Web lists-archives.com

[Samba] Replication problems bdc to pdc




Hello,

Replication from backup Active Directory Domain Controler to primary Active Directory Domain Controler does not work, reporting error ' WERR_BADFILE '. The reverse works.

 * Linux: Raspbian, debian stretch lite
 * Samba version 4.5.12-Debian
 * DNS: BIND9_DLZ 9.10.x
 * Installed packages: ntp ntpdate samba smbclient winbind libcups2
   samba-common cups ldb-tools bind9 bind9utils dnsutils krb5-user

root@ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc dc=ry11cit,dc=local
Replicate from ry11citdc to ry11citsdc was successful.


root@ry11citdc:~# root@ry11citdc:~# samba-tool drs replicate ry11citsdc ry11citdc dc=ry11cit,dc=local
-bash: root@ry11citdc:~#: command not found
root@ry11citdc:~# samba-tool drs replicate ry11citdc ry11citsdc dc=ry11cit,dc=local *ERROR(<class 'samba.drs_utils.drsException'>): DsReplicaSync failed - drsException: DsReplicaSync failed (2, 'WERR_BADFILE')** **  File "/usr/lib/python2.7/dist-packages/samba/netcmd/drs.py", line 368, in run** **    drs_utils.sendDsReplicaSync(server_bind, server_bind_handle, source_dsa_guid, NC, req_options)** **  File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 83, in sendDsReplicaSync**
**    raise drsException("DsReplicaSync failed %s" % estr)*

Please help, I don 't know the advice.

System integrator Jiří Knotek


Primary Active Directory Domain Controler:---------------------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------------------------------------------------------------------------

krb5.conf:

[libdefaults]
    default_realm = RY11CIT.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = true

[realms]
RY11CIT.LOCAL = {
    kdc = ry11citdc.ry11cit.local
    admin_server = ry11citdc.ry11cit.local
    default_domain = ry11cit.local
}

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
    directory "/var/cache/bind";

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { none; };
    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

smb.conf:------------------------------

# Global parameters
[global]
    netbios name = RY11CITDC
    realm = RY11CIT.LOCAL
    workgroup = RY11CIT
    server role = active directory domain controller

[netlogon]
    path = /var/lib/samba/sysvol/ry11cit.local/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No


Samba Provision---------------:

    samba-tool domain provision --realm=RY11CIT.LOCAL --domain=RY11CIT --server-role=dc --dns-backend=BIND9_DLZ --adminpass='.....'

samba_dnsupdate --verbose --all-names :-------------------------------------------------------------------------

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11citdc.ry11cit.local. 900    IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    NS ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.ry11cit.local.    900    IN    NS ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ry11cit.local. 900    IN    SRV    0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.ry11cit.local. 900    IN SRV    0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local. 900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.ry11cit.local. 900 IN    SRV    0 100 88 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.ry11cit.local. 900 IN    SRV    0 100 88 ry11citdc.ry11cit.local.

IPs: ['10.44.1.10']
force update: A ry11citdc.ry11cit.local 10.44.1.10
force update: NS ry11cit.local ry11citdc.ry11cit.local
force update: NS _msdcs.ry11cit.local ry11citdc.ry11cit.local
force update: A ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389
force update: SRV _ldap._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 force update: SRV _ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local ry11citdc.ry11cit.local 389
force update: SRV _kerberos._tcp.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kerberos._udp.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kerberos._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88
force update: SRV _kpasswd._tcp.ry11cit.local ry11citdc.ry11cit.local 464
force update: SRV _kpasswd._udp.ry11cit.local ry11citdc.ry11cit.local 464
force update: CNAME 8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local ry11citdc.ry11cit.local force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 389 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 88 force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88 force update: SRV _ldap._tcp.pdc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389
force update: A gc._msdcs.ry11cit.local 10.44.1.10
force update: SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268
force update: SRV _ldap._tcp.gc._msdcs.ry11cit.local ry11citdc.ry11cit.local 3268 force update: SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 3268 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local ry11citdc.ry11cit.local 3268
force update: A DomainDnsZones.ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.DomainDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local ry11citdc.ry11cit.local 389
force update: A ForestDnsZones.ry11cit.local 10.44.1.10
force update: SRV _ldap._tcp.ForestDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local ry11citdc.ry11cit.local 389
29 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/ry11citdc.ry11cit.local as RY11CITDC$
update(nsupdate): A ry11citdc.ry11cit.local 10.44.1.10
Calling nsupdate for A ry11citdc.ry11cit.local 10.44.1.10 (add)
update(nsupdate): NS ry11cit.local ry11citdc.ry11cit.local
Calling nsupdate for NS ry11cit.local ry11citdc.ry11cit.local (add)
update(nsupdate): NS _msdcs.ry11cit.local ry11citdc.ry11cit.local
Calling nsupdate for NS _msdcs.ry11cit.local ry11citdc.ry11cit.local (add)
update(nsupdate): A ry11cit.local 10.44.1.10
Calling nsupdate for A ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _kerberos._tcp.ry11cit.local ry11citdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.ry11cit.local ry11citdc.ry11cit.local 88 (add) update(nsupdate): SRV _kerberos._udp.ry11cit.local ry11citdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._udp.ry11cit.local ry11citdc.ry11cit.local 88 (add) update(nsupdate): SRV _kerberos._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88
Calling nsupdate for SRV _kerbeOutgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.ry11cit.local.    900 IN SRV 0 100 88 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.ry11cit.local. 900 IN    SRV    0 100 464 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.ry11cit.local. 900 IN    SRV    0 100 464 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local. 900 IN CNAME    ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN    SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV    0 100 88 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 88 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.pdc._msdcs.ry11cit.local. 900 IN SRV    0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.ry11cit.local. 900    IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.ry11cit.local.    900    IN    SRV    0 100 3268 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.ry11cit.local. 900    IN SRV    0 100 3268 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100 3268 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local. 900 IN SRV 0 100 3268 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.ry11cit.local. 900 IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local. 900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.ry11cit.local. 900 IN    A    10.44.1.10

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 ry11citdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local. 900 IN SRV 0 100 389 ry11citdc.ry11cit.local.

ros._tcp.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88 (add)
update(nsupdate): SRV _kpasswd._tcp.ry11cit.local ry11citdc.ry11cit.local 464 Calling nsupdate for SRV _kpasswd._tcp.ry11cit.local ry11citdc.ry11cit.local 464 (add) update(nsupdate): SRV _kpasswd._udp.ry11cit.local ry11citdc.ry11cit.local 464 Calling nsupdate for SRV _kpasswd._udp.ry11cit.local ry11citdc.ry11cit.local 464 (add) update(nsupdate): CNAME 8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local ry11citdc.ry11cit.local Calling nsupdate for CNAME 8913e341-f5d8-4619-8cf6-e5e1bd5e7b26._msdcs.ry11cit.local ry11citdc.ry11cit.local (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 88 (add) update(nsupdate): SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citdc.ry11cit.local 88 (add) update(nsupdate): SRV _ldap._tcp.pdc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.pdc._msdcs.ry11cit.local ry11citdc.ry11cit.local 389 (add)
update(nsupdate): A gc._msdcs.ry11cit.local 10.44.1.10
Calling nsupdate for A gc._msdcs.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268
Calling nsupdate for SRV _gc._tcp.ry11cit.local ry11citdc.ry11cit.local 3268 (add) update(nsupdate): SRV _ldap._tcp.gc._msdcs.ry11cit.local ry11citdc.ry11cit.local 3268 Calling nsupdate for SRV _ldap._tcp.gc._msdcs.ry11cit.local ry11citdc.ry11cit.local 3268 (add) update(nsupdate): SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 3268 Calling nsupdate for SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citdc.ry11cit.local 3268 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local ry11citdc.ry11cit.local 3268 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local ry11citdc.ry11cit.local 3268 (add)
update(nsupdate): A DomainDnsZones.ry11cit.local 10.44.1.10
Calling nsupdate for A DomainDnsZones.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 (add)
update(nsupdate): A ForestDnsZones.ry11cit.local 10.44.1.10
Calling nsupdate for A ForestDnsZones.ry11cit.local 10.44.1.10 (add)
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local ry11citdc.ry11cit.local 389 (add)


