samba - Oct 2018 - Internal DNS migrate to Bind9_DLZ

Hai, 
 
I've checked out the log you send and i re-read the complete thread. 
 
Based on thats done and what i did see in you logs now, looks like a  *
(wildcard)  entry is giving the problem.
But i am not sure of that, the wildcard bugs should be fixed, when i look in
bugzilla.  (#10435 #12952 )
 
I've forwarded the mail to Rowland also before we go throw things at you
again. ;-)
I've snaped the parts i think where the interesting parts in this mail, but
maybe Rowland notices more.
 
Last, have you tried with the bind config at port 53  in stead of 5353. 
Please note, RedHat is not my cookie so any Centos/Red Hat people here, comments
are usefull..
last remove this part from you named.conf

# Root Servers
# (Required for recursive DNS queries)
zone "." {
type hint;
file "named.root";
};

# localhost zone
zone "localhost" {
type master;
file "master/localhost.zone";
};

# 127.0.0. zone.
zone "0.0.127.in-addr.arpa" {
type master;
file "master/0.0.127.zone";
};

These zones are also in
DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp

The log parts. 

31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
31-Oct-2018 13:26:56.585 statistics channel listening on 127.0.0.1#8653
31-Oct-2018 13:26:56.585 using default UDP/IPv4 port range: [1024, 65535]
31-Oct-2018 13:26:56.585 using default UDP/IPv6 port range: [1024, 65535]
31-Oct-2018 13:26:56.589 no IPv6 interfaces found
31-Oct-2018 13:26:56.589 listening on IPv4 interface lo, 127.0.0.1#5353
31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010: create
.. 
31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192, <IP>#5353
..
31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt: 0x7f4bcc6acc70 .
31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using driver dlopen
31-Oct-2018 13:26:56.620 Loading SDLZ driver.
--
31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:56.754 samba_dlz: defaultNamingContext:
DC=<domain>,DC=corp
31-Oct-2018 13:26:56.754 samba_dlz: schemaNamingContext:
CN=Schema,CN=Configuration,DC=<domain>,DC=corp
 
and then it starts the fail. 
 
 
31-Oct-2018 13:26:56.758 samba_dlz: 
31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring: No such
Base DN: CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:56.758 samba_dlz: error: 32
31-Oct-2018 13:26:56.758 samba_dlz: msg: No such Base DN: CN=Directory
Service,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:56.758 samba_dlz: 
 
31-Oct-2018 13:26:56.763 samba_dlz: dn: @PARTITION
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @ATTRIBUTES
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @INDEXLIST
31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @OPTIONS
31-Oct-2018 13:26:56.763 samba_dlz: partition:
CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
31-Oct-2018 13:26:56.763 samba_dlz: 
MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.763 samba_dlz: partition:
CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.764 samba_dlz: partition:
DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.764 samba_dlz: partition:
DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
31-Oct-2018 13:26:56.764 samba_dlz: partition:
DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
 
 
31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we have no
existing schema, seq_num: 1
31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no] updates
allowed[no]
 
31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for you. ) 
31-Oct-2018 13:26:56.776 samba_dlz: 
 
31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no] updates
allowed[no]

31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
 
31-Oct-2018 13:26:57.158 samba_dlz: started for DN DC=<domain>,DC=corp
31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
31-Oct-2018 13:26:57.158 samba_dlz: starting configure
 
31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring: No such
Base DN:
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:57.218 samba_dlz: error: 32
31-Oct-2018 13:26:57.218 samba_dlz: msg: No such Base DN:
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
 
31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
31-Oct-2018 13:26:57.482 samba_dlz:  dn:
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.482 samba_dlz:  scope: base
31-Oct-2018 13:26:57.482 samba_dlz:  expr:
(&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))
31-Oct-2018 13:26:57.482 samba_dlz:  attr: dnsRecord
31-Oct-2018 13:26:57.482 samba_dlz:  attr: dNSTombstoned
31-Oct-2018 13:26:57.482 samba_dlz:  control: <NONE>
 
31-Oct-2018 13:26:57.485 samba_dlz: 
31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such
Base DN:
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:57.485 samba_dlz: error: 32
31-Oct-2018 13:26:57.486 samba_dlz: msg: No such Base DN:
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.486 samba_dlz: 
 
 
31-Oct-2018 13:26:57.488 samba_dlz: 
31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_asprintf/set_errstring: No such
Base DN:
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
31-Oct-2018 13:26:57.488 samba_dlz: error: 32
31-Oct-2018 13:26:57.488 samba_dlz: msg: No such Base DN:
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
31-Oct-2018 13:26:57.488 samba_dlz: 
 
 
31-Oct-2018 13:26:57.494 samba_dlz: 
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded; checking
validity
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has 0 SOA records
31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has no NS records
31-Oct-2018 13:26:57.494 samba_dlz: Failed to configure zone
'<domain>.corp'
31-Oct-2018 13:26:57.495 load_configuration: bad zone
31-Oct-2018 13:26:57.495 loading configuration: bad zone
31-Oct-2018 13:26:57.495 client @0x7f4bb80ea690: udprecv
31-Oct-2018 13:26:57.495 exiting (due to fatal error)
31-Oct-2018 13:26:57.495 client @0x7f4bb80f8a40: udprecv
 

 
Greetz, 
 
Louis
 


Van: Eben Victor [mailto:eben.victor at gmail.com] 
Verzonden: woensdag 31 oktober 2018 13:35
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ



Hello Louis,


I finally managed to try and do some testing again.

