report on issue of samba_upgradedns

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

report on issue of samba_upgradedns

Samba - General mailing list
Hi,

This is just a report I wanted to share. Maybe someone can put it on the wiki. I created a
new DC for a new site using the samba internal dns option. Later, I decided to go with
bind. So I ran the command, and got this error:

[root@theoden ~]# samba_upgradedns --dns-backend=BIND9_DLZ --verbose
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/private/dns/E-TRUST.COM.BR.zone
DNS records will be automatically created
DNS partitions already exist
Adding dns-theoden account
Traceback (most recent call last):
   File "/sbin/samba_upgradedns", line 433, in <module>
     "DNSNAME" : dnsname }
   File "/usr/lib64/python2.7/site-packages/samba/provision/common.py", line 55, in
setup_add_ldif
     ldb.add_ldif(data, controls)
   File "/usr/lib64/python2.7/site-packages/samba/__init__.py", line 225, in add_ldif
     self.add(msg, controls)
_ldb.LdbError: (53, '../source4/dsdb/samdb/ldb_modules/ridalloc.c:556: No RID Set DN -
Remote RID Set creation needed')

Since it mentions RID creation, I went to the RID master server, looking into the logs, I
found:

   ../source4/rpc_server/drsuapi/getncchanges.c:829: Failed extended allocation RID pool
operation - ../source4/dsdb/samdb/ldb_modules/ridalloc.c:727: Failed to find
serverReference in
CN=THEODEN,CN=Servers,CN=AWS,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br - (null)

In this case, THEODEN is the new DC.

Then, doing the following search for:

ldbsearch -H /var/lib/samba/private/sam.ldb '(CN=THEODEN)' --cross-ncs

on both the new DC and the Rid Master, I find out that the entry
CN=THEODEN,CN=Servers,CN=AWS,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br lacks the
attribute serverReference on the Rid Master.

So I created the following ldif file:

[root@aragorn samba]# cat /root/theoden-fix.ldif
dn: CN=THEODEN,CN=Servers,CN=AWS,CN=Sites,CN=Configuration,DC=e-trust,DC=com,DC=br
changetype: modify
add: serverReference
serverReference: CN=THEODEN,OU=Domain Controllers,DC=e-trust,DC=com,DC=br

And added it to the RID Master's database:

[root@aragorn samba]# ldbmodify -H /var/lib/samba/private/sam.ldb /root/theoden-fix.ldif
Modified 1 records successfully

Then, I restarted the samba services on the rid master. After that, I was able to run the
samba_upgradedns script successfully:

[root@theoden ~]# samba_upgradedns --dns-backend=BIND9_DLZ --verbose
Reading domain information
DNS accounts already exist
No zone file /var/lib/samba/private/dns/E-TRUST.COM.BR.zone
DNS records will be automatically created
DNS partitions already exist
Adding dns-theoden account
See /var/lib/samba/private/named.conf for an example configuration include file for BIND
and /var/lib/samba/private/named.txt for further documentation required for secure DNS updates
Finished upgrading DNS
You have switched to using BIND9_DLZ as your dns backend, but still have the internal dns
starting. Please make sure you add '-dns' to your server services line in your smb.conf.


Regards.

--

       
Vinicius Silva
SOC


BRA: + 55 51 2117.1000 | 55 11 5521.2021
USA: + 1 888 259.5801
[hidden email]
skype: vinicius.bones.silva

       







        Smiley face

www.e-trust.com.br <http://www.e-trust.com.br/>


Esta mensagem pode conter informações confidenciais ou privilegiadas. Se você recebeu esta
mensagem por engano, você não deve usar, copiar, divulgar ou tomar qualquer atitude com
base nestas informações. Solicitamos que você apague a mensagem imediatamente e avise a
E-TRUST, enviando um e-mail para [hidden email]. Opiniões, conclusões ou
informações contidas nesta mensagem não necessariamente refletem a posição oficial da
E-TRUST. Caso assinada digitalmente, a autenticidade desta mensagem pode ser confirmada
pela Autoridade Certificadora Privada E-TRUST, disponível em www.e-trust.com.br.

This message may contain privileged and confidential information for the use of the
intended recipients only. If you are not an intended recipient then you should not
disseminate, copy, or take any action based on its contents. If you have received this
message in error then please notify E-TRUST by sending an e-mail message to
[hidden email] immediately. Views and opinions expressed in this message do not
necessarily reflect the position of E-TRUST. If this message is digitally signed, its
authenticity can be confirmed by E-TRUST Private Certificate Authority, available at
www.e-trust.com.br.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: report on issue of samba_upgradedns

Samba - General mailing list
On Mon, 15 May 2017 12:41:44 -0300
Vinicius Bones Silva via samba <[hidden email]> wrote:

> Hi,
>
> This is just a report I wanted to share. Maybe someone can put it on
> the wiki. I created a new DC for a new site using the samba internal
> dns option. Later, I decided to go with bind. So I ran the command,
> and got this error:
>
> [root@theoden ~]# samba_upgradedns --dns-backend=BIND9_DLZ --verbose
> Reading domain information
> DNS accounts already exist
> No zone file /var/lib/samba/private/dns/E-TRUST.COM.BR.zone
> DNS records will be automatically created
> DNS partitions already exist
> Adding dns-theoden account
> Traceback (most recent call last):
>    File "/sbin/samba_upgradedns", line 433, in <module>
>      "DNSNAME" : dnsname }
>    File
> "/usr/lib64/python2.7/site-packages/samba/provision/common.py", line
> 55, in setup_add_ldif ldb.add_ldif(data, controls)
>    File "/usr/lib64/python2.7/site-packages/samba/__init__.py", line
> 225, in add_ldif self.add(msg, controls)
> _ldb.LdbError: (53,
> '../source4/dsdb/samdb/ldb_modules/ridalloc.c:556: No RID Set DN -
> Remote RID Set creation needed')
>

What version of Samba is this ?
This sounds very similar to this bug:

https://bugzilla.samba.org/show_bug.cgi?id=9954

Which I thought was fixed from 4.5.2

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba