UCS 4.1.4: DNS system does not update the client's IP address and PTR record

dns

#1

Hi All,
There’s something wrong with DNS system. There is only a few PTR record in the Reverse Lookup Zone although there are a lot of A records of the clients in the system. How can I solve this?


#2

Hi @nasexp,

could you plase run univention-app info and paste the output here so we know what components of UCS you are using? Depending on if you use Samba as Active Directory compatible domain controller or not, UCS uses a different backend for the nameserver daemon (run ucr get dns/backend to check).
Are your clients only Windows clients or also other operating systems?


#3

Hi Grandjean,
Below is the output of command “univention-app info”:

UCS: 4.1-4 errata439
App Center compatibility: 4
Installed: adconnector=10.0 cups=1.5.3 dhcp-server=10.0.1 samba4=4.5
Upgradable:

At this time, all clients are Windows clients, there’s no Linux or MacOS clients.


#4

Anyone can help? The IP address of clients are shown in the domain but only a few or nothing (except slave DC) exist in the Reverse lookup DNS as below screenshots:


#5

Can anyone help me? I’ve tried to execute some command in console to check but there is no errors in log files


#6

Please post the output of ucr get dns/backend and univention-s4connector-list-rejected


#7

Hi Moritz,
Below is the output:

root@dc1:~# ucr get dns/backend
samba4
root@dc1:~# univention-s4connector-list-rejected

UCS rejected

1:   UCS DN: cn=CNMB.HN,ou=CNMN.HC,ou=CNMB,ou=MyOU,dc=mydomain,dc=xxx
      S4 DN: <not found>
     Filename: /var/lib/univention-connector/s4/1499406290.050326

S4 rejected

    last synced USN: 54435

root@dc1:~#


#8

That looks normal.

Can you please search through the /var/log/syslog file for entries from named, especially regarding samba_dlz? Look for anything that mentions PTR, and anything that looks like an error.

When in doubt post large chunks of those named messages here and let me take a look at them.


#9

You are right, Moritz
Below is some lines of the syslog data which related to “named” service as your request:

Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 06:47:40 dc-1 named[3510]: client 10.20.1.172#54101: update 'mydomain.xxx/IN' denied
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: cancelling transaction on zone mydomain.xxx
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.50-22426eb6.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.50-22426eb6.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.50-22426eb6.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 06:47:40 dc-1 named[3510]: client 10.20.1.172#55210: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 06:47:40 dc-1 named[3510]: client 10.20.1.172#55210: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: subtracted rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 06:47:40 dc-1 named[3510]: client 10.20.1.172#55210: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 06:47:40 dc-1 named[3510]: samba_dlz: committed transaction on zone mydomain.xxx
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 06:49:48 dc-1 named[3510]: client 10.20.1.172#54258: update 'mydomain.xxx/IN' denied
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: cancelling transaction on zone mydomain.xxx
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.50-22426eb6.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.50-22426eb6.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.50-22426eb6.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 06:49:48 dc-1 named[3510]: client 10.20.1.172#52240: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 06:49:48 dc-1 named[3510]: client 10.20.1.172#52240: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: subtracted rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 06:49:48 dc-1 named[3510]: client 10.20.1.172#52240: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 06:49:48 dc-1 named[3510]: samba_dlz: committed transaction on zone mydomain.xxx
Jul 27 06:50:02 dc-1 /USR/SBIN/CRON[10081]: (root) CMD (/usr/sbin/jitter 60 /usr/share/univention-samba4/scripts/sysvol-sync.sh >>/var/log/univention/sysvol-sync.log 2>&1)
Jul 27 06:50:02 dc-1 /USR/SBIN/CRON[10082]: (root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ] && [ -d "$(grep '^[[:space:]]*[^#]*[[:space:]]*WorkDir' /etc/mrtg.cfg | awk '{ print $NF }')" ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi)
Jul 27 06:50:02 dc-1 /USR/SBIN/CRON[10092]: (root) CMD (  if [ -x /usr/sbin/univention-umount-homedirs ]; then /usr/sbin/univention-umount-homedirs; fi)
Jul 27 07:47:38 dc-1 dhcpd: Not configured to listen on any interfaces!
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 07:47:42 dc-1 named[3510]: client 10.20.1.172#56625: update 'mydomain.xxx/IN' denied
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: cancelling transaction on zone mydomain.xxx
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:42 dc-1 named[3510]: client 10.20.1.172#60445: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 07:47:42 dc-1 named[3510]: client 10.20.1.172#60445: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: subtracted rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 07:47:42 dc-1 named[3510]: client 10.20.1.172#60445: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 07:47:42 dc-1 named[3510]: samba_dlz: committed transaction on zone mydomain.xxx
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 07:47:46 dc-1 named[3510]: client 10.20.1.172#49630: update 'mydomain.xxx/IN' denied
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: cancelling transaction on zone mydomain.xxx
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:46 dc-1 named[3510]: client 10.20.1.172#60918: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 07:47:46 dc-1 named[3510]: client 10.20.1.172#60918: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: subtracted rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 07:47:46 dc-1 named[3510]: client 10.20.1.172#60918: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011AAAA#011fec0::8d2c:3b33:7b42:bd56'
Jul 27 07:47:46 dc-1 named[3510]: client 10.20.1.172#60918: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: subtracted rdataset mydomain.xxx 'mydomain.xxx.#01110800#011IN#011SOA#011dc-1.mydomain.xxx. root.mydomain.xxx. 2507 28800 7200 604800 3600'
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: added rdataset mydomain.xxx 'mydomain.xxx.#01110800#011IN#011SOA#011dc-1.mydomain.xxx. root.mydomain.xxx. 2508 28800 7200 604800 3600'
Jul 27 07:47:46 dc-1 named[3510]: samba_dlz: committed transaction on zone mydomain.xxx
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 07:47:49 dc-1 named[3510]: client 10.20.1.172#63515: update 'mydomain.xxx/IN' denied
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: cancelling transaction on zone mydomain.xxx
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: starting transaction on zone mydomain.xxx
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=AAAA key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: allowing update of signer=HDQ-TTBSP03L\$\@mydomain.xxx name=HDQ-TTBSP03L.mydomain.xxx tcpaddr= type=A key=1216-ms-7.51-22796573.9ea7728d-6d22-11e7-1fa9-5800e30b6b8b/160/0
Jul 27 07:47:49 dc-1 named[3510]: client 10.20.1.172#54464: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: subtracted rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011AAAA#011fec0::8d2c:3b33:7b42:bd56'
Jul 27 07:47:49 dc-1 named[3510]: client 10.20.1.172#54464: updating zone 'mydomain.xxx/NONE': deleting rrset at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: subtracted rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 07:47:49 dc-1 named[3510]: client 10.20.1.172#54464: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' AAAA
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011AAAA#011fec0::8d2c:3b33:7b42:bd56'
Jul 27 07:47:49 dc-1 named[3510]: client 10.20.1.172#54464: updating zone 'mydomain.xxx/NONE': adding an RR at 'HDQ-TTBSP03L.mydomain.xxx' A
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: added rdataset HDQ-TTBSP03L.mydomain.xxx 'HDQ-TTBSP03L.mydomain.xxx.#0111200#011IN#011A#01110.20.1.172'
Jul 27 07:47:49 dc-1 named[3510]: samba_dlz: committed transaction on zone mydomain.xxx

There is somthing wrong with the system which it deny the update to DNS database.


#10

No, those messages look OK to me, even though there are messages of denied updates. However, the important thing is that the signed updates to work (e.g. starting at 06:49:48 with samba_dlz: starting transaction on zone mydomain.xxx and samba_dlz: allowing update of signer=… up to the following samba_dlz: committed transaction on zone mydomain.xxx).

What I don’t see are any messages about PTR records.

Can you please do the following:

  1. Visit the Univention Directory Management console,
  2. Navigate to the machine account of one of your currently running Windows clients and edit that entry,
  3. In the section “DNS FOrward and Reverse Lookup Zone” add an entry for “DNS reverse zone” (I’m betting there are currently no entries) and save the entry,
  4. Wait and watch the syslog until the client updates its records again and see if it tries to update the PTR that time.

#11

Hi Moritz,
Sorry for my late respond. I did as you told exactly but the same log as the above. It has been over 20 mins and there is nothing which related to update the PTR. I’ve also checked setting of computer which having PTR record. It has the value in “DNS reverse zone” as your guess. Maybe this issue relate to turn on/off DHCP Service (I use UCS as DHCP Server before). I will try to make UCS as the DHCP server (again) for the local network to check if there is any changes and let you know later. Appreciate for your help


#12

Just a thought. Can you please execute the following command on your UCS DC Master and verify that it doesn’t output anything?

find /var/lib/univention-connector -type f -size 0


#13

Yes, there’s no output.


#14

OK, that was just to make sure that you’re not hitting a certain bug in the Samba connector. No output is good output :smile:

I don’t know exactly how Windows decides which server to contact for the updates. In our domain the DHCP server is just a UCS member server, not the DC master, but the PTR our Windows clients send are handled by the DC master (which is our sole Active Directory domain controller). Therefore I doubt changing the DHCP server will achieve much — but you can give it a try, of course.


#15

Hi @Moritz_Bunkus
UCS is DHCP server but this issue has not been solved, pls help me solve this. Tks


#16

Below is the current value of a computer:


#17

Hey,

does the machine you’re showing the screenshot of have an A or AAAA record in DNS?

What’s the output of univention-ldapsearch '(&(objectClass=univentionWindows)(cn=NameOfTheComputer)) ' (replace NameOfTheComputer with the machine’s name, obviously)?

What’s the output of univention-s4search -b CN=MicrosoftDNS,CN=System,$(ucr get samba4/ldap/base) -s one dn?

mosu


#18

Hi @Moritz_Bunkus

  1. Q: does the machine you’re showing the screenshot of have an A or AAAA record in DNS? A: Yes, almost members have Host Record in DNS, not all, but almost
  2. Q: What’s the output of univention-ldapsearch '(&(objectClass=univentionWindows)(cn=NameOfTheComputer)) ’ (replace NameOfTheComputer with the machine’s name, obviously)?
    A: below is the output
root@ucs-1:~# univention-ldapsearch '(&(objectClass=univentionWindows)(cn=YYY-HANGDI01))'
# extended LDIF
#
# LDAPv3
# base <dc=mycompany,dc=xxx> (default) with scope subtree
# filter: (&(objectClass=univentionWindows)(cn=YYY-HANGDI01))
# requesting: ALL
#

