Hai,> > > > have rejoined all my DC's with new names, see below. > >;; ANSWER SECTION: > ><domain>.corp. 3600 IN NS psad101zatcrh.<domain>.corp. -> New > >rebuild, new hostname, RHEL6 to RHEL7 upgrade....> > > > Led me to believe this is your problem. However, you say it works on > > one DC, but not with multiple DC's...... That one DC that works, im betting, that is the only one that has its original hostname. Can you verify that?> > > > You have mentioned that you demoted DC's, removed all data for the > > deleted DC from AD and then rejoined it again with a newer > version of > > Samba using the same DC name etc. > > > > I wonder if this could be your problem ?Im betting this the source of your problem. This exactly why i dont support 2 things on a AD DC server. 1) changing its hostname 2) changing its domainname Its always troubles, its so easy to forget 1 small thing and that ends up in a big problem. ( story of my life ) And IP change, hmm, not my favorit but possible with much less problems. I suggest, remove 1 server completely from the domain . Re-install the server, a clean setup or go check you hostname changes in /etc/ /var But i would go for a clean install. Check/Do the folling. - Remove all the DNS objects ( A / PTR and any other record or CNAME of that server ) - Remove all the AD objects that are linked with this server. ( if no clean install ) - clear the files out of folder /var/cache/samba /var/lib/samba from any files Reboot the server, and check all you logs for errors, solved them before you join the domain. Now join the domain again. Transfer all FSMO roles to this server. Repeat for next server, but leave the FSMO roles where they are now. Now check if you problem still exists. This ^^^^^ is what i personaly would do. Greetz, Louis
Hello Roland/Louis & All, All the best for the new year. Sorry to bring this up again. I finally managed to give some more attention to this issue of mine. I've set up a new test domain server, and I managed to seamless migrate from SAMBA_INTERNAL to BIND9_DLZ and the other way again. With a little help of new software we purchased, I exported all data from production and imported the data on the new test domain, before the import I changed the test system back to SAMBA_INTENRAL. As soon as the imported completed I tried to migrate back to BIND9_DLZ and got the same errors as I'm getting in production. .... 16-Jan-2019 14:13:22.279 generating session key for dynamic DNS 16-Jan-2019 14:13:22.279 sizing zone task pool based on 3 zones 16-Jan-2019 14:13:22.280 Loading 'AD DNS Zone' using driver dlopen 16-Jan-2019 14:13:22.472 samba_dlz: started for DN DC=samdom,DC=example,DC=com 16-Jan-2019 14:13:22.472 samba_dlz: starting configure 16-Jan-2019 14:13:22.474 samba_dlz: configured writeable zone ' samdom.example.com' 16-Jan-2019 14:13:22.475 dns_rdata_fromtext: buffer-0x7f944d595da0:1: near eof: unexpected end of input 16-Jan-2019 14:13:22.475 Failed to put rr 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has 0 SOA records 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has no NS records 16-Jan-2019 14:13:22.476 samba_dlz: Failed to configure zone '_ msdcs.samdom.example.com' 16-Jan-2019 14:13:22.476 loading configuration: bad zone 16-Jan-2019 14:13:22.476 exiting (due to fatal error) 16-Jan-2019 14:13:22.476 samba_dlz: shutting down .... Could this be that my current data in production is corrupt somewhere? We have been running sernet-samba pacakges from version 4 until 4.9.4-SerNet-RedHat-11.el7 Is there anything specific I can check in the DB? Kind Regards On Thu, Nov 1, 2018 at 5:26 PM L.P.H. van Belle via samba < samba at lists.samba.org> wrote:> Hai, > > > > > > > have rejoined all my DC's with new names, see below. > > >;; ANSWER SECTION: > > ><domain>.corp. 3600 IN NS psad101zatcrh.<domain>.corp. -> > New > > >rebuild, new hostname, RHEL6 to RHEL7 upgrade > .... > > > > > > Led me to believe this is your problem. However, you say it works on > > > one DC, but not with multiple DC's. > ..... > That one DC that works, im betting, that is the only one that has its > original hostname. > Can you verify that? > > > > > > > You have mentioned that you demoted DC's, removed all data for the > > > deleted DC from AD and then rejoined it again with a newer > > version of > > > Samba using the same DC name etc. > > > > > > I wonder if this could be your problem ? > > Im betting this the source of your problem. > > This exactly why i dont support 2 things on a AD DC server. > 1) changing its hostname > 2) changing its domainname > Its always troubles, its so easy to forget 1 small thing and that ends up > in a big problem. > ( story of my life ) > > And IP change, hmm, not my favorit but possible with much less problems. > > I suggest, remove 1 server completely from the domain . > Re-install the server, a clean setup or go check you hostname changes in > /etc/ /var > But i would go for a clean install. > > Check/Do the folling. > - Remove all the DNS objects ( A / PTR and any other record or CNAME of > that server ) > - Remove all the AD objects that are linked with this server. > > ( if no clean install ) > - clear the files out of folder /var/cache/samba /var/lib/samba from any > files > > Reboot the server, and check all you logs for errors, solved them before > you join the domain. > > Now join the domain again. > Transfer all FSMO roles to this server. > > Repeat for next server, but leave the FSMO roles where they are now. > Now check if you problem still exists. > > This ^^^^^ is what i personaly would do. > > Greetz, > > Louis > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >-- Eben Victor Cell: +27 82 759 5266 Email: eben.victor at gmail.com