Backup (Standby) Active Directory Domain Controler:---------------------------------------------------------------------------------------------------

krb5.conf:

[libdefaults]
    default_realm = RY11CIT.LOCAL
    dns_lookup_realm = false
    dns_lookup_kdc = true

[realms]
RY11CIT.LOCAL = {
    kdc = ry11citsdc.ry11cit.local
    admin_server = ry11citsdc.ry11cit.local
    default_domain = ry11cit.local
}

named.conf:------------------------

include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";

named.conf.options:-----------------------

options {
    directory "/var/cache/bind";

    dnssec-validation auto;

    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { none; };
    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

smb.conf:------------------------------

# Global parameters
[global]
    netbios name = RY11CITSDC
    realm = RY11CIT.LOCAL
    workgroup = RY11CIT

    server role = active directory domain controller

[netlogon]
    path = /var/lib/samba/sysvol/ry11cit.local/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No


Samba join:----------------------------

samba-tool domain join RY11CIT DC -Uadministrator --realm=RY11CIT.LOCAL --dns-backend=BIND9_DLZ --adminpass='.....'


samba_dnsupdate --verbose --all-names :-------------------------------------------------------------------------

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11citsdc.ry11cit.local. 900    IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    NS    ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_msdcs.ry11cit.local.    900    IN    NS ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ry11cit.local.        900    IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ry11cit.local. 900    IN    SRV    0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.dc._msdcs.ry11cit.local. 900    IN SRV    0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local. 900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.ry11cit.local. 900 IN    SRV    0 100 88 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._udp.ry11cit.local. 900 IN    SRV    0 100 88 ry11citsdc.ry11cit.local.

IPs: ['10.44.1.9']
force update: A ry11citsdc.ry11cit.local 10.44.1.9
force update: NS ry11cit.local ry11citsdc.ry11cit.local
force update: NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local
force update: A ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389
force update: SRV _ldap._tcp.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 force update: SRV _ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389
force update: SRV _kerberos._tcp.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kerberos._udp.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kerberos._tcp.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 88
force update: SRV _kpasswd._tcp.ry11cit.local ry11citsdc.ry11cit.local 464
force update: SRV _kpasswd._udp.ry11cit.local ry11citsdc.ry11cit.local 464
force update: CNAME a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local ry11citsdc.ry11cit.local force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 389 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 88 force update: SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 88
force update: A gc._msdcs.ry11cit.local 10.44.1.9
force update: SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268
force update: SRV _ldap._tcp.gc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 3268 force update: SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 3268 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 3268
force update: A DomainDnsZones.ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.DomainDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389
force update: A ForestDnsZones.ry11cit.local 10.44.1.9
force update: SRV _ldap._tcp.ForestDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 force update: SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389
28 DNS updates and 0 DNS deletes needed
Successfully obtained Kerberos ticket to DNS/ry11citdc.ry11cit.local as RY11CITSDC$
update(nsupdate): A ry11citsdc.ry11cit.local 10.44.1.9
Calling nsupdate for A ry11citsdc.ry11cit.local 10.44.1.9 (add)
update(nsupdate): NS ry11cit.local ry11citsdc.ry11cit.local
Calling nsupdate for NS ry11cit.local ry11citsdc.ry11cit.local (add)
update(nsupdate): NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local
Calling nsupdate for NS _msdcs.ry11cit.local ry11citsdc.ry11cit.local (add)
update(nsupdate): A ry11cit.local 10.44.1.9
Calling nsupdate for A ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389
Calling nsupdate for SRV _ldap._tcp.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.34eb2e7d-db48-48bc-8b5c-0cb16db7afa7.domains._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _kerberos._tcp.ry11cit.local ry11citsdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.ry11cit.local ry11citsdc.ry11cit.local 88 (add) update(nsupdate): SRV _kerberos._udp.ry11cit.local ry11citsdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._udp.ry11cit.local ry11citsdc.ry11cit.local 88 (add) update(nsupdate): SRV _kerberos._tcp.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.dc._msdcs.ry11cit.local ry11citsdc.ry11ciOutgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.dc._msdcs.ry11cit.local.    900 IN SRV 0 100 88 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._tcp.ry11cit.local. 900 IN    SRV    0 100 464 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kpasswd._udp.ry11cit.local. 900 IN    SRV    0 100 464 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local. 900 IN CNAME    ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV    0 100 88 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local. 900 IN SRV 0 100 88 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
gc._msdcs.ry11cit.local. 900    IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.ry11cit.local.    900    IN    SRV    0 100 3268 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.gc._msdcs.ry11cit.local. 900    IN SRV    0 100 3268 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_gc._tcp.Default-First-Site-Name._sites.ry11cit.local. 900 IN SRV 0 100 3268 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local. 900 IN SRV 0 100 3268 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
DomainDnsZones.ry11cit.local. 900 IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.DomainDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local. 900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
ForestDnsZones.ry11cit.local. 900 IN    A    10.44.1.9

