On Wed, Dec 5, 2018 at 1:24 PM Barry D. Adkins <Barry at daram.com> wrote:> > > If only this would have been my problem, yet the _msdcs.my.domain zone is > in Windows DNS. Strange we are getting the same error. > > >*_msdcs.my.domain zone is in Windows DNS* Being 'in' DNS is not the same as it existing as it's own dns zone. Up until my change today, the subdomain _msdcs existed as a subdomain under 'my.domain'. To double check, show your output from the following command, adapted for your windows dns server name: # samba-tool dns zonelist SERVER1 -U administrator one of the zones returned needs to look like this: pszZoneName : _msdcs.my.domain Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.my.domain Regarding your error with the machine account, I didn't get that, but if it were me I'd clear the contents of /var/lib/samba/private (or whatever path for your installation) before attempting the next join.
I had my zones set for Domain Replication. After your post I set them for Forest Replication. I have not had a chance to see if that made a difference. I did not know Samba cared if it were one vs. the other. -Barry Adkins From: andrew at ruscica.com [mailto:andrew at ruscica.com] On Behalf Of Andrew Ruscica Sent: Wednesday, December 5, 2018 9:17 PM To: Barry D. Adkins <Barry at daram.com> Cc: samba at lists.samba.org Subject: Re: [Samba] Setup a Samba AD DC as an additional DC On Wed, Dec 5, 2018 at 1:24 PM Barry D. Adkins <Barry at daram.com<mailto:Barry at daram.com>> wrote: If only this would have been my problem, yet the _msdcs.my.domain zone is in Windows DNS. Strange we are getting the same error. _msdcs.my.domain zone is in Windows DNS Being 'in' DNS is not the same as it existing as it's own dns zone. Up until my change today, the subdomain _msdcs existed as a subdomain under 'my.domain'. To double check, show your output from the following command, adapted for your windows dns server name: # samba-tool dns zonelist SERVER1 -U administrator one of the zones returned needs to look like this: pszZoneName : _msdcs.my.domain Flags : DNS_RPC_ZONE_DSINTEGRATED DNS_RPC_ZONE_UPDATE_SECURE ZoneType : DNS_ZONE_TYPE_PRIMARY Version : 50 dwDpFlags : DNS_DP_AUTOCREATED DNS_DP_FOREST_DEFAULT DNS_DP_ENLISTED pszDpFqdn : ForestDnsZones.my.domain Regarding your error with the machine account, I didn't get that, but if it were me I'd clear the contents of /var/lib/samba/private (or whatever path for your installation) before attempting the next join.
On Wed, Dec 5, 2018 at 10:45 PM Barry D. Adkins <Barry at daram.com> wrote:> I had my zones set for Domain Replication. After your post I set them for > Forest Replication. I have not had a chance to see if that made a > difference. I did not know Samba cared if it were one vs. the other. >In my case, as I mentioned, it did make a difference - domain replication - continued to fail; forest replication (the default for Windows for the _msdcs zone), success. Let us know if it's finally working for you!