Problem

DNS mismatches between Samba and OpenLDAP

Environment

You notice a mismatch between different UCS hosts depending on the DNS backend used as follows:

root@lenaedu:~# ucr get dns/backend
samba4
root@lenaedu:~# host tombstone.schulen.ucs
Host tombstone.schulen.ucs not found: 3(NXDOMAIN)

root@master:~# ucr get dns/backend
ldap
root@master:~# host tombstone.schulen.ucs
tombstone.schulen.ucs has address 192.168.99.43

Solution

Step 1

Verify UCS replication is running fine on all servers:

root@master:~# /usr/lib/nagios/plugins/check_univention_replication 
OK: replication complete (nid=378852 lid=378852)

Step 2

Make sure there are currently no rejects in s4connector (on the host where the s4 connector is running):

root@lenaedu:~# univention-s4connector-list-rejected 

UCS rejected


S4 rejected


	last synced USN: 23420

Step 3

Check if the object is thombstoned by ddns updates:

root@lenaedu:~# univention-s4search --cross-ncs "dc=tombstone"
# record 1
dn: DC=tombstone,DC=schulen.ucs,CN=MicrosoftDNS,DC=DomainDnsZones,DC=schulen,DC=ucs
objectClass: top
objectClass: dnsNode
instanceType: 4
whenCreated: 20200122100327.0Z
uSNCreated: 23412
showInAdvancedViewOnly: TRUE
name: tombstone
objectGUID: e117b3b7-214d-414d-aa12-5f881bafa231
dnsRecord:: BAABAAXwAAABAAAAAAADhAAAAAAAAAAAwKhjKw==
objectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,DC=schulen,DC=ucs
dc: tombstone
dNSTombstoned: TRUE
whenChanged: 20200122101656.0Z
uSNChanged: 23420
distinguishedName: DC=tombstone,DC=schulen.ucs,CN=MicrosoftDNS,DC=DomainDnsZon
 es,DC=schulen,DC=ucs

# returned 1 records
# 1 entries
# 0 referrals

If you see the attribute “dNSTombstoned: TRUE” remove it by using ldbedit (uses by defult the vi editor):
root@lenaedu:~# ldbedit -H /var/lib/samba/private/sam.ldb dc=tombstone --cross-ncs