[Samba] Need another workaround for FSMO transfer problem

Thu Jun 11 05:56:00 MDT 2015

On 06/11/2015 07:10 AM, Rowland Penny wrote:
> On 11/06/15 11:51, John Lewis wrote:
>> On 06/11/2015 04:33 AM, Rowland Penny wrote:
>>> On 11/06/15 00:20, John Lewis wrote:
>>>> On 05/28/2015 04:18 AM, Rowland Penny wrote:
>>>>> On 28/05/15 01:33, John Lewis wrote:
>>>>>> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>>>>>>> On 26/05/15 03:05, John Lewis wrote:
>>>>>>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I ran into that while trying to rebuild my LXC's as Debian 8. The
>>>>>>>> proposed work arrounds assume you have access to a Windows Domain
>>>>>>>> controller in your domain, and I don't. Is there anything else I
>>>>>>>> can do
>>>>>>>> to get all 7 Roles moved to my other domain controller so I can
>>>>>>>> rebuild it?
>>>>>>> Funny you should say that, I have a patch pending to show all 7
>>>>>>> modes
>>>>>>> and to seize them, I am also working on the transfer, but this
>>>>>>> seems
>>>>>>> to be a lot more complex and is proving troublesome.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>> Can you link me to your patches so that I may rebuild my samba
>>>>>> packages
>>>>>> with them applied or learn what the seizing process is so I can
>>>>>> complete
>>>>>> it by editing the ldap tree with ldbedit? Perhaps I should check the
>>>>>> development mailing list.
>>>>> Yes, it is on the technical list, starting here:
>>>>> https://lists.samba.org/archive/samba-technical/2015-May/107448.html
>>>>>
>>>>> The patch has morphed into just showing & siezing the 7 roles,
>>>>> transferring the two dns roles is much more complex than what I
>>>>> originally thought. The problem is that Microsoft (in their wisdom)
>>>>> provides a mechanism to transfer the 5 roles that everybody knows
>>>>> about, but not for the two dns roles. You need to delete the role on
>>>>> the DC that holds it, then recreate it, but this time pointing at the
>>>>> new role owner, this all needs to be done from the new role owner,
>>>>> you
>>>>> then need to kickstart replication of the role. I have got everything
>>>>> working apart from the replication (I think)
>>>>>
>>>>> Rowland
>>>>>
>>>> I don't know if this has got too advanced for the user list, but I
>>>> tried
>>>> applying your patch to the source package in Debian and here is my
>>>> result.
>>>>
>>>>> john at thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$
>>>>>
>>>>>
>>>>> quilt push fsmo.patch
>>>>> Applying patch ../patches/05_share_ldb_module
>>>>> can't find file to patch at input line 4
>>>>> Perhaps you used the wrong -p or --strip option?
>>>>> The text leading up to this was:
>>>>> --------------------------
>>>>> |=== modified file 'source4/param/wscript_build'
>>>>> |--- a/source4/param/wscript_build
>>>>> |+++ b/source4/param/wscript_build
>>>>> --------------------------
>>>>> No file to patch.  Skipping patch.
>>>>> 2 out of 2 hunks ignored
>>>>> Patch ../patches/05_share_ldb_module does not apply (enforce with -f)
>>>> I would like to get this built in so I can migrate my Domain
>>>> Controller
>>>> so I can finally finish my OS upgrade s so I can work on my front end
>>>> stuff.
>>>>
>>>>
>>> The patch has changed quite a lot and is supposed to apply to
>>> samba-master from samba git.
>>> If it would help, I could probably send you a fully patched fsmo.py to
>>> test.
>>>
>>> Rowland
>> I think it would help. I would probably talk to a package maintainer
>> about adding an out of of tree patch or building a new package from git
>> source.
>
> Ah, no, it either goes into samba or it goes nowhere, if you are
> prepared to use it to just get you out of your problem, I will supply
> you with a copy. You must not pass it to any package maintainer.
> I will give samba-technical a prod, the latest version is deemed
> usable by Jelmer, it just needs another dev to OK it and push it.
>
> Rowland
>
I have no plans on passing it to a package maintainer . I just need a
local version so I can get rid of my old Domain Controller and make a
new Domain Controller without losing my whole domain because of a stuck
FSMO role.

I would only need a maintainer to advise me on what way is the best way
to approach it.