> > I have been doing a bit of investigation and I 'think' we do have a tool > ;-) >Gooooooooddd!! :-)> If you examine 'samba_upgradedns', at the top it says this: > # Upgrade DNS provision from BIND9_FLATFILE to BIND9_DLZ or SAMBA_INTERNAL > I think if you use it to upgrade to either BIND_DLZ or SAMBA_INTERNAL, > it should create the required AD objects. >I'm using BIND9_DLZ because Bind is running on my Zentyal PDCs and the DNS service is disabled on Samba on every domain controller: ====================server services = -dns ==================== Is there any way that you could clone a DC and sandbox it (you will> probably have to forcibly demote the other DCs) and then run > samba_upgradedns against it ? >Yes, I can clone the dc1 virtual machine, remove it from the network, try to upgrade the DNS, demote all other domain controllers, and then recheck with ldbsearch. Do you think that this could be the cause of other two problems I reported in my previous email? I also checked the schema version and it seems to be Windows Server 2012R2: ====================root at dc1:/ (10:55:28)# ldbsearch -H /var/lib/samba/private/sam.ldb -b 'cn=Schema,cn=Configuration,dc=my,dc=domain,dc=com' -s base objectVersion GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered # record 1 dn: CN=Schema,CN=Configuration,DC=my,DC=domain,DC=com objectVersion: 47 # returned 1 records # 1 entries # 0 referrals ==================== Thanks again! Bye
Rowland penny
2019-Dec-18 10:03 UTC
[Samba] Replication not working for remote Domain Controller
On 18/12/2019 09:56, shacky wrote:> > I have been doing a bit of investigation and I 'think' we do have > a tool ;-) > > > Gooooooooddd!! :-) > > If you examine 'samba_upgradedns', at the top it says this: > # Upgrade DNS provision from BIND9_FLATFILE to BIND9_DLZ or > SAMBA_INTERNAL > I think if you use it to upgrade to either BIND_DLZ or > SAMBA_INTERNAL, > it should create the required AD objects. > > > I'm using BIND9_DLZ because Bind is running on my Zentyal PDCs and the > DNS service is disabled on Samba on every domain controller: > > ====================> server services = -dns > ====================Are you running Bind9 on each DC ? You should be, if the internal dns server is disabled.> > Is there any way that you could clone a DC and sandbox it (you will > probably have to forcibly demote the other DCs) and then run > samba_upgradedns against it ? > > > Yes, I can clone the dc1 virtual machine, remove it from the network, > try to upgrade the DNS, demote all other domain controllers, and then > recheck with ldbsearch. > > Do you think that this could be the cause of other two problems I > reported in my previous email?Possibly, but one thing at once :-)> > I also checked the schema version and it seems to be Windows Server > 2012R2: > > ====================> root at dc1:/ (10:55:28)# ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'cn=Schema,cn=Configuration,dc=my,dc=domain,dc=com' -s base objectVersion > # record 1 > dn: CN=Schema,CN=Configuration,DC=my,DC=domain,DC=com > objectVersion: 47No, '47' is 2008R2, see here: https://wiki.samba.org/index.php/AD_Schema_Version_Support Rowland
> > Are you running Bind9 on each DC ? > You should be, if the internal dns server is disabled. >Yes, I'm running Bind9 and the internal DNS server is disabled on each DC.> Possibly, but one thing at once :-) >Ok :-)> No, '47' is 2008R2, see here: >Oh, ok, sorry. So was it upgraded without fixing the DNS servers, wasn't it?