Additional DC to a Primary Zentyal DC

[conhen]

I have been trying to install Zentyal 4.0 alongside Zentyal 3.3. This mainly for testing purposes, and to see if it is possible to do a migration by moving roles to a second server, without (or with as little a s possible) service interruption. I choose to install as additional DC and it al looks like working. However the domain mudule won't start. There is nothing in the logs (looks like nothing is logged at all!). Is there a how-to on this scenario somewehere?

[conhen]

I have been trying to install Zentyal 4.0 alongside Zentyal 3.3. This mainly for testing purposes, and to see if it is possible to do a migration by moving roles to a second server, without (or with as little a s possible) service interruption. I choose to install as additional DC and it al looks like working. However the domain mudule won't start. There is nothing in the logs (looks like nothing is logged at all!). Is there a how-to on this scenario somewehere?

I Found this in my /var/log/zentyal/zentyal.log:

Code: [Select]

2015/02/16 17:16:48 ERROR> GlobalImpl.pm:660 EBox::GlobalImpl::saveAllModules - Failed to save changes in module samba: root command samba-tool domain join terp10.lan DC  --username='winadmin'  --work$
Error output: params.c:pm_process() - Processing configuration file "/etc/samba/shares.conf"
 GENSEC backend 'gssapi_spnego' registered
 GENSEC backend 'gssapi_krb5' registered
 GENSEC backend 'gssapi_krb5_sasl' registered
 GENSEC backend 'schannel' registered
 GENSEC backend 'spnego' registered
 GENSEC backend 'ntlmssp' registered
 GENSEC backend 'krb5' registered
 GENSEC backend 'fake_gssapi_krb5' registered
 Cannot do GSSAPI to an IP address
 Got challenge flags:
 Got NTLMSSP neg_flags=0x60898235
 NTLMSSP: Set final flags:
 Got NTLMSSP neg_flags=0x60088235
 NTLMSSP Sign/Seal - Initialising with flags:
 Got NTLMSSP neg_flags=0x60088235
 ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -  <00002071: samldb: Account name (sAMAccountName) 'Z-SERVER1$' already in use!> <>
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 555, in run
     machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1172, in join_DC
     ctx.do_join()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1075, in do_join
     ctx.join_add_objects()
   File "/usr/lib/python2.7/dist-packages/samba/join.py", line 515, in join_add_objects
     ctx.samdb.add(rec)

Command output: workgroup is TERP10
 realm is terp10.lan
 checking sAMAccountName
 Adding CN=Z-SERVER1,OU=Domain Controllers,DC=terp10,DC=lan
 Join failed - cleaning up
 checking sAMAccountName
.
Exit value: 255
What strikes me is the claim: Account name (sAMAccountName) 'Z-SERVER1$' already in use!>
Z-Server1 is the name of the PDC. The name of the ADC that generates this message is Z-Server2
The name Z-Server1 is a field in the domain settings that I cannot change. It is probably derived from the FQDN of the PDC and should therefore always point to the PDC and of course that will exist!

Anyone?

[conhen]

I already tried the method describes in the wiki for migrating a single server (https://wiki.zentyal.org/wiki/Migration_from_3.0_to_3.5/4.0_version,_Single_Domain_Controller). So bascally tar/untar the samba\private directory. But to no avail. This line seems to be be key here

Please make sure that links between /var/lib/samba/private/sam.ldb.d/*DNS* and /var/lib/samba/private/dns/sam.ldb.d/*DNS* have been preserved

But does not get explained. I can't figure out what is exactly meant in the "more information" link. Besides I thought it wuld be nice to practice a rolling migration, the only way it should be done in my opinion. And isn't Zentyal meant to be "dropped in" like that?