update: SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268
force update: SRV _ldap._tcp.gc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 3268
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 3268
force update: A DomainDnsZones.ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.DomainDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
force update: A ForestDnsZones.ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.ForestDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/ry11citdc.ry11cit.local as
RY11CITDC$
update(nsupdate): A ry11citdc.ry11cit.local 10.44.1.10
Calling nsupdate for A ry11citdc.ry11cit.local 10.44.1.10 (add)
update(nsupdate): NS ry11cit.local ry11citdc.ry11cit.local
Calling nsupdate for NS ry11cit.local ry11citdc.ry11cit.local (add)
update(nsupdate): NS _msdcs.ry11cit.local ry11citdc.ry11cit.local
Calling nsupdate for NS _msdcs.ry11cit.local ry11citdc.ry11cit.local (add)
update(nsupdate): A ry11cit.local 10.44.1.10
Calling nsupdate for A ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV _ldap._tcp.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV _kerberos._tcp.ry11cit.local
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._tcp.ry11cit.local
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._udp.ry11cit.local
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._udp.ry11cit.local
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerbeOutgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 88
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.ry11cit.local. 900 IN SRV 0 100 464
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.ry11cit.local. 900 IN SRV 0 100 464
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local. 900 IN
CNAME ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0
100 389 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900
IN SRV 0 100 389 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN
SRV 0 100 88 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local.
900 IN SRV 0 100 88 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.pdc._msdcs.ry11cit.local. 900 IN SRV 0 100 389
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.ry11cit.local. 900 IN A 10.44.1.10
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.ry11cit.local. 900 IN SRV 0 100 3268
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.ry11cit.local. 900 IN SRV 0 100 3268
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100
3268 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local. 900
IN SRV 0 100 3268 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.ry11cit.local. 900 IN A 10.44.1.10
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.ry11cit.local. 900 IN SRV 0 100 389
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local.
900 IN SRV 0 100 389 ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.ry11cit.local. 900 IN A 10.44.1.10
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.ry11cit.local. 900 IN SRV 0 100 389
ry11citdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local.
900 IN SRV 0 100 389 ry11citdc.ry11cit.local.
ros._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kpasswd._tcp.ry11cit.local
ry11citdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._tcp.ry11cit.local
ry11citdc.ry11cit.local 464 (add)
update(nsupdate): SRV _kpasswd._udp.ry11cit.local
ry11citdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._udp.ry11cit.local
ry11citdc.ry11cit.local 464 (add)
update(nsupdate): CNAME
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local
ry11citdc.ry11cit.local
Calling nsupdate for CNAME
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local
ry11citdc.ry11cit.local (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 88
Calling nsupdate for SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): A gc._msdcs.ry11cit.local 10.44.1.10
Calling nsupdate for A gc._msdcs.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local
3268 (add)
update(nsupdate): SRV _ldap._tcp.gc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): SRV
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local
ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): A DomainDnsZones.ry11cit.local 10.44.1.10
Calling nsupdate for A DomainDnsZones.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): A ForestDnsZones.ry11cit.local 10.44.1.10
Calling nsupdate for A ForestDnsZones.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local
ry11citdc.ry11cit.local 389 (add)
Backup (Standby) Active Directory Domain
Controler:---------------------------------------------------------------------------------------------------
krb5.conf:
[libdefaults]
default_realm = RY11CIT.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
RY11CIT.LOCAL = {
kdc = ry11citsdc.ry11cit.local
admin_server = ry11citsdc.ry11cit.local
default_domain = ry11cit.local
}
named.conf:------------------------
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
named.conf.options:-----------------------
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};
smb.conf:------------------------------
# Global parameters
[global]
netbios name = RY11CITSDC
realm = RY11CIT.LOCAL
workgroup = RY11CIT
server role = active directory domain controller
[netlogon]
path = /var/lib/samba/sysvol/ry11cit.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Samba join:----------------------------
samba-tool domain join RY11CIT DC -Uadministrator --realm=RY11CIT.LOCAL
--dns-backend=BIND9_DLZ --adminpass='.....'
samba_dnsupdate --verbose --all-names
:-------------------------------------------------------------------------
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11citsdc.ry11cit.local. 900 IN A 10.44.1.9
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local. 900 IN NS ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.ry11cit.local. 900 IN NS ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local. 900 IN A 10.44.1.9
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ry11cit.local. 900 IN SRV 0 100 389
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 389
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local.
