Re: [Samba] Replication Samba PDC to Samba BDC

Tue, 04 Jun 2013 09:52:49 -0700 

On 6/4/2013 8:35 AM, Ricky Nance wrote:

@Giedrius
"Not exactly, as I wrote in my other posts to mailing list, this is glibc's nss dns resolvers' (libnss_dns.so) issue that is ignoring hostnames with "_" (*_*msdcs)" 

Which OS's does that affect?

PDC  is Ubuntu 12.0.4

root@samba:~# cat /etc/debian_version
wheezy/sid

root@samba:~# samba -V
Version 4.1.0pre1-GIT-8bf3112

BDC is on Ubuntu Server 12.0.4

root@bdc:~# samba -V
Version 4.1.0pre1-GIT-b238008





@David, Is your nameserver (in /etc/resolv.conf) on dcA ip.to.dc.a and 
on dcB ip.to.dc.b if so, what happens when you set them both to A? how 
about when you set them both to B? I'd play around with that a bit 
until you get a good replication, then restart samba on both DC's and 
set them properly (dcA needs ip.to.dc.a and dcB needs ip.to.dc.b) .



Yes, after putting ip.to.dc.a on DCB and vice-versa I get the same can't 
find bla.blah.msc.... A record, it only works back again when I add the 
name to /etc/hosts.


Is there any patch I can apply to samba or the like to have this fixed?.

Thanks.



Ricky



On Tue, Jun 4, 2013 at 1:59 AM, "David González Herrera - [DGHVoIP]" 
<[email protected] <mailto:[email protected]>> wrote:


    On 6/4/2013 1:28 AM, Giedrius wrote:

        2013.06.04 09:10, "David González Herrera - [DGHVoIP]" rašė:

            On 6/3/2013 11:57 PM, Giedrius wrote:

                Hi,

                2013.06.04 04:16, "David González Herrera - [DGHVoIP]"
                rašė:

                    Hi,

                    Let's see if any of the questions gets answered or
                    at least I get
                    ponte dto something that can help me.

                    I followed this wiki:
                    
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC#Getting_ready_for_joining_Samba_as_a_DC_to_an_existing_domain

                    I have my S4 domain running, I compiled and
                    installed another S4 to
                    replicate the first server and joined successfully
                    to the domain but
                    replication seems to be broken.

                    Commandused:


                    root@bdc:~# samba-tool domain join mundo.local DC
                    -Uadministrator
                    --realm=mundo.local --password=Mugr3P0pO
                    --dns-backend=BIND9_DLZ
                    Finding a writeable DC for domain 'mundo.local'
                    Found DC samba.mundo.local
                    workgroup is mundo
                    realm is mundo.local
                    checking sAMAccountName
                    Adding CN=BDC,OU=Domain Controllers,DC=mundo,DC=local
                    Adding
                    
CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
                    Adding CN=NTDS
                    
Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
                    Adding SPNs to CN=BDC,OU=Domain
                    Controllers,DC=mundo,DC=local
                    Setting account password for BDC$
                    Enabling account
                    Calling bare provision
                    No IPv6 address will be assigned
                    Provision OK for domain DN DC=mundo,DC=local
                    Starting replication
                    Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
                    objects[402/1550] linked_values[0/0]
                    Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
                    objects[804/1550] linked_values[0/0]
                    Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
                    objects[1206/1550] linked_values[0/0]
                    Schema-DN[CN=Schema,CN=Configuration,DC=mundo,DC=local]
                    objects[1550/1550] linked_values[0/0]
                    Analyze and apply schema objects
                    Partition[CN=Configuration,DC=mundo,DC=local]
                    objects[402/1614]
                    linked_values[0/0]
                    Partition[CN=Configuration,DC=mundo,DC=local]
                    objects[804/1614]
                    linked_values[0/0]
                    Partition[CN=Configuration,DC=mundo,DC=local]
                    objects[1206/1614]
                    linked_values[0/0]
                    Partition[CN=Configuration,DC=mundo,DC=local]
                    objects[1608/1614]
                    linked_values[0/0]
                    Partition[CN=Configuration,DC=mundo,DC=local]
                    objects[1614/1614]
                    linked_values[28/0]
                    Replicating critical objects from the base DN of
                    the domain
                    Partition[DC=mundo,DC=local] objects[98/98]
                    linked_values[31/0]
                    Partition[DC=mundo,DC=local] objects[336/238]
                    linked_values[74/0]
                    Done with always replicated NC (base, config, schema)
                    Replicating DC=DomainDnsZones,DC=mundo,DC=local
                    Partition[DC=DomainDnsZones,DC=mundo,DC=local]
                    objects[42/42]
                    linked_values[0/0]
                    Replicating DC=ForestDnsZones,DC=mundo,DC=local
                    Partition[DC=ForestDnsZones,DC=mundo,DC=local]
                    objects[18/18]
                    linked_values[0/0]
                    Partition[DC=ForestDnsZones,DC=mundo,DC=local]
                    objects[36/18]
                    linked_values[0/0]
                    Committing SAM database
                    Sending DsReplicateUpdateRefs for all the
                    replicated partitions
                    Setting isSynchronized and dsServiceName
                    Setting up secrets database
                    Joined domain mundo (SID
                    S-1-5-21-1918558401-2200574552-2151153235) as
                    a DC

