Rick Hollinbeck
2020-Feb-04 18:57 UTC
[Samba] WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
Thanks for your response, Rowland. As far as newer versions of Debian/Samba, I actually started with Ubuntu 18.04, which had Samba 4.7. But I ran into another problem trying to use it, so I backed off to an older version that I was hoping was more stable. See: https://bugzilla.samba.org/show_bug.cgi?id=13298 Meanwhile, I did find out more about what was causing this error by looking at the source code. Apparently, samba was expecting _msdcs.office.example.com to be its own "zone" (not just part of the AD tree, like it is on the Windows Server side.) so it returned that error code. samba-tool dns zonelist dc2 -UAdministrator did not show it as a "zone" - same on the Windows servers. By temporarily adding a "zone" for it using: samba-tool dns zonecreate dc2 _msdcs.office.example.com -UAdministrator I got the error to go away, but this created a new unwanted entry in the AD hierarchy at the same level as "office.example.com", instead of using the existing AD entry that is under that node. Thanks for the link http://apt.van-belle.nl/ Maybe I'll give 18.04 or Debian 10 another try to see if it works now. Should I jump on the bleeding edge with Samba 4.11 and Bind9 (version?) (I don't see any mention of the bugzilla bug getting addressed.) What versions of these would you recommend? (fyi I am also planning to add dhcpd to this server to eventually phase out my old Windows Servers.)
Rowland penny
2020-Feb-04 19:40 UTC
[Samba] WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
On 04/02/2020 18:57, Rick Hollinbeck wrote:> Thanks for your response, Rowland. > > As far as newer versions of Debian/Samba, I actually started with Ubuntu 18.04, which had > Samba 4.7. > > But I ran into another problem trying to use it, so I backed off to an older version that I was > hoping was more stable. > See: https://bugzilla.samba.org/show_bug.cgi?id=13298 > > Meanwhile, I did find out more about what was causing this error by looking at the source > code. > > Apparently, samba was expecting _msdcs.office.example.com to be its own "zone" (not just > part of the AD tree, like it is on the Windows Server side.) > so it returned that error code. > > samba-tool dns zonelist dc2 -UAdministrator > did not show it as a "zone" - same on the Windows servers. > > By temporarily adding a "zone" for it using: > samba-tool dns zonecreate dc2 _msdcs.office.example.com -UAdministrator > > I got the error to go away, but this created a new unwanted entry in the AD hierarchy at the > same level as "office.example.com", > instead of using the existing AD entry that is under that node. > > Thanks for the link http://apt.van-belle.nl/ > > Maybe I'll give 18.04 or Debian 10 another try to see if it works now. > > Should I jump on the bleeding edge with Samba 4.11 and Bind9 (version?) > (I don't see any mention of the bugzilla bug getting addressed.) > > What versions of these would you recommend? > (fyi I am also planning to add dhcpd to this server to eventually phase out my old Windows > Servers.) > >The problem is most likely because you came from a Windows 2003 domain which used a very different DNS setup. Samba expects the DNS records from a 2008R2 domain and unless you can fix this, your domain is never going to work correctly. The problem is explained here: https://support.microsoft.com/en-gb/help/817470/how-to-reconfigure-an-msdcs-subdomain-to-a-forest-wide-dns-application Does anyone know how to do this on a Samba AD DC ???? Rowland
L.P.H. van Belle
2020-Feb-05 08:23 UTC
[Samba] WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
> > Should I jump on the bleeding edge with Samba 4.11 and > Bind9 (version?)Yes! Its not bleeding edge anymore ;-).. 4.11.0 thats bleeding edge, .6 not..> > (I don't see any mention of the bugzilla bug getting addressed.) > > > > What versions of these would you recommend? > > (fyi I am also planning to add dhcpd to this server to > eventually phase out my old Windows Servers.)I would go for Debian 10, Bind9_dlz and Samba 4.11.6 Ubuntu fine too, but use samba 4.11.6 if your setting up new.> > > > > > The problem is most likely because you came from a Windows > 2003 domain > which used a very different DNS setup. Samba expects the DNS records > from a 2008R2 domain and unless you can fix this, your domain > is never > going to work correctly. > > The problem is explained here: > > https://support.microsoft.com/en-gb/help/817470/how-to-reconfi > gure-an-msdcs-subdomain-to-a-forest-wide-dns-application > > Does anyone know how to do this on a Samba AD DC ????Maybe install samba with bind9_dlz and downgrade it to samba internal DNS and upgrade it again? Might work.> > Rowland >Greetz, Louis Ok, as of now, low responce, back to work..
Rowland penny
2020-Feb-05 09:39 UTC
[Samba] WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
On 05/02/2020 08:23, L.P.H. van Belle via samba wrote:>>> Should I jump on the bleeding edge with Samba 4.11 and >> Bind9 (version?) > Yes! Its not bleeding edge anymore ;-).. > 4.11.0 thats bleeding edge, .6 not.. > >>> (I don't see any mention of the bugzilla bug getting addressed.) >>> >>> What versions of these would you recommend? >>> (fyi I am also planning to add dhcpd to this server to >> eventually phase out my old Windows Servers.) > I would go for Debian 10, Bind9_dlz and Samba 4.11.6 > Ubuntu fine too, but use samba 4.11.6 if your setting up new. > > >>> >> The problem is most likely because you came from a Windows >> 2003 domain >> which used a very different DNS setup. Samba expects the DNS records >> from a 2008R2 domain and unless you can fix this, your domain >> is never >> going to work correctly. >> >> The problem is explained here: >> >> https://support.microsoft.com/en-gb/help/817470/how-to-reconfi >> gure-an-msdcs-subdomain-to-a-forest-wide-dns-application >> >> Does anyone know how to do this on a Samba AD DC ???? > Maybe install samba with bind9_dlz and downgrade it to samba internal DNS and upgrade it again? > Might work.It wont, it checks for a couple of AD objects that exist in the old style DNS, so it stops :-( Rowland
Possibly Parallel Threads
- WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
- WERR_DNS_ERROR_NAME_DOES_NOT_EXIST when samba_dnsupdate tries to add to _msdcs
- FW: samba_kcc issue after joining the domain as a DC
- Joining Samba to Upgraded 2003 domain failing
- Joining Samba to Upgraded 2003 domain failing