problem after replacing a Win2K3 AD

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

problem after replacing a Win2K3 AD

Samba - General mailing list
 

Hi people!

I replace a Win2K3 AD with samba4, and i did a
samba-tool domain demote --remove-other-dead-server...

Now everything
seems to be working ok in the new domain controller. But, Im getting
this warning all the time:

[2017/07/27 11:15:18.747179, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)

 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL
[2017/07/27 11:15:23.345079, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL
[2017/07/27 11:15:23.584603, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL
[2017/07/27 11:15:23.812232, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL
[2017/07/27 11:15:28.351025, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL
[2017/07/27 11:15:28.641716, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL
[2017/07/27 11:15:28.882820, 0]
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
 Failed
to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
NT_STATUS_UNSUCCESSFUL

How can I fix this?

Tnxs in advance.

 
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: problem after replacing a Win2K3 AD

Samba - General mailing list
 

Researching a little more I found this:

Checking object
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
Not
fixing nTSecurityDescriptor on
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local

Checking
object
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
Not
fixing nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local

Checking
object CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local
Not fixing nTSecurityDescriptor on
CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local

Checking object
CN=PC108,CN=Computers,DC=Trust,DC=local
Not fixing nTSecurityDescriptor
on CN=PC108,CN=Computers,DC=Trust,DC=local

Checking object
@ROOTDSE
Please use --fix to fix these errors
Checked 358 objects (240
errors)

How can I see what value is going to be fixed ?

Tnxs in
advance.

On Thu, 27 Jul 2017 11:19:37 -0300, Guido Lorenzutti via
samba wrote:

> Hi people!
>
> I replace a Win2K3 AD with samba4, and
i did a
> samba-tool domain demote --remove-other-dead-server...
>
>
Now everything
> seems to be working ok in the new domain controller.
But, Im getting
> this warning all the time:
>
> [2017/07/27
11:15:18.747179, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
> [2017/07/27 11:15:23.345079, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
> [2017/07/27 11:15:23.584603, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
> [2017/07/27 11:15:23.812232, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
> [2017/07/27 11:15:28.351025, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
> [2017/07/27 11:15:28.641716, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
> [2017/07/27 11:15:28.882820, 0]
>
../source4/librpc/rpc/dcerpc_util.c:745(dcerpc_pipe_auth_recv)
>
Failed
> to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
>
ncacn_ip_tcp:192.168.0.66[1024,seal,krb5,target_hostname=1273a7af-46da-4ba4-8542-b263fd460ca6._msdcs.Trust.local,target_principal=GC/ServerIbm.Trust.local/Trust.local,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=192.168.0.12]
>
NT_STATUS_UNSUCCESSFUL
>
> How can I fix this?
>
> Tnxs in advance.


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: problem after replacing a Win2K3 AD

Samba - General mailing list
On Thu, 27 Jul 2017 20:57:41 -0300
Guido Lorenzutti via samba <[hidden email]> wrote:

>  
>
> Researching a little more I found this:
>
> Checking object
> @ROOTDSE
> Please use --fix to fix these errors
> Checked 358 objects (240
> errors)
>
> How can I see what value is going to be fixed ?
>
> Tnxs in
> advance.
>

You could try adding '-v' to the command, or just add '--fix' and
you will be asked to confirm each and every one, but most people just
add '--fix --yes' and get everything fixed and don't care what they
are fixing.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: problem after replacing a Win2K3 AD

Samba - General mailing list
 

On Fri, 28 Jul 2017 09:43:04 +0100, Rowland Penny via samba wrote:


> On Thu, 27 Jul 2017 20:57:41 -0300
> Guido Lorenzutti via samba
wrote:
>
>> Researching a little more I found this: Checking object
@ROOTDSE Please use --fix to fix these errors Checked 358 objects (240
errors) How can I see what value is going to be fixed ? Tnxs in
advance.
>
> You could try adding '-v' to the command, or just add
'--fix' and
> you will be asked to confirm each and every one, but most
people just
> add '--fix --yes' and get everything fixed and don't care
what they
> are fixing.
>
> Rowland

Well.. i didnt work: I run...


root@dc:~# samba-tool dbcheck --fix --yes | tail
Fix
nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local?
[YES]
Fixed attribute 'nTSecurityDescriptor' of
'CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local'

Fix
nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local? [YES]
Fixed attribute
'nTSecurityDescriptor' of 'CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local'

Fix nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local? [YES]
Fixed attribute
'nTSecurityDescriptor' of
'CN=PC108,CN=Computers,DC=Trust,DC=local'

Checked 358 objects (240
errors)

root@dc:~# samba-tool dbcheck | tail
Not fixing
nTSecurityDescriptor on
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local

Not
fixing nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local

Not
fixing nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local

Not fixing nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local

Please use --fix to fix these
errors
Checked 358 objects (240 errors)

The errors are still there..
and I found another problem:

root@dc:~# samba_dnsupdate --verbose
--all-names
IPs: ['192.168.0.12']
force update: A dc.Trust.local
192.168.0.12
force update: A Trust.local 192.168.0.12
force update: SRV
_ldap._tcp.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _kpasswd._tcp.Trust.local
dc.Trust.local 464
force update: SRV _kpasswd._udp.Trust.local
dc.Trust.local 464
force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
force update: A gc._msdcs.Trust.local
192.168.0.12
force update: SRV _gc._tcp.Trust.local dc.Trust.local
3268
force update: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local
3268
force update: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
need delete: A dc.Trust.local 192.168.0.66
need
delete: A Trust.local 192.168.0.66
need delete: A gc._msdcs.Trust.local
192.168.0.66
21 DNS updates and 3 DNS deletes needed
Traceback (most
recent call last):
 File "/usr/sbin/samba_dnsupdate", line 784, in

creds = get_credentials(lp)
 File "/usr/sbin/samba_dnsupdate", line 169,
in get_credentials
 raise e
RuntimeError: kinit for DC$@TRUST.LOCAL
failed (Cannot contact any KDC for requested realm)