                    Seemed to have succeded, then I radn the
                    recommended tests

                    # ldbsearch -H /usr/local/samba/private/sam.ldb
                    '(invocationid=*)'
                    --cross-ncs objectguid
                    # record 1
                    dn: CN=NTDS
                    
Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
                    objectGUID: 7106cbf4-3cf6-4ed9-b019-dd937035b1e7

                    # record 2
                    dn: CN=NTDS
                    
Settings,CN=SAMBA,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mundo,DC=local
                    objectGUID: ad828198-a723-44c2-8d7f-d5f801e2849f

                    # returned 2 records
                    # 2 entries
                    # 0 referrals


                    These testes run from the BDC seem to work.

                    host -t CNAME
                    ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
                    ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
                    is an alias
                    for samba.mundo.local.

                    host -t CNAME
                    7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
                    7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local
                    is an alias
                    for bdc.mundo.local.

                    root@bdc:~# host -t A bdc.mundo.local.
                    bdc.mundo.local has address 10.10.10.20

                    root@bdc:~# host -t A samba.mundo.local.
                    samba.mundo.local has address 10.10.10.5


                    Error showing up on the BDC

                    dns child failed to find name
                    'ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local'
                    of type A
                    dreplsrv_notify: Failed to send DsReplicaSync to
                    ad828198-a723-44c2-8d7f-d5f801e2849f._msdcs.mundo.local
                    for
                    CN=Configuration,DC=mundo,DC=local -
                    *NT_STATUS_OBJECT_NAME_NOT_FOUND
                    : WERR_BADFILE *

                Did you AT LEAST search the mailing list???????
                Check if ping (or any program using GLIBC's *NSS* DNS
                resolver) can
                resolve your
                7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.local name

            Yes I searched the ML with no luck.

            Yes, I did and it works, I had to add
            7106cbf4-3cf6-4ed9-b019-dd937035b1e7._msdcs.mundo.loca lto
            /etc/hosts
            and it works.

            So I thinks it's a DNS issue.

        Not exactly, as I wrote in my other posts to mailing list, this is
        glibc's nss dns resolvers'  (libnss_dns.so) issue that is ignoring
        hostnames with "_" (*_*msdcs)

    Ok, then we'll have to wait for a patch to glibc, weird thing is
    that on the master PDC with BIND_DLZ as backend there's no problem
    at all. So excuse my ignorance when it comes to that.

    Thanks again mate.

            Thanks for your answer.




    -- 
    David Gonzalez

    DGHVoIP
    USA: +1.213.632.8479
    COL: +57.1.382.6718
    COL: +57.4.247.0985
    URL: www.dghvoip.com <http://www.dghvoip.com>
    Skype: davidgonzalezh

    -- 
    To unsubscribe from this list go to the following URL and read the

    instructions: https://lists.samba.org/mailman/options/samba





--
David Gonzalez
DGHVoIP
USA: +1.213.632.8479
COL: +57.1.382.6718
COL: +57.4.247.0985
URL: www.dghvoip.com
Skype: davidgonzalezh
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





















					Reply via email to