# YYY-HANGDI01, STAFF, MAYTINH, MYCOMPANY, mycompany.xxx
dn: cn=YYY-HANGDI01,ou=STAFF,ou=MAYTINH,ou=MYCOMPANY,dc=mycompany,dc=xxx
univentionServerRole: windows_client
displayName: YYY-HANGDI01
krb5PrincipalName: host/YYY-HANGDI01.mycompany.xxx@mycompany.xxx
objectClass: krb5KDCEntry
objectClass: top
objectClass: univentionHost
objectClass: univentionObject
objectClass: sambaSamAccount
objectClass: person
objectClass: shadowAccount
objectClass: univentionWindows
objectClass: krb5Principal
objectClass: posixAccount
loginShell: /bin/false
univentionObjectType: computers/windows
uidNumber: 2302
krb5KDCFlags: 126
sambaAcctFlags: [W          ]
krb5MaxRenew: 604800
sn: YYY-HANGDI01
homeDirectory: /dev/null
sambaSID: S-1-5-21-4207580657-3862206303-1239993745-2139
krb5MaxLife: 86400
uid: YYY-HANGDI01$
gidNumber: 1005
sambaPrimaryGroupSID: S-1-5-21-4207580657-3862206303-1239993745-11011
univentionOperatingSystem: Windows 10 Pro
cn: YYY-HANGDI01
univentionOperatingSystemVersion: 10.0 (16299)
sambaNTPassword: C1B06C03F621DF2D485756EDB887F9D8
krb5Key:: MB2hGzAZoAMCARehEgQQwbBsA/Yh3y1IV1btuIf52A==
krb5Key:: MF2hKzApoAMCARKhIgQgGp4U2m1XicWIVfDOwNHeVB5+S90Gk/eVBekJvZZaH9eiLjAs
 oAMCAQOhJQQjTkFTQ08uTE9HaG9zdGhhbi1oYW5nZGkwMS5uYXNjby5sb2c=
krb5Key:: ME2hGzAZoAMCARGhEgQQF2HM1eE9rLUgAGzJYRvPUaIuMCygAwIBA6ElBCNOQVNDTy5M
 T0dob3N0aGFuLWhhbmdkaTAxLm5hc2NvLmxvZw==
krb5Key:: MEWhEzARoAMCAQOhCgQIZAie2ozNUVuiLjAsoAMCAQOhJQQjTkFTQ08uTE9HaG9zdGhh
 bi1oYW5nZGkwMS5uYXNjby5sb2c=
krb5Key:: MEWhEzARoAMCAQGhCgQIZAie2ozNUVuiLjAsoAMCAQOhJQQjTkFTQ08uTE9HaG9zdGhh
 bi1oYW5nZGkwMS5uYXNjby5sb2c=
krb5KeyVersionNumber: 4
shadowLastChange: 17549
sambaPwdLastSet: 1516252642

# search result
search: 3
result: 0 Success

# numResponses: 2
# numEntries: 1
root@ucs-1:~#

  1. Q: What’s the output of univention-s4search -b CN=MicrosoftDNS,CN=System,$(ucr get samba4/ldap/base) -s one dn?
    A: below is the output
root@ucs-1:~# univention-s4search -b CN=MicrosoftDNS,CN=System,$(ucr get samba4/ldap/base) -s one dn
# record 1
dn: DC=ucs-1DNSServers,CN=MicrosoftDNS,CN=System,DC=mycompany,DC=xxx

# returned 1 records
# 1 entries
# 0 referrals
root@ucs-1:~#


#19

Thanks for the information. Unfortunately the commands I pasted weren’t exactly what I actually wanted. Here are some more questions & commands:

  1. Output of: univention-s4search --cross-ncs -b CN=MicrosoftDNS,DC=DomainDnsZones,$(ucr get samba4/ldap/base) -s one dn
  2. Output of: univention-s4search --cross-ncs -b CN=MicrosoftDNS,DC=DomainDnsZones,$(ucr get samba4/ldap/base) -s one dn
  3. How was the UCS system first implemented? As a new UCS domain, or maybe as a takeover of a former Windows-
    or Samba-based ActiveDirectory domain?

Thanks.

mosu


#20

Hi @Moritz_Bunkus
Below is my answer:

  1. Question 1 and 2 is the same command
  2. Output of: univention-s4search --cross-ncs -b CN=MicrosoftDNS,DC=DomainDnsZones,$(ucr get samba4/ldap/base) -s one dn
root@ucs-1:~# univention-s4search --cross-ncs -b CN=MicrosoftDNS,DC=DomainDnsZones,$(ucr get samba4/ldap/base) -s one dn
# record 1
dn: DC=RootDNSServers,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mycompany,DC=xxx

# record 2
dn: DC=mycompany.xxx,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mycompany,DC=xxx

# record 3
dn: DC=1.20.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mycompany,DC=xxx

# record 4
dn: DC=3.20.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mycompany,DC=xxx

# record 5
dn: DC=1.30.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mycompany,DC=xxx

# record 6
dn: DC=1.40.10.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=mycompany,DC=xxx

# returned 6 records
# 6 entries
# 0 referrals
root@ucs-1:~#

3.How was the UCS system first implemented?
A: This current UCS system is new deployment from the beginning, not the AD Takeover