But, If i add an ip
alias to my dc, of the old and dead win2k3 (192.168.0.66) the output is
this:

root@dc:~# samba_dnsupdate --verbose --all-names
IPs:
['192.168.0.12', '192.168.0.66']
force update: A dc.Trust.local
192.168.0.12
force update: A Trust.local 192.168.0.12
force update: SRV
_ldap._tcp.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
force update: SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _kpasswd._tcp.Trust.local
dc.Trust.local 464
force update: SRV _kpasswd._udp.Trust.local
dc.Trust.local 464
force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
force update: SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
force update: A gc._msdcs.Trust.local
192.168.0.12
force update: SRV _gc._tcp.Trust.local dc.Trust.local
3268
force update: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local
3268
force update: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
force update: A dc.Trust.local 192.168.0.66
force
update: A Trust.local 192.168.0.66
force update: A gc._msdcs.Trust.local
192.168.0.66
24 DNS updates and 0 DNS deletes needed
Successfully
obtained Kerberos ticket to DNS/serveribm.trust.local as
DC$
update(nsupdate): A dc.Trust.local 192.168.0.12
Calling nsupdate for
A dc.Trust.local 192.168.0.12 (add)
Failed nsupdate: A dc.Trust.local
192.168.0.12 : [Errno 2] No such file or directory
update(nsupdate): A
Trust.local 192.168.0.12
Calling nsupdate for A Trust.local 192.168.0.12
(add)
Failed nsupdate: A Trust.local 192.168.0.12 : [Errno 2] No such
file or directory
update(nsupdate): SRV _ldap._tcp.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV _ldap._tcp.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV _ldap._tcp.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV _ldap._tcp.dc._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 (add)
Failed
nsupdate: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 :
[Errno 2] No such file or directory
update(nsupdate): SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV _kerberos._tcp.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kerberos._udp.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV _kerberos._udp.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV _kerberos._udp.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88 (add)
Failed
nsupdate: SRV _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88 :
[Errno 2] No such file or directory
update(nsupdate): SRV
_kpasswd._tcp.Trust.local dc.Trust.local 464
Calling nsupdate for SRV
_kpasswd._tcp.Trust.local dc.Trust.local 464 (add)
Failed nsupdate: SRV
_kpasswd._tcp.Trust.local dc.Trust.local 464 : [Errno 2] No such file or
directory
update(nsupdate): SRV _kpasswd._udp.Trust.local dc.Trust.local
464
Calling nsupdate for SRV _kpasswd._udp.Trust.local dc.Trust.local
464 (add)
Failed nsupdate: SRV _kpasswd._udp.Trust.local dc.Trust.local
464 : [Errno 2] No such file or directory
update(nsupdate): CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
Calling nsupdate for CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
(add)
Failed nsupdate: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local :
[Errno 2] No such file or directory
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 (add)
Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 (add)
Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or
directory
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
Calling nsupdate for SRV
_ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 (add)
Failed
nsupdate: SRV _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 :
[Errno 2] No such file or directory
update(nsupdate): A
gc._msdcs.Trust.local 192.168.0.12
Calling nsupdate for A
gc._msdcs.Trust.local 192.168.0.12 (add)
Failed nsupdate: A
gc._msdcs.Trust.local 192.168.0.12 : [Errno 2] No such file or
directory
update(nsupdate): SRV _gc._tcp.Trust.local dc.Trust.local
3268
Calling nsupdate for SRV _gc._tcp.Trust.local dc.Trust.local 3268
(add)
Failed nsupdate: SRV _gc._tcp.Trust.local dc.Trust.local 3268 :
[Errno 2] No such file or directory
update(nsupdate): SRV
_ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
Calling nsupdate
for SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
(add)
Failed nsupdate: SRV _ldap._tcp.gc._msdcs.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
Calling nsupdate for SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 (add)
Failed nsupdate: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or
directory
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 (add)
Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or
directory
update(nsupdate): A dc.Trust.local 192.168.0.66
Calling
nsupdate for A dc.Trust.local 192.168.0.66 (add)
Failed nsupdate: A
dc.Trust.local 192.168.0.66 : [Errno 2] No such file or
directory
update(nsupdate): A Trust.local 192.168.0.66
Calling nsupdate
for A Trust.local 192.168.0.66 (add)
Failed nsupdate: A Trust.local
192.168.0.66 : [Errno 2] No such file or directory
update(nsupdate): A
gc._msdcs.Trust.local 192.168.0.66
Calling nsupdate for A
gc._msdcs.Trust.local 192.168.0.66 (add)
Failed nsupdate: A
gc._msdcs.Trust.local 192.168.0.66 : [Errno 2] No such file or
directory
Failed update of 24 entries

Tnxs in advance.

 


Links:
------
[1] mailto:[hidden email]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: problem after replacing a Win2K3 AD

Samba - General mailing list
 

On Sun, 30 Jul 2017 13:13:17 -0300, Guido Lorenzutti wrote:

> On
Fri, 28 Jul 2017 09:43:04 +0100, Rowland Penny via samba wrote:
>
>>
On Thu, 27 Jul 2017 20:57:41 -0300
>> Guido Lorenzutti via samba
wrote:
>>
>>> Researching a little more I found this: Checking object
@ROOTDSE Please use --fix to fix these errors Checked 358 objects (240
errors) How can I see what value is going to be fixed ? Tnxs in
advance.
>>
>> You could try adding '-v' to the command, or just add
'--fix' and
>> you will be asked to confirm each and every one, but most
people just
>> add '--fix --yes' and get everything fixed and don't care
what they
>> are fixing.
>>
>> Rowland
>
> Well.. i didnt work: I
run...
>
> root@dc:~# samba-tool dbcheck --fix --yes | tail
> Fix
nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local?
[YES]
> Fixed attribute 'nTSecurityDescriptor' of
'CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local'
>

> Fix nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local? [YES]
> Fixed attribute
'nTSecurityDescriptor' of 'CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local'
>
> Fix nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local? [YES]
> Fixed attribute
'nTSecurityDescriptor' of 'CN=PC108,CN=Computers,DC=Trust,DC=local'
>
>
Checked 358 objects (240 errors)
>
> root@dc:~# samba-tool dbcheck |
tail
> Not fixing nTSecurityDescriptor on
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
>

