samba - Mar 2018 - Error joining Samba 4.7.4 DC to existing Win2008R2 domain

On Fri, 2 Mar 2018 16:15:43 +0100
Claudio Nicora <claudio.nicora at gmail.com> wrote:
> 
> > Is bind9 running during the join ?
> > How have you set up bind ?
> No it's not.
> Following the doc here
> https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End
> I see than the needed files (like /var/lib/samba/private/named.conf
> and /var/lib/samba/private/dns.keytab) are generated by samba-tool so
> I don't have them ready to be added to bind9 config.
> 
> Before running samba-tool this is content of relevant files:
> ==> root at srvad-new:~# cat /etc/hosts
> 127.0.0.1       localhost
> 10.0.3.90       srvad-old.samdom.local srvad-old
> 10.0.3.100      srvad-new.samdom.local   srvad-new
> 
> root at srvad-new:~# cat /etc/resolv.conf
> nameserver 10.0.3.90
> search samdom.local
> ==> 
> Am I missing something?
No, I was just checking if you where something you shouldn't, like
creating the zone files in the Bind configs.

There doesn't seem to be anything wrong in any of your conf files, the
only other thing I can think of is, is Avahi running on the new DC ?
and this only applies if your TLD is '.local'

I know that 4.7.5 will join to a Samba AD DC, but this is with Debian.

Rowland

> No, I was just checking if you where something you shouldn't, like
> creating the zone files in the Bind configs.
Good, it's better to clear out any doubt.
> There doesn't seem to be anything wrong in any of your conf files, the
> only other thing I can think of is, is Avahi running on the new DC ?
> and this only applies if your TLD is '.local'
No, it's not:
==root at srvad-new:~# apt remove avahi*
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'avahi-ui-utils' for glob 'avahi*'
Note, selecting 'avahi-daemon' for glob 'avahi*'
Note, selecting 'avahi-dnsconfd' for glob 'avahi*'
Note, selecting 'avahi-autoipd' for glob 'avahi*'
Note, selecting 'avahi-utils' for glob 'avahi*'
Note, selecting 'avahi-discover' for glob 'avahi*'
Package 'avahi-autoipd' is not installed, so not removed
Package 'avahi-daemon' is not installed, so not removed
Package 'avahi-utils' is not installed, so not removed
Package 'avahi-discover' is not installed, so not removed
Package 'avahi-dnsconfd' is not installed, so not removed
Package 'avahi-ui-utils' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
==
And no, my domain is not .local but each log I post was automatically 
cleaned up in a case-sensitive way ;)
MYDOMAIN --> SAMDOM
mydomain --> samdom
.EXT --> .LOCAL
...

Another thing that comes to my mind is that the 2008R2 domain was 
upgraded from an initial Win2000.
Win2000-->Samba direct migration is not possible because Samba requires 
at least a Win2003 domain.
So the complete upgrade was Win2000 (SRVAD-OLDOLD) --> Win2008R2 
(SRVAD-OLD) --> Domain/forest functional level upgrade --> Samba 4.7.4 
migration.

Could there be something wrong/unexpected in current Win2008R2 domain 
config?
It seems not to me because Windows client machines work ok and the 
domain seems to function properly.

Claudio
>
> I know that 4.7.5 will join to a Samba AD DC, but this is with Debian.
That's good

On Fri, 2 Mar 2018 16:48:26 +0100
Claudio Nicora <claudio.nicora at gmail.com> wrote:
> 
> > No, I was just checking if you where something you shouldn't, like
> > creating the zone files in the Bind configs.
> Good, it's better to clear out any doubt.
> 
> > There doesn't seem to be anything wrong in any of your conf files,
> > the only other thing I can think of is, is Avahi running on the new
> > DC ? and this only applies if your TLD is '.local'
> 
> No, it's not:
> ==> root at srvad-new:~# apt remove avahi*
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Note, selecting 'avahi-ui-utils' for glob 'avahi*'
> Note, selecting 'avahi-daemon' for glob 'avahi*'
> Note, selecting 'avahi-dnsconfd' for glob 'avahi*'
> Note, selecting 'avahi-autoipd' for glob 'avahi*'
> Note, selecting 'avahi-utils' for glob 'avahi*'
> Note, selecting 'avahi-discover' for glob 'avahi*'
> Package 'avahi-autoipd' is not installed, so not removed
> Package 'avahi-daemon' is not installed, so not removed
> Package 'avahi-utils' is not installed, so not removed
> Package 'avahi-discover' is not installed, so not removed
> Package 'avahi-dnsconfd' is not installed, so not removed
> Package 'avahi-ui-utils' is not installed, so not removed
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> ==> 
> And no, my domain is not .local but each log I post was automatically 
> cleaned up in a case-sensitive way ;)
> MYDOMAIN --> SAMDOM
> mydomain --> samdom
> .EXT --> .LOCAL
> ...
> 
> Another thing that comes to my mind is that the 2008R2 domain was 
> upgraded from an initial Win2000.
> Win2000-->Samba direct migration is not possible because Samba
> requires at least a Win2003 domain.
> So the complete upgrade was Win2000 (SRVAD-OLDOLD) --> Win2008R2 
> (SRVAD-OLD) --> Domain/forest functional level upgrade --> Samba
> 4.7.4 migration.
> 
> Could there be something wrong/unexpected in current Win2008R2 domain 
> config?
> It seems not to me because Windows client machines work ok and the 
> domain seems to function properly.
> 
> Claudio
> 
> >
> > I know that 4.7.5 will join to a Samba AD DC, but this is with
> > Debian.
> 
> That's good
And I can now confirm that 4.7.4 on the latest Ubuntu 18.04 snapshot
joins to a Samba AD domain as a DC.

As a side note, it took me longer to give the Ubuntu VM a fixed ip etc
than it took to join as a DC and then people ask me why I don't like a
certain set of packages ;-)

Rowland