Am 11.01.23 um 15:00 schrieb Thorsten Marquardt via
samba:> Am 11.01.23 um 14:39 schrieb Rowland Penny via samba:
>> On 11/01/2023 13:25, Thorsten Marquardt via samba wrote:
>>> Am 11.01.23 um 14:11 schrieb Rowland Penny via samba:
>>>> On 11/01/2023 12:35, Thorsten Marquardt via samba wrote:
>>>>> Hi,
>>>>>
>>>>> I plan to upgrade/replace my somewhat crippled and outdated
samba 4.7.4
>>>>> domain controller. The OS is an openSUSE-Leap-42.3 which
had no packages
>>>>> for a samba-ad-dc. These packages have been introduced in
successor
>>>>> openSUSE releases starting with Leap-15.0. Leap-15.0 comes
with samba
>>>>> 4.7.11. So I set up a new Leap-15.0 host and joint it as a
dc
>>>>> controller. I set up the sysvol replication (rsync),
transfered the fsmo
>>>>> roles to the new host and switched replication source and
target.
>>>>> Everything apeared to run fine for the moment but if I stop
samba on the
>>>>> old server I'm getting trouble with the sysvol-share
and I can't access
>>>>> the gpo via the windows Group Policy Management Console.
The console is
>>>>> telling me that the old host is still the base domain
controller for my
>>>>> domain wheras samba-tool fsmo show lists all roles are
served by the new
>>>>> on.
>>>>> My plan for the future is to demote the old dc, upgrade the
new one step
>>>>> by step (Leap 15.0 ->15.1 (samba 4.9.5) -> 15.2
(samba 4.11.14)-> 15.3
>>>>> (samba 4.15.12) -> 15.4? ) and finally to set up a new
second dc for
>>>>> failover purposes.
>>>>>
>>>>> What can I do get these problems fixed?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>>
>>>>> Thorsten
>>>>>
>>>>>
>>>> I wonder if you are hitting this bug:
>>>>
>>>> https://bugzilla.samba.org/show_bug.cgi?id=14518
>>>>
>>>> Rowland
>>>>
>>> the bug report refers to _ldap._tcp._pdc._msdcs.dom.tld which I
don't
>>> have. I have _ldap._tcp.dom.tld and yes there are two listed.
>> If you are absolutely sure that you do not have:
>>
>> _ldap._tcp.pdc._msdcs.dom.tld
>>
>> Then you have really big problems. The 'samba_dnsupdate' script
(which
>> runs at Samba startup and then every 10 minutes) uses the file
>> 'dns_update_list' to create missing dns records, one of which
is this:
>>
>> # The PDC emulator
>> ${IF_PDC}SRV _ldap._tcp.pdc._msdcs.${DNSDOMAIN}
>> ${HOSTNAME} 389
>>
>> So, if you haven't got the dns record and your DC is the holder of
the
>> PDC_Emulator FSMO role, the script should create it.
>>
>> You can expect the other two records, one for each DC.
>>
>> Rowland
>>
> this is the result of my nslookup:
> thorsten at hermes:~> nslookup -querytype=srv
> _ldap._tcp._pdc._msdcs.my.local.dom srv-kb-primdc
> Server:???????? srv-kb-primdc
> Address:??????? 192.168.1.17#53
>
> ** server can't find _ldap._tcp._pdc._msdcs.my.local.dom: NXDOMAIN
>
> thorsten at hermes:~> nslookup -querytype=srv
> _ldap._tcp._pdc._msdcs.my.local.dom srv-kb-dc1
> Server:???????? srv-kb-dc1
> Address:??????? 192.168.1.243#53
>
> ** server can't find _ldap._tcp._pdc._msdcs.my.local.dom: NXDOMAIN
>
> and the result of samba-tool-fsmo show:
> srv-kb-dc1:~ # samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
>
> and:
>
> srv-kb-primdc:~ # samba-tool fsmo show
> ldb_wrap open of secrets.ldb
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=SRV-KB-DC1,CN=Servers,CN=Default-Firs...
>
>
> Is there a chance to create the missing records by hand?
>
But what I find is:
thorsten at hermes:~> nslookup -querytype=srv
_ldap._tcp.pdc._msdcs.my.local.dom srv-kb-dc1
Server:???????? srv-kb-dc1
Address:??????? 192.168.1.243#53
_ldap._tcp.pdc._msdcs.intern.my.local.dom? service = 0 100 389
srv-kb-primdc.my.local.dom.
_ldap._tcp.pdc._msdcs.intern.my.local.dom? service = 0 100 389
srv-kb-dc1.my.local.dom.
(its pdc and not _pdc). Is that the Entry I should have looked for?