> Not fixing nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
>

> Not fixing nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local
>
> Not fixing nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local
>
> Please use --fix to fix
these errors
> Checked 358 objects (240 errors)
>
> The errors are
still there.. and I found another problem:
>
> root@dc:~#
samba_dnsupdate --verbose --all-names
> IPs: ['192.168.0.12']
> force
update: A dc.Trust.local 192.168.0.12
> force update: A Trust.local
192.168.0.12
> force update: SRV _ldap._tcp.Trust.local dc.Trust.local
389
> force update: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local
389
> force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
> force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
> force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
> force update: SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
> force update:
SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
> force update: SRV
_kpasswd._udp.Trust.local dc.Trust.local 464
> force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
>
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
> force update: SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
> force update: A gc._msdcs.Trust.local
192.168.0.12
> force update: SRV _gc._tcp.Trust.local dc.Trust.local
3268
> force update: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local
3268
> force update: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
> need delete: A dc.Trust.local 192.168.0.66
> need
delete: A Trust.local 192.168.0.66
> need delete: A
gc._msdcs.Trust.local 192.168.0.66
> 21 DNS updates and 3 DNS deletes
needed
> Traceback (most recent call last):
> File
"/usr/sbin/samba_dnsupdate", line 784, in
> creds =
get_credentials(lp)
> File "/usr/sbin/samba_dnsupdate", line 169, in
get_credentials
> raise e
> RuntimeError: kinit for DC$@TRUST.LOCAL
failed (Cannot contact any KDC for requested realm)
>
> But, If i add
an ip alias to my dc, of the old and dead win2k3 (192.168.0.66) the
output is this:
>
> root@dc:~# samba_dnsupdate --verbose --all-names
>
IPs: ['192.168.0.12', '192.168.0.66']
> force update: A dc.Trust.local
192.168.0.12
> force update: A Trust.local 192.168.0.12
> force update:
SRV _ldap._tcp.Trust.local dc.Trust.local 389
> force update: SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
> force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
> force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
> force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
> force update: SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
> force update:
SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
> force update: SRV
_kpasswd._udp.Trust.local dc.Trust.local 464
> force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
>
force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
> force update: SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389
> force update: A gc._msdcs.Trust.local
192.168.0.12
> force update: SRV _gc._tcp.Trust.local dc.Trust.local
3268
> force update: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local
3268
> force update: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
> force update: A dc.Trust.local 192.168.0.66
>
force update: A Trust.local 192.168.0.66
> force update: A
gc._msdcs.Trust.local 192.168.0.66
> 24 DNS updates and 0 DNS deletes
needed
> Successfully obtained Kerberos ticket to
DNS/serveribm.trust.local as DC$
> update(nsupdate): A dc.Trust.local
192.168.0.12
> Calling nsupdate for A dc.Trust.local 192.168.0.12
(add)
> Failed nsupdate: A dc.Trust.local 192.168.0.12 : [Errno 2] No
such file or directory
> update(nsupdate): A Trust.local 192.168.0.12
>
Calling nsupdate for A Trust.local 192.168.0.12 (add)
> Failed nsupdate:
A Trust.local 192.168.0.12 : [Errno 2] No such file or directory
>
update(nsupdate): SRV _ldap._tcp.Trust.local dc.Trust.local 389
>
Calling nsupdate for SRV _ldap._tcp.Trust.local dc.Trust.local 389
(add)
> Failed nsupdate: SRV _ldap._tcp.Trust.local dc.Trust.local 389 :
[Errno 2] No such file or directory
> update(nsupdate): SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
> Calling nsupdate
for SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 (add)
>
Failed nsupdate: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
: [Errno 2] No such file or directory
> update(nsupdate): SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
> Calling nsupdate for SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 (add)
> Failed nsupdate: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or directory
>
update(nsupdate): SRV _kerberos._tcp.Trust.local dc.Trust.local 88
>
Calling nsupdate for SRV _kerberos._tcp.Trust.local dc.Trust.local 88
(add)
> Failed nsupdate: SRV _kerberos._tcp.Trust.local dc.Trust.local
88 : [Errno 2] No such file or directory
> update(nsupdate): SRV
_kerberos._udp.Trust.local dc.Trust.local 88
> Calling nsupdate for SRV
_kerberos._udp.Trust.local dc.Trust.local 88 (add)
> Failed nsupdate:
SRV _kerberos._udp.Trust.local dc.Trust.local 88 : [Errno 2] No such
file or directory
> update(nsupdate): SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
> Calling
nsupdate for SRV _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
(add)
> Failed nsupdate: SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or directory
>
update(nsupdate): SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
>
Calling nsupdate for SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
(add)
> Failed nsupdate: SRV _kpasswd._tcp.Trust.local dc.Trust.local
464 : [Errno 2] No such file or directory
> update(nsupdate): SRV
_kpasswd._udp.Trust.local dc.Trust.local 464
> Calling nsupdate for SRV
_kpasswd._udp.Trust.local dc.Trust.local 464 (add)
> Failed nsupdate:
SRV _kpasswd._udp.Trust.local dc.Trust.local 464 : [Errno 2] No such
file or directory
> update(nsupdate): CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
>
Calling nsupdate for CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
(add)
> Failed nsupdate: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local :
[Errno 2] No such file or directory
> update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
> Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 (add)
> Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or directory
>
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
> Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 (add)
> Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or directory
>
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
> Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 (add)
> Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or directory
>
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
> Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 (add)
> Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or directory
>
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local
389
> Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389 (add)
> Failed nsupdate: SRV
_ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 : [Errno 2] No such
file or directory
> update(nsupdate): A gc._msdcs.Trust.local
192.168.0.12
> Calling nsupdate for A gc._msdcs.Trust.local 192.168.0.12
(add)
> Failed nsupdate: A gc._msdcs.Trust.local 192.168.0.12 : [Errno
2] No such file or directory
> update(nsupdate): SRV
_gc._tcp.Trust.local dc.Trust.local 3268
> Calling nsupdate for SRV
_gc._tcp.Trust.local dc.Trust.local 3268 (add)
> Failed nsupdate: SRV
_gc._tcp.Trust.local dc.Trust.local 3268 : [Errno 2] No such file or
directory
> update(nsupdate): SRV _ldap._tcp.gc._msdcs.Trust.local
dc.Trust.local 3268
> Calling nsupdate for SRV
_ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268 (add)
> Failed
nsupdate: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268 :
[Errno 2] No such file or directory
> update(nsupdate): SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
> Calling nsupdate for SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 (add)
> Failed nsupdate: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or directory
>
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
> Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 (add)
> Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or directory
>
update(nsupdate): A dc.Trust.local 192.168.0.66
> Calling nsupdate for A
dc.Trust.local 192.168.0.66 (add)
> Failed nsupdate: A dc.Trust.local
192.168.0.66 : [Errno 2] No such file or directory
> update(nsupdate): A
Trust.local 192.168.0.66
> Calling nsupdate for A Trust.local
192.168.0.66 (add)
> Failed nsupdate: A Trust.local 192.168.0.66 :
[Errno 2] No such file or directory
> update(nsupdate): A
gc._msdcs.Trust.local 192.168.0.66
> Calling nsupdate for A
gc._msdcs.Trust.local 192.168.0.66 (add)
> Failed nsupdate: A
gc._msdcs.Trust.local 192.168.0.66 : [Errno 2] No such file or
directory
> Failed update of 24 entries
>
> Tnxs in advance.

