Folks, Greetings from Brazil. We are trying to migrate our Microsoft AD to Samba4 AD structure, but we are having some problems with internal DNS. We joined a samba4 server at our M$ w2k3 domain using internal dns. The JOIN process was 100% successful. All objects were replicated and the replication process is ok. LDAP connections ans searches are ok too. The problem is in how to manager the DNS records. When we try to run "samba-tool dns" commands, pointing to samba server, we are getting the "ERROR(runtime): uncaught exception - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE')" message. When we try to connect samba DNS using Microsoft DNS tools, it doesn't connect. The Internal DNS do not accept any samba-tool dns command. So, how can I fix this problem? Thanks a lot, Evandro
This is a problem with the DNSSERVER RPC service, not with the internal DNS. Assigning to Amitay.
Ok. This is a problem with the DNSSERVER RPC service, and how can I do to fix it?
What is the exact samba-tool dns subcommand you are using? Without knowing which command is failing it's difficult to fix anything. Since you have mentioned you are using Windows 2003, you might want to try the samba-tool dns command with --client-version=dotnet and see if that helps.
Amitay, good morning! What is the exact samba-tool dns subcommand I'm using? - samba-tool dns serverinfo <sambaserver> Thanks, Evandro
Ah, looks like dnsserver RPC service is not running. What's the value of the configuration parameter "dcerpc endpoint servers" in smb.conf? Does it include dnsserver? Also, what version of Samba are you using?
closing, no feedback, also looks like a configuration issue.
I can provide more info, current samba version 4.22.2 debian I cannot understand if dcerpc is working properly or not the command samba-tool dns serverinfo works for windows servers but not for the current active samba server (configured as AD DC) Load smb config files from /etc/samba/smb.conf Loaded services file OK. Weak crypto is allowed by GnuTLS (e.g. NTLM as a compatibility fallback) Server role: ROLE_ACTIVE_DIRECTORY_DC Press enter to see a dump of your service definitions # Global parameters [global] dns forwarder = 192.168.101.11 passdb backend = samba_dsdb realm = ACLONIGO.LOCAL server role = active directory domain controller workgroup = ACLONIGO rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external winbindd:use external pipes = true idmap config * : backend = tdb map archive = No vfs objects = dfs_samba4 acl_xattr [sysvol] path = /var/lib/samba/sysvol read only = No
you also come from w2k3 like the original reporter? Because migration from w2k3 is a problem on its own and not supported without manual interaction because of a historically different DNS structure there. Apart from that joining Samba DC to a Windows DC based setup directly isn't recommended/supported directly either. If you are not coming from w2k3, then you see a different problem there.
I come from PS C:\Windows\system32> cmd /c ver Microsoft Windows [Versione 6.0.6003] and the server is till running and FSMO To join the domain I had to follow https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting and eventually I have a DNS (internal) that answers queries BUT apparently does not answer to dcerps I cannot understand why it is not answering dcerpc
# samba-tool dns serverinfo vdce provide the password and the reply is ERROR(runtime): Could not contact RPC server [WERR_DNS_ERROR_DS_UNAVAILABLE] - (9717, 'WERR_DNS_ERROR_DS_UNAVAILABLE') File "/usr/lib/python3/dist-packages/samba/netcmd/dns.py", line 119, in f return attr(*args) but # nslookup contoso.local Server: 192.168.101.40 Address: 192.168.101.40#53 Name: contoso.local Address: 192.168.101.40 (I have replaced the name of the domain with contoso)
(In reply to Damiano from comment #9) so you are facing a different bug and as mentioned above, joining a AD of other Windows DCs isn't recommended/supported currently - but this is what you do. Please don't "hijack" this old bug report for support on this problem. Please consult the samba mailing list for free support or consult one of the companies offereing commercial samba support eventually.
no where did you guess I am facing a "different problem" ? I did consult the mailing list and this thread is the one that matches the current join is replicating the DNS and providing replies but the "manager rpc" is not active and I cannot guess what is the flag to make it active Any hints ?
(In reply to Damiano from comment #13) By 'consult', I am fairly certain that Bjorn meant post a question to the samba mailing list, not do an internet search. Without knowing just how you joined etc, it is hard to comment, just about all I can say is, you appear to have used the wrong testparm, as it is a DC, you should have used 'samba-tool testparm'.