Samba DNS error?


#1

I have the following error

root@CCMDC01:~# samba_upgradedns --dns-backend=SAMBA_INTERNAL WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Reading domain information WARNING: No path in service IPC$ - making it unavailable! NOTE: Service IPC$ is flagged unavailable. Traceback (most recent call last): File "/usr/sbin/samba_upgradedns", line 262, in <module> paths, lp.configfile, lp) File "/usr/lib/python2.7/dist-packages/samba/provision/__init__.py", line 327, in find_provision_key_parameters dns_admins_sid = get_dnsadmins_sid(samdb, names.domaindn) File "/usr/lib/python2.7/dist-packages/samba/provision/sambadns.py", line 68, in get_dnsadmins_sid attrs=["objectSid"]) _ldb.LdbError: (32, 'No such Base DN: CN=DnsAdmins,CN=Groups,DC=ccm,DC=local')

Anyone can help? I’m tryind add a site having already two servers, one DC and one Slave


#2

Hey,

a base UCS installation creates a lot of groups required for operation of an AD domain, among them the group DnsAdmins. I’ve just verified that I do have it. Did you maybe remove the group? Rename it? Move it into another container?


#3

No, i have the group too… so i don’t know why the erros is occuring.


#4

You should check if the group exists in the Samba 4 LDAP directory, to: “univention-s4search cn=DnsAdmins”. If it doesn’t then take a look at the Samba 4 connector log files and possible rejections listed by “univention-s4connector-list-rejected”.


#5

Like i said i have the group

[code]root@CCMDC01:~# univention-s4search cn=DnsAdmins
WARNING: No path in service IPC$ - making it unavailable!
NOTE: Service IPC$ is flagged unavailable.

record 1

dn: CN=DnsAdmins,CN=Users,DC=ccm,DC=local
objectClass: top
objectClass: group
cn: DnsAdmins
description: DNS Administrators Group
instanceType: 4
whenCreated: 20121024013549.0Z
whenChanged: 20121024013549.0Z
uSNCreated: 3353
uSNChanged: 3353
name: DnsAdmins
objectGUID: 4ea566db-771b-4c89-ac25-c1cf9bd7c72a
objectSid: S-1-5-21-2042430931-3186930242-3709046569-1104
sAMAccountName: DnsAdmins
sAMAccountType: 536870912
groupType: -2147483644
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=ccm,DC=local
distinguishedName: CN=DnsAdmins,CN=Users,DC=ccm,DC=local

Referral

ref: ldap://ccm.local/CN=Configuration,DC=ccm,DC=local

Referral

ref: ldap://ccm.local/DC=DomainDnsZones,DC=ccm,DC=local

Referral

ref: ldap://ccm.local/DC=ForestDnsZones,DC=ccm,DC=local

returned 4 records

1 entries

3 referrals

[/code]


#6

Yes, you do have it, but it’s located inside the “cn=Users” container. In a UCS system groups are normally located in the “cn=Groups” container, see e.g. our production system:

[code][0 root@trinculo ~] univention-s4search cn=DnsAdmins dn

record 1

dn: CN=DnsAdmins,CN=Groups,DC=bs,DC=linet-services,DC=de
…[/code]

Groups are almost never placed in the “Users” container. Users are put there (obviously).

My guess is that you or a colleague must have moved the group sometime. Please move the DnsAdmins group back to the “Groups” container and try again.


#7

I’m missing he groups cn too…

This server was a windows migration domain… can be that the problem?


#8

Possibly, though I lack the experience to say what else might go wrong. I’d suggest you create the “group” container (of type container, not of type organizational unit!), move the DnsAdmins group there for startes and try again.

You should also consider moving other groups there, but before you do that think of all the places where you’re currently using groups which depend on the group’s DN. For example, you might have a proxy that authenticates users based on a filter (group membership) – that proxy’s configuration would have to be adjusted for the group’s new DN, too.