Well..
still doing some test I found more evidence that the samba-tool domain
"samba-tool domain demote --remove-other-dead-server=" didnt work as
expected.

If I query the internal dns I found the records of the old
domain controller:

root@dc:~# samba-tool dns query dc.trust.local
trust.local serveribm.trust.local A -U administrador
Password for
[TRUSTadministrador]:
 Name=, Records=1, Children=0
 A: 192.168.0.66
(flags=f0, serial=1478, ttl=3600)

And if I ask for the
_ldap._tcp.trust.local record it points to the old domain controller.

#
dig -t SRV _ldap._tcp.trust.local

;  DiG 9.10.3-P4-Debian  -t SRV
_ldap._tcp.trust.local
;; global options: +cmd
;; Got answer:
;;
->>HEADER

Links:
------
[1] mailto:[hidden email]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: problem after replacing a Win2K3 AD

Samba - General mailing list
 

On Sun, 30 Jul 2017 19:09:44 -0300, Guido Lorenzutti wrote:

> On
Sun, 30 Jul 2017 13:13:17 -0300, Guido Lorenzutti wrote:
>
>> On Fri,
28 Jul 2017 09:43:04 +0100, Rowland Penny via samba wrote:
>>
>>> On
Thu, 27 Jul 2017 20:57:41 -0300
>>> Guido Lorenzutti via samba
wrote:
>>>
>>>> Researching a little more I found this: Checking object
@ROOTDSE Please use --fix to fix these errors Checked 358 objects (240
errors) How can I see what value is going to be fixed ? Tnxs in
advance.
>>>
>>> You could try adding '-v' to the command, or just add
'--fix' and
>>> you will be asked to confirm each and every one, but
most people just
>>> add '--fix --yes' and get everything fixed and
don't care what they
>>> are fixing.
>>>
>>> Rowland
>>
>> Well.. i
didnt work: I run...
>>
>> root@dc:~# samba-tool dbcheck --fix --yes |
tail
>> Fix nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local?
[YES]
>> Fixed attribute 'nTSecurityDescriptor' of
'CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local'
>>

>> Fix nTSecurityDescriptor on CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local? [YES]
>> Fixed attribute
'nTSecurityDescriptor' of 'CN=Operadores de configuración de
red,CN=Builtin,DC=Trust,DC=local'
>>
>> Fix nTSecurityDescriptor on
CN=PC108,CN=Computers,DC=Trust,DC=local? [YES]
>> Fixed attribute
'nTSecurityDescriptor' of 'CN=PC108,CN=Computers,DC=Trust,DC=local'
>>

>> Checked 358 objects (240 errors)
>>
>> root@dc:~# samba-tool
dbcheck | tail
>> Not fixing nTSecurityDescriptor on
CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
>>

>> Not fixing nTSecurityDescriptor on
CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
>>

>> Not fixing nTSecurityDescriptor on CN=Operadores de configuración
de red,CN=Builtin,DC=Trust,DC=local
>>
>> Not fixing
nTSecurityDescriptor on CN=PC108,CN=Computers,DC=Trust,DC=local
>>
>>
Please use --fix to fix these errors
>> Checked 358 objects (240
errors)
>>
>> The errors are still there.. and I found another
problem:
>>
>> root@dc:~# samba_dnsupdate --verbose --all-names
>> IPs:
['192.168.0.12']
>> force update: A dc.Trust.local 192.168.0.12
>> force
update: A Trust.local 192.168.0.12
>> force update: SRV
_ldap._tcp.Trust.local dc.Trust.local 389
>> force update: SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
>> force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
>> force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
>> force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
>> force update: SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
>> force update:
SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
>> force update: SRV
_kpasswd._udp.Trust.local dc.Trust.local 464
>> force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
>> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
>> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
>> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
>> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
>> force update: SRV
_ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389
>> force update: A
gc._msdcs.Trust.local 192.168.0.12
>> force update: SRV
_gc._tcp.Trust.local dc.Trust.local 3268
>> force update: SRV
_ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
>> force update:
SRV _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
>> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
>> need delete: A dc.Trust.local 192.168.0.66
>>
need delete: A Trust.local 192.168.0.66
>> need delete: A
gc._msdcs.Trust.local 192.168.0.66
>> 21 DNS updates and 3 DNS deletes
needed
>> Traceback (most recent call last):
>> File
"/usr/sbin/samba_dnsupdate", line 784, in
>> creds =
get_credentials(lp)
>> File "/usr/sbin/samba_dnsupdate", line 169, in
get_credentials
>> raise e
>> RuntimeError: kinit for DC$@TRUST.LOCAL
failed (Cannot contact any KDC for requested realm)
>>
>> But, If i add
an ip alias to my dc, of the old and dead win2k3 (192.168.0.66) the
output is this:
>>
>> root@dc:~# samba_dnsupdate --verbose
--all-names
>> IPs: ['192.168.0.12', '192.168.0.66']
>> force update: A
dc.Trust.local 192.168.0.12
>> force update: A Trust.local
192.168.0.12
>> force update: SRV _ldap._tcp.Trust.local dc.Trust.local
389
>> force update: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local
389
>> force update: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
>> force update: SRV _kerberos._tcp.Trust.local
dc.Trust.local 88
>> force update: SRV _kerberos._udp.Trust.local
dc.Trust.local 88
>> force update: SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
>> force update:
SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
>> force update: SRV
_kpasswd._udp.Trust.local dc.Trust.local 464
>> force update: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
>> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
>> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
>> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
>> force update: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
>> force update: SRV
_ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389
>> force update: A
gc._msdcs.Trust.local 192.168.0.12
>> force update: SRV
_gc._tcp.Trust.local dc.Trust.local 3268
>> force update: SRV
_ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
>> force update:
SRV _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
>> force update: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
>> force update: A dc.Trust.local 192.168.0.66
>>
force update: A Trust.local 192.168.0.66
>> force update: A
gc._msdcs.Trust.local 192.168.0.66
>> 24 DNS updates and 0 DNS deletes
needed
>> Successfully obtained Kerberos ticket to
DNS/serveribm.trust.local as DC$
>> update(nsupdate): A dc.Trust.local
192.168.0.12
>> Calling nsupdate for A dc.Trust.local 192.168.0.12
(add)
>> Failed nsupdate: A dc.Trust.local 192.168.0.12 : [Errno 2] No
such file or directory
>> update(nsupdate): A Trust.local
192.168.0.12
>> Calling nsupdate for A Trust.local 192.168.0.12 (add)
>>
Failed nsupdate: A Trust.local 192.168.0.12 : [Errno 2] No such file or
directory
>> update(nsupdate): SRV _ldap._tcp.Trust.local dc.Trust.local
389
>> Calling nsupdate for SRV _ldap._tcp.Trust.local dc.Trust.local
389 (add)
>> Failed nsupdate: SRV _ldap._tcp.Trust.local dc.Trust.local
389 : [Errno 2] No such file or directory
>> update(nsupdate): SRV
_ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
>> Calling nsupdate
for SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 (add)
>>
Failed nsupdate: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
: [Errno 2] No such file or directory
>> update(nsupdate): SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389
>> Calling nsupdate for SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 (add)
>> Failed nsupdate: SRV
_ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV _kerberos._tcp.Trust.local dc.Trust.local 88
>>
Calling nsupdate for SRV _kerberos._tcp.Trust.local dc.Trust.local 88
(add)
>> Failed nsupdate: SRV _kerberos._tcp.Trust.local dc.Trust.local
88 : [Errno 2] No such file or directory
>> update(nsupdate): SRV
_kerberos._udp.Trust.local dc.Trust.local 88
>> Calling nsupdate for SRV
_kerberos._udp.Trust.local dc.Trust.local 88 (add)
>> Failed nsupdate:
SRV _kerberos._udp.Trust.local dc.Trust.local 88 : [Errno 2] No such
file or directory
>> update(nsupdate): SRV
_kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
>> Calling
nsupdate for SRV _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
(add)
>> Failed nsupdate: SRV _kerberos._tcp.dc._msdcs.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
>>
Calling nsupdate for SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
(add)
>> Failed nsupdate: SRV _kpasswd._tcp.Trust.local dc.Trust.local
464 : [Errno 2] No such file or directory
>> update(nsupdate): SRV
_kpasswd._udp.Trust.local dc.Trust.local 464
>> Calling nsupdate for SRV
_kpasswd._udp.Trust.local dc.Trust.local 464 (add)
>> Failed nsupdate:
SRV _kpasswd._udp.Trust.local dc.Trust.local 464 : [Errno 2] No such
file or directory
>> update(nsupdate): CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
dc.Trust.local
>> Calling nsupdate for CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
(add)
>> Failed nsupdate: CNAME
b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local :
[Errno 2] No such file or directory
>> update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389
>> Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 (add)
>> Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389
>> Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 (add)
>> Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 389 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88
>> Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 (add)
>> Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88
>> Calling nsupdate for SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 (add)
>> Failed nsupdate: SRV
_kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
dc.Trust.local 88 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local
389
>> Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.Trust.local
dc.Trust.local 389 (add)
>> Failed nsupdate: SRV
_ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 : [Errno 2] No such
file or directory
>> update(nsupdate): A gc._msdcs.Trust.local
192.168.0.12
>> Calling nsupdate for A gc._msdcs.Trust.local
192.168.0.12 (add)
>> Failed nsupdate: A gc._msdcs.Trust.local
192.168.0.12 : [Errno 2] No such file or directory
>> update(nsupdate):
SRV _gc._tcp.Trust.local dc.Trust.local 3268
>> Calling nsupdate for SRV
_gc._tcp.Trust.local dc.Trust.local 3268 (add)
>> Failed nsupdate: SRV
_gc._tcp.Trust.local dc.Trust.local 3268 : [Errno 2] No such file or
directory
>> update(nsupdate): SRV _ldap._tcp.gc._msdcs.Trust.local
dc.Trust.local 3268
>> Calling nsupdate for SRV
_ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268 (add)
>> Failed
nsupdate: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268 :
[Errno 2] No such file or directory
>> update(nsupdate): SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268
>> Calling nsupdate for SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 (add)
>> Failed nsupdate: SRV
_gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or directory
>>
update(nsupdate): SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268
>> Calling nsupdate for SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 (add)
>> Failed nsupdate: SRV
_ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
dc.Trust.local 3268 : [Errno 2] No such file or directory
>>
update(nsupdate): A dc.Trust.local 192.168.0.66
>> Calling nsupdate for
A dc.Trust.local 192.168.0.66 (add)
>> Failed nsupdate: A dc.Trust.local
192.168.0.66 : [Errno 2] No such file or directory
>> update(nsupdate):
A Trust.local 192.168.0.66
>> Calling nsupdate for A Trust.local
192.168.0.66 (add)
>> Failed nsupdate: A Trust.local 192.168.0.66 :
[Errno 2] No such file or directory
>> update(nsupdate): A
gc._msdcs.Trust.local 192.168.0.66
>> Calling nsupdate for A
gc._msdcs.Trust.local 192.168.0.66 (add)
>> Failed nsupdate: A
gc._msdcs.Trust.local 192.168.0.66 : [Errno 2] No such file or
directory
>> Failed update of 24 entries
>>
>> Tnxs in advance.
>
>
Well.. still doing some test I found more evidence that the samba-tool
domain "samba-tool domain demote --remove-other-dead-server=" didnt work
as expected.
>
> If I query the internal dns I found the records of
the old domain controller:
>
> root@dc:~# samba-tool dns query
dc.trust.local trust.local serveribm.trust.local A -U administrador
>
Password for [TRUSTadministrador]:
> Name=, Records=1, Children=0
> A:
192.168.0.66 (flags=f0, serial=1478, ttl=3600)
>
> And if I ask for the
_ldap._tcp.trust.local record it points to the old domain controller.
>

> # dig -t SRV _ldap._tcp.trust.local
>
> ; DiG 9.10.3-P4-Debian -t
SRV _ldap._tcp.trust.local
> ;; global options: +cmd
> ;; Got answer:
>
;; ->>HEADER

I forget to mention that I did try to update the dns with
no luck:

#samba-tool dns update dc trust.local _ldap._tcp.trust.local
SRV serveribm.trust.local "dc.trust.local 389 0 100" -U administrador


Password for [TRUSTadministrador]:
ERROR: Data requires 4 elements -
server, port, priority, weight

If I do this:

samba-tool dns update dc
trust.local _ldap._tcp.trust.local SRV serveribm.trust.local
dc.trust.local -U administrador
The samba-tool dosent even ask me for
the password, it only gives me the this error:

ERROR: Data requires 4
elements - server, port, priority, weight

But Im providing all the
required elements.

Also, this dosen't work:

# samba-tool dns query dc
trust.local * ALL -U administrador

Usage: samba-tool dns query    
[options]

My idea was to list all of the records on the trust.local
zone.

 

Links:
------
[1] mailto:[hidden email]
--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: problem after replacing a Win2K3 AD

Samba - General mailing list
On Sun, 30 Jul 2017 19:56:37 -0300
Guido Lorenzutti <[hidden email]> wrote:

>  
>
> On Sun, 30 Jul 2017 19:09:44 -0300, Guido Lorenzutti wrote:
>
> > On
> Sun, 30 Jul 2017 13:13:17 -0300, Guido Lorenzutti wrote:
> >
> >> On Fri,
> 28 Jul 2017 09:43:04 +0100, Rowland Penny via samba wrote:
> >>
> >>> On
> Thu, 27 Jul 2017 20:57:41 -0300
> >>> Guido Lorenzutti via samba
> wrote:
> >>>
> >>>> Researching a little more I found this: Checking object
> @ROOTDSE Please use --fix to fix these errors Checked 358 objects (240
> errors) How can I see what value is going to be fixed ? Tnxs in
> advance.
> >>>
> >>> You could try adding '-v' to the command, or just add
> '--fix' and
> >>> you will be asked to confirm each and every one, but
> most people just
> >>> add '--fix --yes' and get everything fixed and
> don't care what they
> >>> are fixing.
> >>>
> >>> Rowland
> >>
> >> Well.. i
> didnt work: I run...
> >>
> >> root@dc:~# samba-tool dbcheck --fix --yes |
> tail
> >> Fix nTSecurityDescriptor on
> CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local?
> [YES]
> >> Fixed attribute 'nTSecurityDescriptor' of
> 'CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local'
> >>
>
> >> Fix nTSecurityDescriptor on CN=Operadores de configuración de
> red,CN=Builtin,DC=Trust,DC=local? [YES]
> >> Fixed attribute
> 'nTSecurityDescriptor' of 'CN=Operadores de configuración de
> red,CN=Builtin,DC=Trust,DC=local'
> >>
> >> Fix nTSecurityDescriptor on
> CN=PC108,CN=Computers,DC=Trust,DC=local? [YES]
> >> Fixed attribute
> 'nTSecurityDescriptor' of 'CN=PC108,CN=Computers,DC=Trust,DC=local'
> >>
>
> >> Checked 358 objects (240 errors)
> >>
> >> root@dc:~# samba-tool
> dbcheck | tail
> >> Not fixing nTSecurityDescriptor on
> CN=6bcd567f-8314-11d6-977b-00c04f613221,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
> >>
>
> >> Not fixing nTSecurityDescriptor on
> CN=6ff880d6-11e7-4ed1-a20f-aac45da48650,CN=Operations,CN=DomainUpdates,CN=System,DC=Trust,DC=local
> >>
>
> >> Not fixing nTSecurityDescriptor on CN=Operadores de configuración
> de red,CN=Builtin,DC=Trust,DC=local
> >>
> >> Not fixing
> nTSecurityDescriptor on CN=PC108,CN=Computers,DC=Trust,DC=local
> >>
> >>
> Please use --fix to fix these errors
> >> Checked 358 objects (240
> errors)
> >>
> >> The errors are still there.. and I found another
> problem:
> >>
> >> root@dc:~# samba_dnsupdate --verbose --all-names
> >> IPs:
> ['192.168.0.12']
> >> force update: A dc.Trust.local 192.168.0.12
> >> force
> update: A Trust.local 192.168.0.12
> >> force update: SRV
> _ldap._tcp.Trust.local dc.Trust.local 389
> >> force update: SRV
> _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
> >> force update: SRV
> _ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
> dc.Trust.local 389
> >> force update: SRV _kerberos._tcp.Trust.local
> dc.Trust.local 88
> >> force update: SRV _kerberos._udp.Trust.local
> dc.Trust.local 88
> >> force update: SRV
> _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
> >> force update:
> SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
> >> force update: SRV
> _kpasswd._udp.Trust.local dc.Trust.local 464
> >> force update: CNAME
> b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
> dc.Trust.local
> >> force update: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 389
> >> force update: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 389
> >> force update: SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 88
> >> force update: SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 88
> >> force update: SRV
> _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389
> >> force update: A
> gc._msdcs.Trust.local 192.168.0.12
> >> force update: SRV
> _gc._tcp.Trust.local dc.Trust.local 3268
> >> force update: SRV
> _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
> >> force update:
> SRV _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 3268
> >> force update: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
> dc.Trust.local 3268
> >> need delete: A dc.Trust.local 192.168.0.66
> >>
> need delete: A Trust.local 192.168.0.66
> >> need delete: A
> gc._msdcs.Trust.local 192.168.0.66
> >> 21 DNS updates and 3 DNS deletes
> needed
> >> Traceback (most recent call last):
> >> File
> "/usr/sbin/samba_dnsupdate", line 784, in
> >> creds =
> get_credentials(lp)
> >> File "/usr/sbin/samba_dnsupdate", line 169, in
> get_credentials
> >> raise e
> >> RuntimeError: kinit for DC$@TRUST.LOCAL
> failed (Cannot contact any KDC for requested realm)
> >>
> >> But, If i add
> an ip alias to my dc, of the old and dead win2k3 (192.168.0.66) the
> output is this:
> >>
> >> root@dc:~# samba_dnsupdate --verbose
> --all-names
> >> IPs: ['192.168.0.12', '192.168.0.66']
> >> force update: A
> dc.Trust.local 192.168.0.12
> >> force update: A Trust.local
> 192.168.0.12
> >> force update: SRV _ldap._tcp.Trust.local dc.Trust.local
> 389
> >> force update: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local
> 389
> >> force update: SRV
> _ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
> dc.Trust.local 389
> >> force update: SRV _kerberos._tcp.Trust.local
> dc.Trust.local 88
> >> force update: SRV _kerberos._udp.Trust.local
> dc.Trust.local 88
> >> force update: SRV
> _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
> >> force update:
> SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
> >> force update: SRV
> _kpasswd._udp.Trust.local dc.Trust.local 464
> >> force update: CNAME
> b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
> dc.Trust.local
> >> force update: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 389
> >> force update: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 389
> >> force update: SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 88
> >> force update: SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 88
> >> force update: SRV
> _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389
> >> force update: A
> gc._msdcs.Trust.local 192.168.0.12
> >> force update: SRV
> _gc._tcp.Trust.local dc.Trust.local 3268
> >> force update: SRV
> _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268
> >> force update:
> SRV _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 3268
> >> force update: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
> dc.Trust.local 3268
> >> force update: A dc.Trust.local 192.168.0.66
> >>
> force update: A Trust.local 192.168.0.66
> >> force update: A
> gc._msdcs.Trust.local 192.168.0.66
> >> 24 DNS updates and 0 DNS deletes
> needed
> >> Successfully obtained Kerberos ticket to
> DNS/serveribm.trust.local as DC$
> >> update(nsupdate): A dc.Trust.local
> 192.168.0.12
> >> Calling nsupdate for A dc.Trust.local 192.168.0.12
> (add)
> >> Failed nsupdate: A dc.Trust.local 192.168.0.12 : [Errno 2] No
> such file or directory
> >> update(nsupdate): A Trust.local
> 192.168.0.12
> >> Calling nsupdate for A Trust.local 192.168.0.12 (add)
> >>
> Failed nsupdate: A Trust.local 192.168.0.12 : [Errno 2] No such file
> or directory
> >> update(nsupdate): SRV _ldap._tcp.Trust.local dc.Trust.local
> 389
> >> Calling nsupdate for SRV _ldap._tcp.Trust.local dc.Trust.local
> 389 (add)
> >> Failed nsupdate: SRV _ldap._tcp.Trust.local dc.Trust.local
> 389 : [Errno 2] No such file or directory
> >> update(nsupdate): SRV
> _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389
> >> Calling nsupdate
> for SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local 389 (add)
> >>
> Failed nsupdate: SRV _ldap._tcp.dc._msdcs.Trust.local dc.Trust.local
> 389 : [Errno 2] No such file or directory
> >> update(nsupdate): SRV
> _ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
> dc.Trust.local 389
> >> Calling nsupdate for SRV
> _ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
> dc.Trust.local 389 (add)
> >> Failed nsupdate: SRV
> _ldap._tcp.ea8419f7-16a5-449b-9ec5-c7ec7f0265a3.domains._msdcs.Trust.local
> dc.Trust.local 389 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV _kerberos._tcp.Trust.local dc.Trust.local 88
> >>
> Calling nsupdate for SRV _kerberos._tcp.Trust.local dc.Trust.local 88
> (add)
> >> Failed nsupdate: SRV _kerberos._tcp.Trust.local dc.Trust.local
> 88 : [Errno 2] No such file or directory
> >> update(nsupdate): SRV
> _kerberos._udp.Trust.local dc.Trust.local 88
> >> Calling nsupdate for SRV
> _kerberos._udp.Trust.local dc.Trust.local 88 (add)
> >> Failed nsupdate:
> SRV _kerberos._udp.Trust.local dc.Trust.local 88 : [Errno 2] No such
> file or directory
> >> update(nsupdate): SRV
> _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local 88
> >> Calling
> nsupdate for SRV _kerberos._tcp.dc._msdcs.Trust.local dc.Trust.local
> 88 (add)
> >> Failed nsupdate: SRV _kerberos._tcp.dc._msdcs.Trust.local
> dc.Trust.local 88 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
> >>
> Calling nsupdate for SRV _kpasswd._tcp.Trust.local dc.Trust.local 464
> (add)
> >> Failed nsupdate: SRV _kpasswd._tcp.Trust.local dc.Trust.local
> 464 : [Errno 2] No such file or directory
> >> update(nsupdate): SRV
> _kpasswd._udp.Trust.local dc.Trust.local 464
> >> Calling nsupdate for SRV
> _kpasswd._udp.Trust.local dc.Trust.local 464 (add)
> >> Failed nsupdate:
> SRV _kpasswd._udp.Trust.local dc.Trust.local 464 : [Errno 2] No such
> file or directory
> >> update(nsupdate): CNAME
> b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
> dc.Trust.local
> >> Calling nsupdate for CNAME
> b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local dc.Trust.local
> (add)
> >> Failed nsupdate: CNAME
> b6183422-9e31-447e-ba37-e232d603e3b3._msdcs.Trust.local
> dc.Trust.local : [Errno 2] No such file or directory
> >> update(nsupdate): SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 389
> >> Calling nsupdate for SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 389 (add)
> >> Failed nsupdate: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 389 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 389
> >> Calling nsupdate for SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 389 (add)
> >> Failed nsupdate: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 389 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 88
> >> Calling nsupdate for SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 88 (add)
> >> Failed nsupdate: SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 88 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 88
> >> Calling nsupdate for SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 88 (add)
> >> Failed nsupdate: SRV
> _kerberos._tcp.Nombre-predeterminado-primer-sitio._sites.dc._msdcs.Trust.local
> dc.Trust.local 88 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local
> 389
> >> Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.Trust.local
> dc.Trust.local 389 (add)
> >> Failed nsupdate: SRV
> _ldap._tcp.pdc._msdcs.Trust.local dc.Trust.local 389 : [Errno 2] No
> such file or directory
> >> update(nsupdate): A gc._msdcs.Trust.local
> 192.168.0.12
> >> Calling nsupdate for A gc._msdcs.Trust.local
> 192.168.0.12 (add)
> >> Failed nsupdate: A gc._msdcs.Trust.local
> 192.168.0.12 : [Errno 2] No such file or directory
> >> update(nsupdate):
> SRV _gc._tcp.Trust.local dc.Trust.local 3268
> >> Calling nsupdate for SRV
> _gc._tcp.Trust.local dc.Trust.local 3268 (add)
> >> Failed nsupdate: SRV
> _gc._tcp.Trust.local dc.Trust.local 3268 : [Errno 2] No such file or
> directory
> >> update(nsupdate): SRV _ldap._tcp.gc._msdcs.Trust.local
> dc.Trust.local 3268
> >> Calling nsupdate for SRV
> _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268 (add)
> >> Failed
> nsupdate: SRV _ldap._tcp.gc._msdcs.Trust.local dc.Trust.local 3268 :
> [Errno 2] No such file or directory
> >> update(nsupdate): SRV
> _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 3268
> >> Calling nsupdate for SRV
> _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 3268 (add)
> >> Failed nsupdate: SRV
> _gc._tcp.Nombre-predeterminado-primer-sitio._sites.Trust.local
> dc.Trust.local 3268 : [Errno 2] No such file or directory
> >>
> update(nsupdate): SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
> dc.Trust.local 3268
> >> Calling nsupdate for SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
> dc.Trust.local 3268 (add)
> >> Failed nsupdate: SRV
> _ldap._tcp.Nombre-predeterminado-primer-sitio._sites.gc._msdcs.Trust.local
> dc.Trust.local 3268 : [Errno 2] No such file or directory
> >>
> update(nsupdate): A dc.Trust.local 192.168.0.66
> >> Calling nsupdate for
> A dc.Trust.local 192.168.0.66 (add)
> >> Failed nsupdate: A dc.Trust.local
> 192.168.0.66 : [Errno 2] No such file or directory
> >> update(nsupdate):
> A Trust.local 192.168.0.66
> >> Calling nsupdate for A Trust.local
> 192.168.0.66 (add)
> >> Failed nsupdate: A Trust.local 192.168.0.66 :
> [Errno 2] No such file or directory
> >> update(nsupdate): A
> gc._msdcs.Trust.local 192.168.0.66
> >> Calling nsupdate for A
> gc._msdcs.Trust.local 192.168.0.66 (add)
> >> Failed nsupdate: A
> gc._msdcs.Trust.local 192.168.0.66 : [Errno 2] No such file or
> directory
> >> Failed update of 24 entries
> >>
> >> Tnxs in advance.
> >
> >
> Well.. still doing some test I found more evidence that the samba-tool
> domain "samba-tool domain demote --remove-other-dead-server=" didnt
> work as expected.
> >
> > If I query the internal dns I found the records of
> the old domain controller:
> >
> > root@dc:~# samba-tool dns query
> dc.trust.local trust.local serveribm.trust.local A -U administrador
> >
> Password for [TRUSTadministrador]:
> > Name=, Records=1, Children=0
> > A:
> 192.168.0.66 (flags=f0, serial=1478, ttl=3600)
> >
> > And if I ask for the
> _ldap._tcp.trust.local record it points to the old domain controller.
> >
>
> > # dig -t SRV _ldap._tcp.trust.local
> >
> > ; DiG 9.10.3-P4-Debian -t
> SRV _ldap._tcp.trust.local
> > ;; global options: +cmd
> > ;; Got answer:
> >
> ;; ->>HEADER
>
> I forget to mention that I did try to update the dns with
> no luck:
>
> #samba-tool dns update dc trust.local _ldap._tcp.trust.local
> SRV serveribm.trust.local "dc.trust.local 389 0 100" -U administrador
>
>
> Password for [TRUSTadministrador]:
> ERROR: Data requires 4 elements -
> server, port, priority, weight
>
> If I do this:
>
> samba-tool dns update dc
> trust.local _ldap._tcp.trust.local SRV serveribm.trust.local
> dc.trust.local -U administrador
> The samba-tool dosent even ask me for
> the password, it only gives me the this error:
>
> ERROR: Data requires 4
> elements - server, port, priority, weight
>
> But Im providing all the
> required elements.

Sorry but you are not ;-)

If you run (on the DC) this:

samba-tool dns update --help

Amongst the output, you will find this:

  SRV    "fqdn_string port priority weight"

You are only providing the FQDN.


>
> Also, this dosen't work:
>
> # samba-tool dns query dc
> trust.local * ALL -U administrador
>
> Usage: samba-tool dns query    
> [options]
>
> My idea was to list all of the records on the trust.local
> zone.
>

I don't think you can use wildcards, try this instead:

samba-tool dns query 127.0.0.1 trust.local _ldap._tcp SRV
-Uadministrator

This should show the records for _ldap._tcp amongst which will be the
missing data.

I personally would 'delete' the wrong record and then 'add' the new one.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Loading...