Apologies for this issue to still popping up, I have tried everything.
See attached samba and named debugging set to 10.


I have currently removed all reverse zones, I ran 'samba-tool dbcheck --fix
--yes'
I'm busy testing on 1 of my 7 DC's but no matter same error.



Kind Regards


On Tue, Jul 31, 2018 at 11:33 AM L.P.H. van Belle via samba <samba at
lists.samba.org> wrote:

Hai, 

Did you make sure that your root and localhost zones are loaded last in the bind
config.

The order matters, at least if you also use bind_DLZ. 

I suggest, you try it. 
Im Just thinking about this,  if your . (root) zone is loaded, and its trying to
lookup you company.corp domain.
It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so lookup on
the internet.
Its a possible option this happens, i dont know the bind9_dlz code. 

And this, >>  domain.corp is just an alias, not the actual domain name. 
Setup a with a real zone. 

But pretty im sure your problem is caused by one of these 2. 

I suguest start with making sure your localhost and root zones are loaded last
on named.conf.

In my Debian server the order is as followed.
include "/etc/bind/named.conf.options";         < here (withing the
options line:  at the bottum of the global options: tkey-gssapi-keytab
"/var/lib/samba/private/dns.keytab";
include "/etc/bind/named.conf.local";           < here only one
line:  include "/var/lib/samba/private/named.conf"; 
include "/etc/bind/named.conf.default-zones";   < here are my root
and localhost zones ( default bind, not in DLZ )


Greetz, 

Louis




> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: dinsdag 31 juli 2018 10:23
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
> 
> On Mon, 30 Jul 2018 23:36:46 +0200
> Eben Victor <eben.victor at gmail.com> wrote:
> 
> > It is part of the Sernet packages and is currently on 1.3.4
> > /usr/lib64/samba/libldb.so.1.3.4
> > 
> > We started using sernet-samba-ad from v4 using the internal dns and
> > updated as versions were released. We have now recently updated from
> > 4.8.2 to 4.8.3 and still using internal dns.
> > Our DNS is working as it should, it's only been since recently
that
> > we have to migrate to bind9.
> > 
> 
> So, you are using Samba without problem, it is just that when you try
> to use Bind9 instead of the internal dns server, your problems start.
> 
> Let's just recap
> 
> You have run 'samba_upgradedns'
> You have altered smb.conf
> You have configured 'named.conf' correctly
> The Samba 'named.conf' file is readable by 'named' (this
should be
> 'rw-r--r--' i.e. world readable)
> 
> But, even though everything looks okay, Bind9 will not start.
> 
> This is strange, there doesn't seem to be any reason for it.
> 
> Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> without problems ?
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba



-- 
Eben Victor

Cell:  +27 82 759 5266
Email: eben.victor at gmail.com

On Wed, 31 Oct 2018 14:52:28 +0100
L.P.H. van Belle <belle at bazuin.nl> wrote:
> Hai, 
>  
> I've checked out the log you send and i re-read the complete thread. 
>  
> Based on thats done and what i did see in you logs now, looks like a
> * (wildcard)  entry is giving the problem. But i am not sure of that,
> the wildcard bugs should be fixed, when i look in bugzilla.  (#10435
> #12952 ) I've forwarded the mail to Rowland also before we go throw
> things at you again. ;-) I've snaped the parts i think where the
> interesting parts in this mail, but maybe Rowland notices more. 
> Last, have you tried with the bind config at port 53  in stead of
> 5353. Please note, RedHat is not my cookie so any Centos/Red Hat
> people here, comments are usefull.. last remove this part from you
> named.conf
> 
> # Root Servers
> # (Required for recursive DNS queries)
> zone "." {
> type hint;
> file "named.root";
> };
> 
> # localhost zone
> zone "localhost" {
> type master;
> file "master/localhost.zone";
> };
> 
> # 127.0.0. zone.
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/0.0.127.zone";
> };
> 
> These zones are also in
>
DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
They may be, but they are not Samba dns zones and are not causing the
problem, as proof I have them in my setup without problem.
> 
> The log parts. 
> 
> 31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
> 31-Oct-2018 13:26:56.585 statistics channel listening on
> 127.0.0.1#8653 31-Oct-2018 13:26:56.585 using default UDP/IPv4 port
> range: [1024, 65535] 31-Oct-2018 13:26:56.585 using default UDP/IPv6
> port range: [1024, 65535] 31-Oct-2018 13:26:56.589 no IPv6 interfaces
> found 31-Oct-2018 13:26:56.589 listening on IPv4 interface lo,
> 127.0.0.1#5353 31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010:
> create .. 
> 31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192,
<IP>#5353
> ..
> 31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
> 31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
> 31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt:
> 0x7f4bcc6acc70 . 31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone'
using
> driver dlopen 31-Oct-2018 13:26:56.620 Loading SDLZ driver.
> --
> 31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
> 31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
> CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018 13:26:56.754
> samba_dlz: defaultNamingContext: DC=<domain>,DC=corp 31-Oct-2018
> 13:26:56.754 samba_dlz: schemaNamingContext:
> CN=Schema,CN=Configuration,DC=<domain>,DC=corp and then it starts the
> fail. 
>  
> 31-Oct-2018 13:26:56.758 samba_dlz: 
> 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring:
> No such Base DN: CN=Directory Service,CN=Windows
> NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
Have you checked if the supposedly missing DN's are actually not there
in AD ? 