On Wed, 16 Jan 2019 14:13:52 +0200 Eben Victor via samba <samba at lists.samba.org> wrote:> Hello Roland/Louis & All, > > All the best for the new year. > > Sorry to bring this up again. > I finally managed to give some more attention to this issue of mine. > > I've set up a new test domain server, and I managed to seamless > migrate from SAMBA_INTERNAL to BIND9_DLZ and the other way again. > With a little help of new software we purchased, I exported all dataWhat software did you purchase ?> from production and imported the data on the new test domain, before > the import I changed the test system back to SAMBA_INTENRAL. > As soon as the imported completed I tried to migrate back to > BIND9_DLZ and got the same errors as I'm getting in production.Does the test domain and production use the same DNS domain ?> > .... > 16-Jan-2019 14:13:22.279 generating session key for dynamic DNS > 16-Jan-2019 14:13:22.279 sizing zone task pool based on 3 zones > 16-Jan-2019 14:13:22.280 Loading 'AD DNS Zone' using driver dlopen > 16-Jan-2019 14:13:22.472 samba_dlz: started for DN > DC=samdom,DC=example,DC=com > 16-Jan-2019 14:13:22.472 samba_dlz: starting configure > 16-Jan-2019 14:13:22.474 samba_dlz: configured writeable zone ' > samdom.example.com' > 16-Jan-2019 14:13:22.475 dns_rdata_fromtext: buffer-0x7f944d595da0:1: > near eof: unexpected end of inputTo me, it looks like more data was expected.> 16-Jan-2019 14:13:22.475 Failed to put rr > 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has 0 > SOA records > 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has no > NS records > 16-Jan-2019 14:13:22.476 samba_dlz: Failed to configure zone '_ > msdcs.samdom.example.com' > 16-Jan-2019 14:13:22.476 loading configuration: bad zone > 16-Jan-2019 14:13:22.476 exiting (due to fatal error) > 16-Jan-2019 14:13:22.476 samba_dlz: shutting down > .... > > Could this be that my current data in production is corrupt somewhere? > We have been running sernet-samba pacakges from version 4 until > 4.9.4-SerNet-RedHat-11.el7 > > Is there anything specific I can check in the DB? >The problem is, you aren't supposed to update in the way you are trying, you just join a new DC to the domain. Rowland
Hi Eben,> > Sorry to bring this up again. > I finally managed to give some more attention to this issue of mine. > > I've set up a new test domain server, and I managed to seamless migrate > from SAMBA_INTERNAL to BIND9_DLZ and the other way again. > With a little help of new software we purchased, I exported all data from > production and imported the data on the new test domain, before the import > I changed the test system back to SAMBA_INTENRAL.I am curious, what is the software you are talking about?> As soon as the imported completed I tried to migrate back to BIND9_DLZ and > got the same errors as I'm getting in production. > > .... > 16-Jan-2019 14:13:22.279 generating session key for dynamic DNS > 16-Jan-2019 14:13:22.279 sizing zone task pool based on 3 zones > 16-Jan-2019 14:13:22.280 Loading 'AD DNS Zone' using driver dlopen > 16-Jan-2019 14:13:22.472 samba_dlz: started for DN > DC=samdom,DC=example,DC=com > 16-Jan-2019 14:13:22.472 samba_dlz: starting configure > 16-Jan-2019 14:13:22.474 samba_dlz: configured writeable zone ' > samdom.example.com' > 16-Jan-2019 14:13:22.475 dns_rdata_fromtext: buffer-0x7f944d595da0:1: near > eof: unexpected end of input > 16-Jan-2019 14:13:22.475 Failed to put rr > 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has 0 SOA > records > 16-Jan-2019 14:13:22.476 zone _msdcs.samdom.example.com/NONE: has no NS > records > 16-Jan-2019 14:13:22.476 samba_dlz: Failed to configure zone '_ > msdcs.samdom.example.com' > 16-Jan-2019 14:13:22.476 loading configuration: bad zone > 16-Jan-2019 14:13:22.476 exiting (due to fatal error) > 16-Jan-2019 14:13:22.476 samba_dlz: shutting down > .... > > Could this be that my current data in production is corrupt somewhere? > We have been running sernet-samba pacakges from version 4 until > 4.9.4-SerNet-RedHat-11.el7 > > Is there anything specific I can check in the DB?like it is written in the logs here above, you are missing the NS and SOA field in your DNS partition. Internal DNS doesn't care about it but Bind-DLZ is less forgiving. You could try something like below (adapt accordingly): samba-tool dns add srvads testdca.lan @ SOA "srvads.testdca.lan hostmaster.testdca.lan. 2 900 600 86400 3600" -P samba-tool dns add srvads testdca.lan @ NS srvads.testdca.lan -P For the SOA record, the syntax of the text string is : nameserver, email, serial, refresh, retry, expire, minimumttl Cheers, Denis> > Kind Regards > > On Thu, Nov 1, 2018 at 5:26 PM L.P.H. van Belle via samba < > samba at lists.samba.org> wrote: > >> Hai, >> >>>> >>>> have rejoined all my DC's with new names, see below. >>>> ;; ANSWER SECTION: >>>> <domain>.corp. 3600 IN NS psad101zatcrh.