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.ForestDnsZones.ry11cit.local. 900 IN    SRV 0 100 389 ry11citsdc.ry11cit.local.

Outgoing update query:
;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id:      0
;; flags:; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0
;; UPDATE SECTION:
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local. 900 IN SRV 0 100 389 ry11citsdc.ry11cit.local.

t.local 88 (add)
update(nsupdate): SRV _kpasswd._tcp.ry11cit.local ry11citsdc.ry11cit.local 464 Calling nsupdate for SRV _kpasswd._tcp.ry11cit.local ry11citsdc.ry11cit.local 464 (add) update(nsupdate): SRV _kpasswd._udp.ry11cit.local ry11citsdc.ry11cit.local 464 Calling nsupdate for SRV _kpasswd._udp.ry11cit.local ry11citsdc.ry11cit.local 464 (add) update(nsupdate): CNAME a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local ry11citsdc.ry11cit.local Calling nsupdate for CNAME a5df439f-014c-455a-a12b-1c84b6fa466e._msdcs.ry11cit.local ry11citsdc.ry11cit.local (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 88 (add) update(nsupdate): SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 88 Calling nsupdate for SRV _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 88 (add)
update(nsupdate): A gc._msdcs.ry11cit.local 10.44.1.9
Calling nsupdate for A gc._msdcs.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268
Calling nsupdate for SRV _gc._tcp.ry11cit.local ry11citsdc.ry11cit.local 3268 (add) update(nsupdate): SRV _ldap._tcp.gc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 3268 Calling nsupdate for SRV _ldap._tcp.gc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 3268 (add) update(nsupdate): SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 3268 Calling nsupdate for SRV _gc._tcp.Default-First-Site-Name._sites.ry11cit.local ry11citsdc.ry11cit.local 3268 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 3268 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ry11cit.local ry11citsdc.ry11cit.local 3268 (add)
update(nsupdate): A DomainDnsZones.ry11cit.local 10.44.1.9
Calling nsupdate for A DomainDnsZones.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.DomainDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.DomainDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 (add)
update(nsupdate): A ForestDnsZones.ry11cit.local 10.44.1.9
Calling nsupdate for A ForestDnsZones.ry11cit.local 10.44.1.9 (add)
update(nsupdate): SRV _ldap._tcp.ForestDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.ForestDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 (add) update(nsupdate): SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 Calling nsupdate for SRV _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.ry11cit.local ry11citsdc.ry11cit.local 389 (add)

--

*Ing. Jiří Knotek*
programátor

*GEMA s.r.o. Automatizace technologických procesů*

Doubravice 13, Pardubice 19, 53353
Tel: +420604570127
E-mail: jiri.knotek@xxxxxxxxxx <mailto:jiri.knotek@xxxxxxxxxx>
Web:www.gemapce.cz <http://www.gemapce.cz/>


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba