Hello, I actually have 3 principal DCs Samba version : 4.6.4 / Redhat7 All 3 DCs work with BIND9_DLZ as dns backend. Today I added a new DC to my domain assignd to a site i previously created with: samba-tool domain join mydomain.lan DC -U administrator --realm=MYDOMAIN.LAN -W mydomain --site=MYSITE* *Then I tried to migrate the dns backend of this fresh new DC to bind DLZ (as i did for every other DC before) [root at DC-site1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ Reading domain information Traceback (most recent call last): File "/usr/sbin/samba_upgradedns", line 262, in <module> paths, lp.configfile, lp) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 330, in find_provision_key_parameters dns_admins_sid = get_dnsadmins_sid(samdb, names.domaindn) File "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", line 69, in get_dnsadmins_sid attrs=["objectSid"]) _ldb.LdbError: (32, 'No such Base DN: CN=DnsAdmins,CN=Users,DC=mydomain,DC=lan') ** If i try an ldbsearch or an ldapsearch, i can't find any DnsAdmins group, even on the main DC. What's going wrong?
.lan and .local are reservered TLD's for apple's mDNS. Dont use it, same as .private If you still want to use it, check /etc/nsswitch and make sure you have mdns a the end of the line. Something like this : hosts: files dns myhostname mdns4_minimal [NOTFOUND=return] Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Julien TEHERY via samba > Verzonden: donderdag 15 november 2018 10:21 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Samba4 - DnsAdmins group dissapeared > > Hello, > > I actually have 3 principal DCs > > Samba version : 4.6.4 / Redhat7 > > All 3 DCs work with BIND9_DLZ as dns backend. > Today I added a new DC to my domain assignd to a site i previously > created with: > > samba-tool domain join mydomain.lan DC -U administrator > --realm=MYDOMAIN.LAN -W mydomain --site=MYSITE* > > *Then I tried to migrate the dns backend of this fresh new DC to bind > DLZ (as i did for every other DC before) > > [root at DC-site1 ~]# samba_upgradedns --dns-backend=BIND9_DLZ > Reading domain information > Traceback (most recent call last): > File "/usr/sbin/samba_upgradedns", line 262, in <module> > paths, lp.configfile, lp) > File > "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line> 330, in find_provision_key_parameters > dns_admins_sid = get_dnsadmins_sid(samdb, names.domaindn) > File > "/usr/lib64/python2.7/site-packages/samba/provision/sambadns.py", line> 69, in get_dnsadmins_sid > attrs=["objectSid"]) > _ldb.LdbError: (32, 'No such Base DN: > CN=DnsAdmins,CN=Users,DC=mydomain,DC=lan') > > ** > If i try an ldbsearch or an ldapsearch, i can't find any DnsAdmins > group, even on the main DC. > > What's going wrong? > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Thu, 15 Nov 2018 10:20:41 +0100 Julien TEHERY via samba <samba at lists.samba.org> wrote:> Hello, > > I actually have 3 principal DCs > > Samba version : 4.6.4 / Redhat7 > > All 3 DCs work with BIND9_DLZ as dns backend. > Today I added a new DC to my domain assignd to a site i previously > created with: > > samba-tool domain join mydomain.lan DC -U administrator > --realm=MYDOMAIN.LAN -W mydomain --site=MYSITE* > > *Then I tried to migrate the dns backend of this fresh new DC to bind > DLZ (as i did for every other DC before)Why not just add '--dns-backend=BIND9_DLZ' to the join command and do everything at once ?> If i try an ldbsearch or an ldapsearch, i can't find any DnsAdmins > group, even on the main DC. > > What's going wrong?No real idea, but if you are sure the 'DnsAdmins' group doesn't exist, try adding it with: samba-tool group add DnsAdmins --description='DNS Administrators Group' --group-type=Security --group-scope=Domain -U administrator It will either create the group for you, or tell you if it does exist ;-) Rowland
Le 15/11/2018 à 11:21, Rowland Penny via samba a écrit :> On Thu, 15 Nov 2018 10:20:41 +0100 > Julien TEHERY via samba <samba at lists.samba.org> wrote: > >> Hello, >> >> I actually have 3 principal DCs >> >> Samba version : 4.6.4 / Redhat7 >> >> All 3 DCs work with BIND9_DLZ as dns backend. >> Today I added a new DC to my domain assignd to a site i previously >> created with: >> >> samba-tool domain join mydomain.lan DC -U administrator >> --realm=MYDOMAIN.LAN -W mydomain --site=MYSITE* >> >> *Then I tried to migrate the dns backend of this fresh new DC to bind >> DLZ (as i did for every other DC before) > Why not just add '--dns-backend=BIND9_DLZ' to the join command and do > everything at once ?You're completely right, I wasn't sure it was possible.>> If i try an ldbsearch or an ldapsearch, i can't find any DnsAdmins >> group, even on the main DC. >> >> What's going wrong? > No real idea, but if you are sure the 'DnsAdmins' group doesn't exist, > try adding it with: > > samba-tool group add DnsAdmins --description='DNS Administrators Group' > --group-type=Security --group-scope=Domain -U administrator > > It will either create the group for you, or tell you if it does > exist ;-) > > RowlandWell, that's the scary point because it did create the group. That means something (i don't know) deleted it.. I'll let you know if happens again. Thanks for your help!