<domain>.corp. -> >> New >>>> rebuild, new hostname, RHEL6 to RHEL7 upgrade >> .... >>>> >>>> Led me to believe this is your problem. However, you say it works on >>>> one DC, but not with multiple DC's. >> ..... >> That one DC that works, im betting, that is the only one that has its >> original hostname. >> Can you verify that? >> >>>> >>>> You have mentioned that you demoted DC's, removed all data for the >>>> deleted DC from AD and then rejoined it again with a newer >>> version of >>>> Samba using the same DC name etc. >>>> >>>> I wonder if this could be your problem ? >> >> Im betting this the source of your problem. >> >> This exactly why i dont support 2 things on a AD DC server. >> 1) changing its hostname >> 2) changing its domainname >> Its always troubles, its so easy to forget 1 small thing and that ends up >> in a big problem. >> ( story of my life ) >> >> And IP change, hmm, not my favorit but possible with much less problems. >> >> I suggest, remove 1 server completely from the domain . >> Re-install the server, a clean setup or go check you hostname changes in >> /etc/ /var >> But i would go for a clean install. >> >> Check/Do the folling. >> - Remove all the DNS objects ( A / PTR and any other record or CNAME of >> that server ) >> - Remove all the AD objects that are linked with this server. >> >> ( if no clean install ) >> - clear the files out of folder /var/cache/samba /var/lib/samba from any >> files >> >> Reboot the server, and check all you logs for errors, solved them before >> you join the domain. >> >> Now join the domain again. >> Transfer all FSMO roles to this server. >> >> Repeat for next server, but leave the FSMO roles where they are now. >> Now check if you problem still exists. >> >> This ^^^^^ is what i personaly would do. >> >> Greetz, >> >> Louis >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
On Wed, 16 Jan 2019 15:23:14 +0200 Eben Victor <eben.victor at gmail.com> wrote:> Software: Softerra LDAP Administrator > Really very nice software.How is it exporting the data ? As an ldif file or other ? Can you provide a sample.> > Production and test use different DNS domainThis could very well be your problem> > What do you mean I'm not doing the update like supposed to?To update Samba, if you use OS packages, you normally can update using your OS package manager. Another way is to join a new DC to the domain, this DC could be running a later version of your distro, or even a different distro. The new DC could be running the same Samba version as the original DC(s) or a later version. You do not normally install Samba and copy data from another DC. Rowland
Hi, This supports my idea, only i did not know that samba internal-dns does not care about the TTL/SOA records. Thank you Denis for this. If thats the case, do we have a bug report on this, becasue TTL/SOA records are most important. Maybe i forgot this when i did setup, using bind9_dlz so long already..> > > > Is there anything specific I can check in the DB? > > like it is written in the logs here above, you are missing the NS and > SOA field in your DNS partition. Internal DNS doesn't care > about it but > Bind-DLZ is less forgiving. You could try something like below (adapt > accordingly): > > samba-tool dns add srvads testdca.lan @ SOA "srvads.testdca.lan > hostmaster.testdca.lan. 2 900 600 86400 3600" -P > samba-tool dns add srvads testdca.lan @ NS srvads.testdca.lan -P > > For the SOA record, the syntax of the text string is : nameserver, > email, serial, refresh, retry, expire, minimumttl > > Cheers, > > Denis > >My idea was: Options - If the samba (config) data does not met the needed requirements for dns you might hit errors. samba-tool testparm -v | egrep "realm|workgroup|netbios|alias" For example. Good : netbios name = my-test1-system Wrong: netbios name = my-test2 system ( space ) Wrong: netbios name = my-test2-system1 ( 16 chars max 15! ) Wrong: netbios name = my-test2-systém ( wrong charaters é ) Wrong: netbios name = my_test2_systém ( wrong charaters _ ) At least thats what i did find on : dns_rdata_fromtext: buffer-0x7f944d595da0:1:near eof: unexpected end of input I notice a strange thing. dns_rdata_fromtext: buffer-0x7f944d595da0:1 << that 1, tels use near line 1. near eof: unexpected end of input < but here its near eof of file. To me it looks like faulty data in line 1. - incorrect TTL/SOA records? All i can suggest now is run the DLZ loader with -d1 or -d3 But try Dennis his option first. Last, if one know a way to export the DNS data from the server to plain text files, that would be great. And no, master/slave setup gives on the slave a binary data file. ;-) Greetz, Louis