>>> The other option is to remove 'DC=DomainDnsZones,DC=domain,DC=com' and >>> 'DC=ForestDnsZones,DC=domain,DC=com' after the join and then run >>> 'samba_upgradedns', would this work ? >> While it seems to be safe to delete DomainDnsZones context, the ForestDnsZones >> context seems to contain the real DNS zone info:> First and for most, this is just an idea I threw out for discussion.> If you are running the old style of DNS, then things are in a different > place to what is now expected.How can i check if it's an old style or not? I guess it should be new after following the guide Louis provided.> Samba has a script 'samba_upgradedns', its main task is to change > between the internal and Bind9 dns servers, but it can recreate the DNS > records given a certain set of circumstances.Yeah, I've already tried to run it. No success: # samba_upgradedns -d 3 lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf Reading domain information lpcfg_load: refreshing parameters from /usr/local/samba/etc/smb.conf Traceback (most recent call last): File "/usr/local/samba/sbin/samba_upgradedns", line 293, in <module> paths, lp.configfile, lp) File "/usr/local/samba/lib64/python3.6/site-packages/samba/provision/__init__.py", line 209, in find_provision_key_parameters names.netbiosname = str(res[0]["sAMAccountName"]).replace("$", "") IndexError: list index out of range This however might be expected b/c Samba failed to join the DC before.> Can you clone your Samba DC and sandbox the clone ?This is what I'd like to do in the very end if nothing else helped. I don't have enough resources at the moment to sandbox all of that.> Can you run this search on your Samba DC:> ldbsearch -H /var/lib/samba/private/sam.ldb -b > 'CN=Configuration,DC=samdom,DC=example,DC=com' -s sub > '(|(dnsRoot=DomainDnsZones.samdom.example.com)(dnsRoot=ForestDnsZones.samdom.example.com))' > nCName# record 1 dn: CN=e099a041-eb07-4123-9325-15cd9edcaf54,CN=Partitions,CN=Configuration,DC=domain,DC=com nCName: DC=DomainDnsZones,DC=domain,DC=com # record 2 dn: CN=2400e56f-8acd-4764-9c51-23aba14730b7,CN=Partitions,CN=Configuration,DC=domain,DC=com nCName: DC=ForestDnsZones,DC=domain,DC=com -- Best regards, Alex
Rowland, After some debugging, I was able to find the source of this error: ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') It's thrown during the join b/c Samba is trying to find the DNS record for the new DC (the Samba) inside DC=DomainDnsZones,DC=domain,DC=com instead of DC=ForestDnsZones,DC=domain,DC=com. Do you have any ideas why and how to deal with that? After upgrading to forest-wide zone, DomainDnsZones context contains only RootDSE entries.>>>> The other option is to remove 'DC=DomainDnsZones,DC=domain,DC=com' and >>>> 'DC=ForestDnsZones,DC=domain,DC=com' after the join and then run >>>> 'samba_upgradedns', would this work ? >>> While it seems to be safe to delete DomainDnsZones context, the ForestDnsZones >>> context seems to contain the real DNS zone info:-- Best regards, Alex Alex
Rowland penny
2020-Feb-11 16:49 UTC
[Samba] FW: samba_kcc issue after joining the domain as a DC
On 11/02/2020 16:29, Alex via samba wrote:> Rowland, > > After some debugging, I was able to find the source of this error: > ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR') > > It's thrown during the join b/c Samba is trying to find the DNS record for the > new DC (the Samba) inside DC=DomainDnsZones,DC=domain,DC=com instead of > DC=ForestDnsZones,DC=domain,DC=com. > > Do you have any ideas why and how to deal with that?As for the why, it is because that is where it should be: dn: DC=DC4,DC=samdom.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=samdom,DC=example,DC=com objectClass: top objectClass: dnsNode What does 'samba-tool dns zonelist IP_OF_WINDOWS_DC' show ? Rowland