> 31-Oct-2018
> 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018
> 13:26:56.758 samba_dlz: error: 32 31-Oct-2018 13:26:56.758 samba_dlz:
> msg: No such Base DN: CN=Directory Service,CN=Windows
> NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018
> 13:26:56.758 samba_dlz: 31-Oct-2018 13:26:56.763 samba_dlz: dn:
> @PARTITION 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> @ATTRIBUTES 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> @INDEXLIST 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> @OPTIONS 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
> 31-Oct-2018 13:26:56.763 samba_dlz:
> MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb 31-Oct-2018 13:26:56.763
> samba_dlz: partition:
> CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
> 31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb
31-Oct-2018
> 13:26:56.764 samba_dlz: partition:
> DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we
> have no existing schema, seq_num: 1 31-Oct-2018 13:26:56.921
> samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> 31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
> S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for
> you. ) 31-Oct-2018 13:26:56.776 samba_dlz: 31-Oct-2018 13:26:56.921
> samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> 
> 31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
>
Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4 
> 31-Oct-2018 13:26:57.158 samba_dlz: started for DN
DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 samba_dlz: starting configure
>  
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring:
> No such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.218 samba_dlz: error: 32 31-Oct-2018
> 13:26:57.218 samba_dlz: msg: No such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
> 31-Oct-2018 13:26:57.482 samba_dlz:  dn:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.482 samba_dlz:  scope: base 31-Oct-2018
> 13:26:57.482 samba_dlz:  expr:
> (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))) 31-Oct-2018
> 13:26:57.482 samba_dlz:  attr: dnsRecord 31-Oct-2018 13:26:57.482
> samba_dlz:  attr: dNSTombstoned 31-Oct-2018 13:26:57.482 samba_dlz:
> control: <NONE> 31-Oct-2018 13:26:57.485 samba_dlz: 31-Oct-2018
> 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base
> DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.485 samba_dlz: error: 32 31-Oct-2018
> 13:26:57.486 samba_dlz: msg: No such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.486 samba_dlz: 31-Oct-2018 13:26:57.488
> samba_dlz: 31-Oct-2018 13:26:57.488 samba_dlz: ldb:
> ldb_asprintf/set_errstring: No such Base DN:
>
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.488 samba_dlz: error: 32 31-Oct-2018
> 13:26:57.488 samba_dlz: msg: No such Base DN:
>
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz: 31-Oct-2018 13:26:57.494
> samba_dlz: 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded;
> checking validity 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
> has 0 SOA records 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
> has no NS records 31-Oct-2018 13:26:57.494 samba_dlz: 
Where are the SOA & NS records for your domain ?
Are they actually there, but Bind isn't finding them ?

If the records are not there, I would run samba_upgradedns and uograde
to the internal dns server, then run it again and upgrade to bind9,
this should recreate all the dns records.

Rowland

Hello Louis,

I'm manipulating some data in my production environment seeing as my test
environment is working fine and not getting any errors.
Hence the use of port 5353, but even if I use port 53 I still get the same
errors.

I have removed the portion you mentioned and still same errors.

Kind Regards

On Wed, Oct 31, 2018 at 4:00 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> Hai,
>
> I've checked out the log you send and i re-read the complete thread.
>
> Based on thats done and what i did see in you logs now, looks like a  *
> (wildcard)  entry is giving the problem.
> But i am not sure of that, the wildcard bugs should be fixed, when i look
> in bugzilla.  (#10435 #12952 )
>
> I've forwarded the mail to Rowland also before we go throw things at
you
> again. ;-)
> I've snaped the parts i think where the interesting parts in this mail,
> but maybe Rowland notices more.
>
> Last, have you tried with the bind config at port 53  in stead of 5353.
> Please note, RedHat is not my cookie so any Centos/Red Hat people here,
> comments are usefull..
> last remove this part from you named.conf
>
> # Root Servers
> # (Required for recursive DNS queries)
> zone "." {
> type hint;
> file "named.root";
> };
>
> # localhost zone
> zone "localhost" {
> type master;
> file "master/localhost.zone";
> };
>
> # 127.0.0. zone.
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "master/0.0.127.zone";
> };
>
> These zones are also in
>
DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
>
> The log parts.
>
> 31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
> 31-Oct-2018 13:26:56.585 statistics channel listening on 127.0.0.1#8653
> 31-Oct-2018 13:26:56.585 using default UDP/IPv4 port range: [1024, 65535]
> 31-Oct-2018 13:26:56.585 using default UDP/IPv6 port range: [1024, 65535]
> 31-Oct-2018 13:26:56.589 no IPv6 interfaces found
> 31-Oct-2018 13:26:56.589 listening on IPv4 interface lo, 127.0.0.1#5353
> 31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010: create
> ..
> 31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192,
<IP>#5353
> ..
> 31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
> 31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
> 31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt:
> 0x7f4bcc6acc70 .
> 31-Oct-2018 13:26:56.620 Loading 'AD DNS Zone' using driver dlopen
> 31-Oct-2018 13:26:56.620 Loading SDLZ driver.
> --
> 31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
> 31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
> CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.754 samba_dlz: defaultNamingContext:
> DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.754 samba_dlz: schemaNamingContext:
> CN=Schema,CN=Configuration,DC=<domain>,DC=corp
>
> and then it starts the fail.
>
>
> 31-Oct-2018 13:26:56.758 samba_dlz:
> 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN: CN=Directory Service,CN=Windows
> NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:56.758 samba_dlz: error: 32
> 31-Oct-2018 13:26:56.758 samba_dlz: msg: No such Base DN: CN=Directory
> Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.758 samba_dlz:
>
> 31-Oct-2018 13:26:56.763 samba_dlz: dn: @PARTITION
> 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @ATTRIBUTES
> 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @INDEXLIST
> 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries: @OPTIONS
> 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
> 31-Oct-2018 13:26:56.763 samba_dlz:
> MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
> 31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
> 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
>
>
> 31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we have
> no existing schema, seq_num: 1
> 31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no]
> updates allowed[no]
>
> 31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
> 31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
> S-1-5-21-123456789-115225906-12345679   ( i've changed this SID for
you. )
> 31-Oct-2018 13:26:56.776 samba_dlz:
>
> 31-Oct-2018 13:26:56.921 samba_dlz: schema_fsmo_init: we are master[no]
> updates allowed[no]
>
> 31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
> 31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
>
Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
>
> 31-Oct-2018 13:26:57.158 samba_dlz: started for DN
DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
> 31-Oct-2018 13:26:57.158 samba_dlz: starting configure
>
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.218 samba_dlz: error: 32
> 31-Oct-2018 13:26:57.218 samba_dlz: msg: No such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
>
> 31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
> 31-Oct-2018 13:26:57.482 samba_dlz:  dn:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.482 samba_dlz:  scope: base
> 31-Oct-2018 13:26:57.482 samba_dlz:  expr:
> (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE)))
> 31-Oct-2018 13:26:57.482 samba_dlz:  attr: dnsRecord
> 31-Oct-2018 13:26:57.482 samba_dlz:  attr: dNSTombstoned
> 31-Oct-2018 13:26:57.482 samba_dlz:  control: <NONE>
>
> 31-Oct-2018 13:26:57.485 samba_dlz:
> 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.485 samba_dlz: error: 32
> 31-Oct-2018 13:26:57.486 samba_dlz: msg: No such Base DN:
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.486 samba_dlz:
>
>
> 31-Oct-2018 13:26:57.488 samba_dlz:
> 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_asprintf/set_errstring: No
> such Base DN:
>
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
> 31-Oct-2018 13:26:57.488 samba_dlz: error: 32
> 31-Oct-2018 13:26:57.488 samba_dlz: msg: No such Base DN:
>
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> 31-Oct-2018 13:26:57.488 samba_dlz:
>
>
> 31-Oct-2018 13:26:57.494 samba_dlz:
> 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: loaded; checking
validity
> 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has 0 SOA records
> 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE: has no NS records
> 31-Oct-2018 13:26:57.494 samba_dlz: Failed to configure zone
> '<domain>.corp'
> 31-Oct-2018 13:26:57.495 load_configuration: bad zone
> 31-Oct-2018 13:26:57.495 loading configuration: bad zone
> 31-Oct-2018 13:26:57.495 client @0x7f4bb80ea690: udprecv
> 31-Oct-2018 13:26:57.495 exiting (due to fatal error)
> 31-Oct-2018 13:26:57.495 client @0x7f4bb80f8a40: udprecv
>
>
>
> Greetz,
>
> Louis
>
>
>
> Van: Eben Victor [mailto:eben.victor at gmail.com]
> Verzonden: woensdag 31 oktober 2018 13:35
> Aan: L.P.H. van Belle
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
>
>
>
> Hello Louis,
>
>
> I finally managed to try and do some testing again.
>
> Apologies for this issue to still popping up, I have tried everything.
> See attached samba and named debugging set to 10.
>
>
> I have currently removed all reverse zones, I ran 'samba-tool dbcheck
> --fix --yes'
> I'm busy testing on 1 of my 7 DC's but no matter same error.
>
>
>
> Kind Regards
>
>
> On Tue, Jul 31, 2018 at 11:33 AM L.P.H. van Belle via samba <
> samba at lists.samba.org> wrote:
>
> Hai,
>
> Did you make sure that your root and localhost zones are loaded last in
> the bind config.
>
> The order matters, at least if you also use bind_DLZ.
>
> I suggest, you try it.
> Im Just thinking about this,  if your . (root) zone is loaded, and its
> trying to lookup you company.corp domain.
> It hits resolv.conf then you bind, and bind_dlz is not loaded yet, so
> lookup on the internet.
> Its a possible option this happens, i dont know the bind9_dlz code.
>
> And this, >>  domain.corp is just an alias, not the actual domain
name.
> Setup a with a real zone.
>
> But pretty im sure your problem is caused by one of these 2.
>
> I suguest start with making sure your localhost and root zones are loaded
> last on named.conf.
>
> In my Debian server the order is as followed.
> include "/etc/bind/named.conf.options";         < here
(withing the
> options line:  at the bottum of the global options: tkey-gssapi-keytab
> "/var/lib/samba/private/dns.keytab";
> include "/etc/bind/named.conf.local";           < here only
one line:
> include "/var/lib/samba/private/named.conf";
> include "/etc/bind/named.conf.default-zones";   < here are my
root and
> localhost zones ( default bind, not in DLZ )
>
>
> Greetz,
>
> Louis
>
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Rowland Penny via samba
> > Verzonden: dinsdag 31 juli 2018 10:23
> > Aan: samba at lists.samba.org
> > Onderwerp: Re: [Samba] Internal DNS migrate to Bind9_DLZ
> >
> > On Mon, 30 Jul 2018 23:36:46 +0200
> > Eben Victor <eben.victor at gmail.com> wrote:
> >
> > > It is part of the Sernet packages and is currently on 1.3.4
> > > /usr/lib64/samba/libldb.so.1.3.4
> > >
> > > We started using sernet-samba-ad from v4 using the internal dns
and
> > > updated as versions were released. We have now recently updated
from
> > > 4.8.2 to 4.8.3 and still using internal dns.
> > > Our DNS is working as it should, it's only been since
recently that
> > > we have to migrate to bind9.
> > >
> >
> > So, you are using Samba without problem, it is just that when you try
> > to use Bind9 instead of the internal dns server, your problems start.
> >
> > Let's just recap
> >
> > You have run 'samba_upgradedns'
> > You have altered smb.conf
> > You have configured 'named.conf' correctly
> > The Samba 'named.conf' file is readable by 'named'
(this should be
> > 'rw-r--r--' i.e. world readable)
> >
> > But, even though everything looks okay, Bind9 will not start.
> >
> > This is strange, there doesn't seem to be any reason for it.
> >
> > Is anybody using the combination of Centos 7, Samba 4.8.3 and Bind9
> > without problems ?
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
>
>
> --
> Eben Victor
>
> Cell:  +27 82 759 5266
> Email: eben.victor at gmail.com
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com

Hello Rowland,

I have already checked and the DN's are in AD, see attached.

SOA:
<domain>.corp.    3600    IN    SOA    psad102zadprh.<domain>.corp.
. 9766
3600 600 86400 3600

See below NS, but the 1st NS (zatprdc001) doesn't exsit, and I cannot find
it anywhere.
NS:
<domain>.corp.    3600    IN    NS    zatprdc001.<domain>.corp.
<domain>.corp.    3600    IN    NS    psad102zadprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc001zacprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc001zafsrh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc001zatcrh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc002zacprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    prdc003zacprh.<domain>.corp.
<domain>.corp.    3600    IN    NS    psad101zatcrh.<domain>.corp.

We did rebuild all our DC's to RHEL7.
We demoted on the DC being rebuild, then removed any and all records we
could find in AD/DNS. Rebuild the new server and rejoined.

Kind Regards

On Wed, Oct 31, 2018 at 5:10 PM Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Wed, 31 Oct 2018 14:52:28 +0100
> L.P.H. van Belle <belle at bazuin.nl> wrote:
>
> > Hai,
> >
> > I've checked out the log you send and i re-read the complete
thread.
> >
> > Based on thats done and what i did see in you logs now, looks like a
> > * (wildcard)  entry is giving the problem. But i am not sure of that,
> > the wildcard bugs should be fixed, when i look in bugzilla.  (#10435
> > #12952 ) I've forwarded the mail to Rowland also before we go
throw
> > things at you again. ;-) I've snaped the parts i think where the
> > interesting parts in this mail, but maybe Rowland notices more.
> > Last, have you tried with the bind config at port 53  in stead of
> > 5353. Please note, RedHat is not my cookie so any Centos/Red Hat
> > people here, comments are usefull.. last remove this part from you
> > named.conf
> >
> > # Root Servers
> > # (Required for recursive DNS queries)
> > zone "." {
> > type hint;
> > file "named.root";
> > };
> >
> > # localhost zone
> > zone "localhost" {
> > type master;
> > file "master/localhost.zone";
> > };
> >
> > # 127.0.0. zone.
> > zone "0.0.127.in-addr.arpa" {
> > type master;
> > file "master/0.0.127.zone";
> > };
> >
> > These zones are also in
> >
DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
>
> They may be, but they are not Samba dns zones and are not causing the
> problem, as proof I have them in my setup without problem.
>
> >
> > The log parts.
> >
> > 31-Oct-2018 13:26:56.585 processing statistics channel 127.0.0.1#8653
> > 31-Oct-2018 13:26:56.585 statistics channel listening on
> > 127.0.0.1#8653 31-Oct-2018 13:26:56.585 using default UDP/IPv4 port
> > range: [1024, 65535] 31-Oct-2018 13:26:56.585 using default UDP/IPv6
> > port range: [1024, 65535] 31-Oct-2018 13:26:56.589 no IPv6 interfaces
> > found 31-Oct-2018 13:26:56.589 listening on IPv4 interface lo,
> > 127.0.0.1#5353 31-Oct-2018 13:26:56.590 clientmgr @0x7f4bcc691010:
> > create ..
> > 31-Oct-2018 13:26:56.607 listening on IPv4 interface ens192,
<IP>#5353
> > ..
> > 31-Oct-2018 13:26:56.617 generating session key for dynamic DNS
> > 31-Oct-2018 13:26:56.618 sizing zone task pool based on 3 zones
> > 31-Oct-2018 13:26:56.619 decrement_reference: delete from rbt:
> > 0x7f4bcc6acc70 . 31-Oct-2018 13:26:56.620 Loading 'AD DNS
Zone' using
> > driver dlopen 31-Oct-2018 13:26:56.620 Loading SDLZ driver.
> > --
> > 31-Oct-2018 13:26:56.754 samba_dlz: dn: @ROOTDSE
> > 31-Oct-2018 13:26:56.754 samba_dlz: configurationNamingContext:
> > CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018 13:26:56.754
> > samba_dlz: defaultNamingContext: DC=<domain>,DC=corp 31-Oct-2018
> > 13:26:56.754 samba_dlz: schemaNamingContext:
> > CN=Schema,CN=Configuration,DC=<domain>,DC=corp and then it
starts the
> > fail.
> >
> > 31-Oct-2018 13:26:56.758 samba_dlz:
> > 31-Oct-2018 13:26:56.758 samba_dlz: ldb: ldb_asprintf/set_errstring:
> > No such Base DN: CN=Directory Service,CN=Windows
> > NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
>
> Have you checked if the supposedly missing DN's are actually not there
> in AD ?
>
>
> > 31-Oct-2018
> > 13:26:56.758 samba_dlz: ldb: ldb_trace_response: DONE 31-Oct-2018
> > 13:26:56.758 samba_dlz: error: 32 31-Oct-2018 13:26:56.758 samba_dlz:
> > msg: No such Base DN: CN=Directory Service,CN=Windows
> > NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp 31-Oct-2018
> > 13:26:56.758 samba_dlz: 31-Oct-2018 13:26:56.763 samba_dlz: dn:
