samba - Mar 2020 - pdc emulator dns record missing after transferring role

Hello Rowland,
>> During the migration from Windows DCs to Samba DCs, the following issue
came up:
>> after  transferring  PDC  emulator  role to a samba DC, the according
DNS record
>> wasn't re-created:
>>
> Yes and no (well not in the way you are thinking)
> Yes, you are missing the fact that the dns_update_list has this:
> # The PDC emulator
> ${IF_PDC}SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}??????????????????? 
> ${HOSTNAME} 389
I  don't  miss  it.  I've  checked dns_update_list before writing, which
made me
thinking  there's  a  bug here along with the fact that after switching the
role
back to Windows DC the pdc record has appeared almost immediately.
> If this is the DC with the PDC Emulator role, but doesn't have the 
> required dns record, samba_dnsupdate should create it next time it is 
> run and Samba runs it regularly.
Hm..  I  was  waiting  for  several minutes after the role was transferred - the
record  wasn't  created.  Wouldn't it be a good enhancement if the fsmo
transfer
command issued samba_dnsupdate right after the role has been transferred?

Just   transferred   the  PDC  role  to  samba  DC  again  and  manually  issued
"samba_dnsupdate  --use-samba-tool --fail-immediately" command right
after that.
No pdc record added and the error came up:
ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
  File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 186, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 945, in run
    raise e
  File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 941, in run
    0, server, zone, name, add_rec_buf, None)

Gave it one more try by restarting samba - same result: no pdc record and that
error in the log.

Any ideas?
> No, it isn't a bug, except after checking on my domain, I find I have 
> two dns records for _ldap._tcp.pdc._msdcs.samdom.example.com and you can 
> only have one PDC Emulator. I will have to examine the code (it could 
> just be my domain), but it is possible that there is no code to delete 
> the dns record if the computer isn't the PDC Emulator.
It  would be great to add such code along with a code which will clean things up
after  the  samba  DC  is demoted - I had to manually delete all the dns records
multiple time during my tests (which is annoying :).

-- 
Best regards,
Alex

Rowland,

I've encountered an issue with connecting to the samba DC's DNS service
from DNS
Manager tool (under Windows). It says "Active Directory service is not
available".

While digging into it, I've found the samba rpc worker throws an error:
[pid 18398] geteuid()                   = 0
[pid 18398] write(3, "[2020/03/18 18:36:21.694834,  2]
../../source4/rpc_server/dnsserver/dnsdb.c:144(dnsserver_db_enumerate_zones)\n",
110) = 110
[pid 18398] geteuid()                   = 0
[pid 18398] write(3, "  dnsserver: Found DNS zone domain.com\n", 40) =
40
[pid 18398] stat("/etc/localtime", {st_mode=S_IFREG|0644,
st_size=1544, ...}) = 0
[pid 18398] geteuid()                   = 0
[pid 18398] write(3, "[2020/03/18 18:36:21.696226,  1]
../../librpc/ndr/ndr.c:632(_ndr_pull_error)\n", 77) = 77
[pid 18398] geteuid()                   = 0
[pid 18398] write(3, "  ndr_pull_uint32: ndr_pull_error(Buffer Size Error):
Pull bytes 4 (../../librpc/ndr/ndr_basic.c:152) at
../../librpc/ndr/ndr_basic.c:152\n", 138) = 138
[pid 18398] getpid()                    = 18398

Any ideas how to fix it?
> Just   transferred   the  PDC  role  to  samba  DC  again  and  manually 
issued
> "samba_dnsupdate  --use-samba-tool --fail-immediately" command
right after that.
> No pdc record added and the error came up:
> ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
>   File
>
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 186, in _run
>     return self.run(*args, **kwargs)
>   File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 945, in run
>     raise e
>   File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 941, in run
>     0, server, zone, name, add_rec_buf, None)
> Gave it one more try by restarting samba - same result: no pdc record and
that
> error in the log.
> Any ideas?
-- 
Best regards,
Alex

On 18/03/2020 15:43, Alex wrote:
> Rowland,
>
> I've encountered an issue with connecting to the samba DC's DNS
service from DNS
> Manager tool (under Windows). It says "Active Directory service is not
> available".
>
> Any ideas how to fix it?
Does the PDC Emulator dns record now exist ?

If not, try creating it with samba-tool

Rowland

Hi Alex

I've had the same DNS manager issue. I've opened a bug 
(https://bugzilla.samba.org/show_bug.cgi?id=14310) and reported on the 
mailing list (https://lists.samba.org/archive/samba/2020-March/228772.html)

No fix yet.

On 18/03/2020 15:43, Alex via samba wrote:
> Rowland,
>
> I've encountered an issue with connecting to the samba DC's DNS
service from DNS
> Manager tool (under Windows). It says "Active Directory service is not
> available".
>
> While digging into it, I've found the samba rpc worker throws an error:
> [pid 18398] geteuid()                   = 0
> [pid 18398] write(3, "[2020/03/18 18:36:21.694834,  2]
../../source4/rpc_server/dnsserver/dnsdb.c:144(dnsserver_db_enumerate_zones)\n",
110) = 110
> [pid 18398] geteuid()                   = 0
> [pid 18398] write(3, "  dnsserver: Found DNS zone domain.com\n",
40) = 40
> [pid 18398] stat("/etc/localtime", {st_mode=S_IFREG|0644,
st_size=1544, ...}) = 0
> [pid 18398] geteuid()                   = 0
> [pid 18398] write(3, "[2020/03/18 18:36:21.696226,  1]
../../librpc/ndr/ndr.c:632(_ndr_pull_error)\n", 77) = 77
> [pid 18398] geteuid()                   = 0
> [pid 18398] write(3, "  ndr_pull_uint32: ndr_pull_error(Buffer Size
Error): Pull bytes 4 (../../librpc/ndr/ndr_basic.c:152) at
../../librpc/ndr/ndr_basic.c:152\n", 138) = 138
> [pid 18398] getpid()                    = 18398
>
> Any ideas how to fix it?
>
>> Just   transferred   the  PDC  role  to  samba  DC  again  and 
manually  issued
>> "samba_dnsupdate  --use-samba-tool --fail-immediately"
command right after that.
>> No pdc record added and the error came up:
>> ERROR(runtime): uncaught exception - (9717,
'WERR_DNS_ERROR_DS_UNAVAILABLE')
>>    File
>>
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/__init__.py",
line 186, in _run
>>      return self.run(*args, **kwargs)
>>    File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 945, in run
>>      raise e
>>    File
"/usr/local/samba/lib64/python3.6/site-packages/samba/netcmd/dns.py",
line 941, in run
>>      0, server, zone, name, add_rec_buf, None)
>> Gave it one more try by restarting samba - same result: no pdc record
and that
>> error in the log.
>> Any ideas?