Marco Gaiarin
2018-Mar-22 10:47 UTC
[Samba] [OT?] Strangeness on clients migrating NT -> AD...
Mandi! Rowland Penny via samba In chel di` si favelave...> So, it sounds like you have a PDC for the domain 'DOMAIN' and an AD DC > for the domain 'DOMAIN' both using the same SID, I don't think this is > going to work. I suggest you turn the old PDC off.No no no! I'm not mad! ;-) There's the OLD PDC for the domain 'SVCORSI', and the new AD DC for the domain 'LNFFVG', with different SID! They are different domains!> > We have keep unchanged our DNS and DHCP setup: machines got dns as in > > previous configuration, the (old) dns simply forward requests to the > > AD domain subzones. > Your win7 machines should be using the AD DC as their dns server.Why?! Does not suffices to have working DNS? or the bind_dlz module do also some protocol extensions?> > DNS seems to work as expected. On win7 box, event viewer seems to have > > useful info... > If event viewer does have useful info, what is it ?Ahem, event viewer seems NOT to have useful info... sorry... -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
Rowland Penny
2018-Mar-22 10:58 UTC
[Samba] [OT?] Strangeness on clients migrating NT -> AD...
On Thu, 22 Mar 2018 11:47:21 +0100 Marco Gaiarin via samba <samba at lists.samba.org> wrote:> Mandi! Rowland Penny via samba > In chel di` si favelave... > > > > So, it sounds like you have a PDC for the domain 'DOMAIN' and an AD > > DC for the domain 'DOMAIN' both using the same SID, I don't think > > this is going to work. I suggest you turn the old PDC off. > > No no no! I'm not mad! ;-)Never said you were ;-)> > There's the OLD PDC for the domain 'SVCORSI', and the new AD DC for > the domain 'LNFFVG', with different SID! They are different domains! >OK, but if the win7 machines were domain members of 'SVCORSI', then they still might be trying to find it, best thing is to turn it off.> > > > We have keep unchanged our DNS and DHCP setup: machines got dns > > > as in previous configuration, the (old) dns simply forward > > > requests to the AD domain subzones. > > Your win7 machines should be using the AD DC as their dns server. > > Why?! Does not suffices to have working DNS? or the bind_dlz module do > also some protocol extensions?It doesn't matter if you are using the internal dns server or Bind9, they both use the data stored in AD, so you should use the DC as the dns server, not using the DC could be part of your problem. Rowland
Marco Gaiarin
2018-Mar-22 11:56 UTC
[Samba] [OT?] Strangeness on clients migrating NT -> AD...
Mandi! Rowland Penny via samba In chel di` si favelave...> > There's the OLD PDC for the domain 'SVCORSI', and the new AD DC for > > the domain 'LNFFVG', with different SID! They are different domains! > OK, but if the win7 machines were domain members of 'SVCORSI', then > they still might be trying to find it, best thing is to turn it off.Currently, i cannot. ;-( 'they still might be trying to find it' came form your experience, or there's some docs outh there that describe the situation?> > > Your win7 machines should be using the AD DC as their dns server. > > Why?! Does not suffices to have working DNS? or the bind_dlz module do > > also some protocol extensions? > It doesn't matter if you are using the internal dns server or Bind9, > they both use the data stored in AD, so you should use the DC as the > dns server, not using the DC could be part of your problem.No, you are not understood me (or, probably, i not explained me ;). I suposed that bind_dlz is a module needed to read zone files directly in AD ''database'', but not ''extend'' the DNS protocol, so having the DC bind9 server reply to client query and cache/redirect ones to the AD bind9 server, or having the converse (bind9 AD server reply to client request, and forward to other bind9 server the non-domain query) was the same. Knowing a bit the DNS protocol, the latter or the former seems to me the same... Anyway, we are trying to re-image some of these box, and problem desappear. Boh. -- dott. Marco Gaiarin GNUPG Key ID: 240A3D66 Associazione ``La Nostra Famiglia'' http://www.lanostrafamiglia.it/ Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN) marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797 Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA! http://www.lanostrafamiglia.it/index.php/it/sostienici/5x1000 (cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)