> > @PARTITION 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> > @ATTRIBUTES 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> > @INDEXLIST 31-Oct-2018 13:26:56.763 samba_dlz: replicateEntries:
> > @OPTIONS 31-Oct-2018 13:26:56.763 samba_dlz: partition:
> > CN=SCHEMA,CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=SCHE
> > 31-Oct-2018 13:26:56.763 samba_dlz:
> > MA,CN=CONFIGURATION,DC=<domain>,DC=CORP.ldb 31-Oct-2018
13:26:56.763
> > samba_dlz: partition:
> > CN=CONFIGURATION,DC=<domain>,DC=CORP:sam.ldb.d/CN=CONFIGURATION,
> > 31-Oct-2018 13:26:56.764 samba_dlz:  DC=<domain>,DC=CORP.ldb
> > 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> > DC=<domain>,DC=CORP:sam.ldb.d/DC=<domain>,DC=CORP.ldb
31-Oct-2018
> > 13:26:56.764 samba_dlz: partition:
> > DC=DOMAINDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=DOMAINDNSZONE
> > 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> > 31-Oct-2018 13:26:56.764 samba_dlz: partition:
> > DC=FORESTDNSZONES,DC=<domain>,DC=CORP:sam.ldb.d/DC=FORESTDNSZONE
> > 31-Oct-2018 13:26:56.764 samba_dlz:  S,DC=<domain>,DC=CORP.ldb
> > 31-Oct-2018 13:26:56.777 samba_dlz: Initial schema load needed, as we
> > have no existing schema, seq_num: 1 31-Oct-2018 13:26:56.921
> > samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> > 31-Oct-2018 13:26:56.776 samba_dlz: ldb: ldb_trace_response: ENTRY
> > 31-Oct-2018 13:26:56.776 samba_dlz: dn: DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:56.776 samba_dlz: objectSid:
> > S-1-5-21-123456789-115225906-12345679   ( i've changed this SID
for
> > you. ) 31-Oct-2018 13:26:56.776 samba_dlz: 31-Oct-2018 13:26:56.921
> > samba_dlz: schema_fsmo_init: we are master[no] updates allowed[no]
> >
> > 31-Oct-2018 13:26:57.154 samba_dlz: ldb: ldb_trace_response: ENTRY
> > 31-Oct-2018 13:26:57.154 samba_dlz: dn: CN=NTDS
> >
>
Settings,CN=XXX002AAAAA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.154 samba_dlz: msDS-Behavior-Version: 4
> > 31-Oct-2018 13:26:57.158 samba_dlz: started for DN
DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.158 SDLZ driver loaded successfully.
> > 31-Oct-2018 13:26:57.158 DLZ driver loaded successfully.
> > 31-Oct-2018 13:26:57.158 samba_dlz: starting configure
> >
> > 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_asprintf/set_errstring:
> > No such Base DN:
> >
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.218 samba_dlz: ldb: ldb_trace_response: DONE
> > 31-Oct-2018 13:26:57.218 samba_dlz: error: 32 31-Oct-2018
> > 13:26:57.218 samba_dlz: msg: No such Base DN:
> >
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=DomainDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.482 samba_dlz: ldb: ldb_trace_request: SEARCH
> > 31-Oct-2018 13:26:57.482 samba_dlz:  dn:
> >
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.482 samba_dlz:  scope: base 31-Oct-2018
> > 13:26:57.482 samba_dlz:  expr:
> > (&(objectClass=dnsNode)(!(dNSTombstoned=TRUE))) 31-Oct-2018
> > 13:26:57.482 samba_dlz:  attr: dnsRecord 31-Oct-2018 13:26:57.482
> > samba_dlz:  attr: dNSTombstoned 31-Oct-2018 13:26:57.482 samba_dlz:
> > control: <NONE> 31-Oct-2018 13:26:57.485 samba_dlz: 31-Oct-2018
> > 13:26:57.485 samba_dlz: ldb: ldb_asprintf/set_errstring: No such Base
> > DN:
> >
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.485 samba_dlz: ldb: ldb_trace_response: DONE
> > 31-Oct-2018 13:26:57.485 samba_dlz: error: 32 31-Oct-2018
> > 13:26:57.486 samba_dlz: msg: No such Base DN:
> >
>
DC=*,DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.486 samba_dlz: 31-Oct-2018 13:26:57.488
> > samba_dlz: 31-Oct-2018 13:26:57.488 samba_dlz: ldb:
> > ldb_asprintf/set_errstring: No such Base DN:
> >
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.488 samba_dlz: ldb: ldb_trace_response: DONE
> > 31-Oct-2018 13:26:57.488 samba_dlz: error: 32 31-Oct-2018
> > 13:26:57.488 samba_dlz: msg: No such Base DN:
> >
DC=<domain>.corp,CN=MicrosoftDNS,DC=ForestDnsZones,DC=<domain>,DC=corp
> > 31-Oct-2018 13:26:57.488 samba_dlz: 31-Oct-2018 13:26:57.494
> > samba_dlz: 31-Oct-2018 13:26:57.494 zone <domain>.corp/NONE:
loaded;
> > checking validity 31-Oct-2018 13:26:57.494 zone
<domain>.corp/NONE:
> > has 0 SOA records 31-Oct-2018 13:26:57.494 zone
<domain>.corp/NONE:
> > has no NS records 31-Oct-2018 13:26:57.494 samba_dlz:
>
> Where are the SOA & NS records for your domain ?
> Are they actually there, but Bind isn't finding them ?
>
> If the records are not there, I would run samba_upgradedns and uograde
> to the internal dns server, then run it again and upgrade to bind9,
> this should recreate all the dns records.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