900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.ry11cit.local. 900 IN SRV 0 100 88
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.ry11cit.local. 900 IN SRV 0 100 88
ry11citsdc.ry11cit.local.
IPs: ['10.44.1.9']
force update: A ry11citsdc.ry11cit.local 10.44.1.9
force update: NS ry11cit.local ry11citsdc.ry11cit.local
force update: NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local
force update: A ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389
force update: SRV _ldap._tcp.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: SRV
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: SRV _kerberos._tcp.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kerberos._udp.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kerberos._tcp.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 88
force update: SRV _kpasswd._tcp.ry11cit.local ry11citsdc.ry11cit.local 464
force update: SRV _kpasswd._udp.ry11cit.local ry11citsdc.ry11cit.local 464
force update: CNAME
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local
ry11citsdc.ry11cit.local
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 88
force update: SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 88
force update: A gc._msdcs.ry11cit.local 10.44.1.9
force update: SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268
force update: SRV _ldap._tcp.gc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 3268
force update: SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 3268
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 3268
force update: A DomainDnsZones.ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.DomainDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: A ForestDnsZones.ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.ForestDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
force update: SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
28 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/ry11citdc.ry11cit.local as
RY11CITSDC$
update(nsupdate): A ry11citsdc.ry11cit.local 10.44.1.9
Calling nsupdate for A ry11citsdc.ry11cit.local 10.44.1.9 (add)
update(nsupdate): NS ry11cit.local ry11citsdc.ry11cit.local
Calling nsupdate for NS ry11cit.local ry11citsdc.ry11cit.local (add)
update(nsupdate): NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local
Calling nsupdate for NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local (add)
update(nsupdate): A ry11cit.local 10.44.1.9
Calling nsupdate for A ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV _ldap._tcp.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV _kerberos._tcp.ry11cit.local
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._tcp.ry11cit.local
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._udp.ry11cit.local
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._udp.ry11cit.local
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.ry11cit.local
ry11citsdc.ry11ciOutgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 88
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.ry11cit.local. 900 IN SRV 0 100 464
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.ry11cit.local. 900 IN SRV 0 100 464
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local. 900 IN
CNAME ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0
100 389 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900
IN SRV 0 100 389 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN
SRV 0 100 88 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local.
900 IN SRV 0 100 88 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.ry11cit.local. 900 IN A 10.44.1.9
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.ry11cit.local. 900 IN SRV 0 100 3268
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.ry11cit.local. 900 IN SRV 0 100 3268
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100
3268 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local. 900
IN SRV 0 100 3268 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.ry11cit.local. 900 IN A 10.44.1.9
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.ry11cit.local. 900 IN SRV 0 100 389
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local.
900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.ry11cit.local. 900 IN A 10.44.1.9
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.ry11cit.local. 900 IN SRV 0 100 389
ry11citsdc.ry11cit.local.
Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local.
900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.
t.local 88 (add)
update(nsupdate): SRV _kpasswd._tcp.ry11cit.local
ry11citsdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._tcp.ry11cit.local
ry11citsdc.ry11cit.local 464 (add)
update(nsupdate): SRV _kpasswd._udp.ry11cit.local
ry11citsdc.ry11cit.local 464
Calling nsupdate for SRV _kpasswd._udp.ry11cit.local
ry11citsdc.ry11cit.local 464 (add)
update(nsupdate): CNAME
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local
ry11citsdc.ry11cit.local
Calling nsupdate for CNAME
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local
ry11citsdc.ry11cit.local (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 88
Calling nsupdate for SRV
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): A gc._msdcs.ry11cit.local 10.44.1.9
Calling nsupdate for A gc._msdcs.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local
3268 (add)
update(nsupdate): SRV _ldap._tcp.gc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV _ldap._tcp.gc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): SRV
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local
ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local
ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): A DomainDnsZones.ry11cit.local 10.44.1.9
Calling nsupdate for A DomainDnsZones.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): A ForestDnsZones.ry11cit.local 10.44.1.9
Calling nsupdate for A ForestDnsZones.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local
ry11citsdc.ry11cit.local 389 (add)
--
*Ing. Jiří Knotek*
programátor
*GEMA s.r.o. Automatizace technologických procesů*
Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek at gemapce.cz <mailto:jiri.knotek at gemapce.cz>
Web:www.gemapce.cz <http://www.gemapce.cz/>