-- 
Eben Victor
Cell:  +27 82 759 5266
Email: eben.victor at gmail.com
-------------- next part --------------
[root at prdc002zacprh samba]# ldbsearch -H private/sam.ldb -b 'CN=Directory
Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp'
# record 1
dn: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: msDS-OptionalFeature
cn: Recycle Bin Feature
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1725
uSNChanged: 1725
showInAdvancedViewOnly: TRUE
name: Recycle Bin Feature
objectGUID: 9b4c6178-9b71-4c4e-95ad-6eea6791ad1c
systemFlags: -1946157056
objectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,DC=vodade
 alers,DC=corp
msDS-OptionalFeatureGUID: 766ddcd8-acd0-445e-f3b9-a7f9b6744f2a
msDS-OptionalFeatureFlags: 1
msDS-RequiredForestBehaviorVersion: 4
distinguishedName: CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Se
 rvice,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp

# record 2
dn: CN=Query-Policies,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: container
cn: Query-Policies
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1726
uSNChanged: 1726
showInAdvancedViewOnly: TRUE
name: Query-Policies
objectGUID: 6ebd7b46-bc38-4c30-8e1b-58d3fdd2f50f
objectCategory:
CN=Container,CN=Schema,CN=Configuration,DC=<domain>,DC=corp
distinguishedName: CN=Query-Policies,CN=Directory Service,CN=Windows NT,CN=Ser
 vices,CN=Configuration,DC=<domain>,DC=corp

# record 3
dn: CN=Optional Features,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: container
cn: Optional Features
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1724
uSNChanged: 1724
showInAdvancedViewOnly: TRUE
name: Optional Features
objectGUID: e921bbd1-9623-467e-b989-e25381e259ec
objectCategory:
CN=Container,CN=Schema,CN=Configuration,DC=<domain>,DC=corp
distinguishedName: CN=Optional Features,CN=Directory Service,CN=Windows NT,CN
Services,CN=Configuration,DC=<domain>,DC=corp

# record 4
dn: CN=Default Query Policy,CN=Query-Policies,CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: queryPolicy
cn: Default Query Policy
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1727
uSNChanged: 1727
showInAdvancedViewOnly: TRUE
name: Default Query Policy
objectGUID: 3ca2ee22-1ab8-4257-9098-88a3dc35ab90
objectCategory:
CN=Query-Policy,CN=Schema,CN=Configuration,DC=<domain>,DC=c
 orp
lDAPAdminLimits: MaxValRange=1500
lDAPAdminLimits: MaxReceiveBuffer=10485760
lDAPAdminLimits: MaxDatagramRecv=4096
lDAPAdminLimits: MaxPoolThreads=4
lDAPAdminLimits: MaxResultSetSize=262144
lDAPAdminLimits: MaxTempTableSize=10000
lDAPAdminLimits: MaxQueryDuration=120
lDAPAdminLimits: MaxPageSize=1000
lDAPAdminLimits: MaxNotificationPerConn=5
lDAPAdminLimits: MaxActiveQueries=20
lDAPAdminLimits: MaxConnIdleTime=900
lDAPAdminLimits: InitRecvTimeout=120
lDAPAdminLimits: MaxConnections=5000
distinguishedName: CN=Default Query Policy,CN=Query-Policies,CN=Directory Serv
 ice,CN=Windows NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp

# record 5
dn: CN=Directory Service,CN=Windows
NT,CN=Services,CN=Configuration,DC=<domain>,DC=corp
objectClass: top
objectClass: nTDSService
cn: Directory Service
instanceType: 4
whenCreated: 20150416065542.0Z
whenChanged: 20150416065542.0Z
uSNCreated: 1723
tombstoneLifetime: 180
uSNChanged: 1723
showInAdvancedViewOnly: TRUE
name: Directory Service
objectGUID: 638831d2-9190-40ee-b566-248ad6f781fd
objectCategory:
CN=NTDS-Service,CN=Schema,CN=Configuration,DC=<domain>,DC=c
 orp
sPNMappings: host=alerter,appmgmt,cisvc,clipsrv,browser,dhcp,dnscache,replicat
 or,eventlog,eventsystem,policyagent,oakley,dmserver,dns,mcsvc,fax,msiserver,i
 as,messenger,netlogon,netman,netdde,netddedsm,nmagent,plugplay,protectedstora
 ge,rasman,rpclocator,rpc,rpcss,remoteaccess,rsvp,samss,scardsvr,scesrv,seclog
 on,scm,dcom,cifs,spooler,snmp,schedule,tapisrv,trksvr,trkwks,ups,time,wins,ww
 w,http,w3svc,iisadmin,msdtc
msDS-Other-Settings: DisableVLVSupport=0
msDS-Other-Settings: DynamicObjectMinTTL=900
msDS-Other-Settings: DynamicObjectDefaultTTL=86400
distinguishedName: CN=Directory Service,CN=Windows NT,CN=Services,CN=Configura
 tion,DC=<domain>,DC=corp

# returned 5 records
# 5 entries
# 0 referrals