[Samba] Errors transferring forestdns and domaindns FSMO roles
L.P.H. van Belle
belle at bazuin.nl
Wed Dec 13 07:45:46 UTC 2017
Hai, can you post the exact error again, or is is really exact like the January link.
drs_utils.py on debian should be these.
/usr/lib/python2.7/dist-packages/samba/drs_utils.py
/usr/lib/python2.7/dist-packages/samba/drs_utils.pyc
And now i see whats the differrence here.
Rowland showd in january.
/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py
/usr/lib/ python2.7/dist-packages/samba/drs_utils.py
I see ... dist-packages
And site-packages
Rowland can you verify this again, so we can find where in this command:
samba-tool fsmo transfer --role=domaindns The wrong path is used.
Greetz,
Louis
Ps.
@Taylor, and thanks for the nice comments.. ;-)
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Taylor Hammerling via samba
> Verzonden: dinsdag 12 december 2017 19:20
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Errors transferring forestdns and
> domaindns FSMO roles
>
> Thanks Rowland, I figured it out just before you sent this
> email thanks to
> this old mailing list entry
>
> https://lists.samba.org/archive/samba/2017-January/206177.html
>
> the role transfer still throws an error (just as the person
> in the january
> entry saw) but the role got transferred.
>
> On Tue, Dec 12, 2017 at 12:08 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
> > On Tue, 12 Dec 2017 11:56:08 -0600
> > Taylor Hammerling via samba <samba at lists.samba.org> wrote:
> >
> > > I am attempting to transfer the all FSMO roles from an
> old DC to our
> > > new DC. Both DCs are running Samba 4.7.3. I have transferred the
> > > Schma, Infrastructure, RID, PDC and Naming roles without issue.
> > >
> > > unfortunately, the forestdns and domaindns roles are
> giving me grief.
> > >
> > > Here is the output of the commands
> > >
> > > root at dc1:~# samba-tool fsmo transfer --role=forestdns
> > > ldb_wrap open of secrets.ldb
> > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> > > resolve_lmhosts: Attempting lmhosts lookup for name
> > > 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20>
> > > GENSEC backend 'gssapi_spnego' registered
> > > GENSEC backend 'gssapi_krb5' registered
> > > GENSEC backend 'gssapi_krb5_sasl' registered
> > > GENSEC backend 'spnego' registered
> > > GENSEC backend 'schannel' registered
> > > GENSEC backend 'naclrpc_as_system' registered
> > > GENSEC backend 'sasl-EXTERNAL' registered
> > > GENSEC backend 'ntlmssp' registered
> > > GENSEC backend 'ntlmssp_resume_ccache' registered
> > > GENSEC backend 'http_basic' registered
> > > GENSEC backend 'http_ntlm' registered
> > > GENSEC backend 'krb5' registered
> > > GENSEC backend 'fake_gssapi_krb5' registered
> > > ERROR: Failed to delete role 'forestdns': LDAP error 50
> > > LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
> > > CN=Infrastructure,DC=ForestDnsZones,DC=tcsbasys,DC=com
> has no write
> > > property access
> > > > <>
> > > File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> > > 111, in transfer_dns_role
> > > samdb.modify(m)
> > > root at dc1:~#
> > >
> > >
> > > root at dc1:~# samba-tool fsmo transfer --role=domaindns
> > > ldb_wrap open of secrets.ldb
> > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> > > resolve_lmhosts: Attempting lmhosts lookup for name
> > > 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20>
> > > GENSEC backend 'gssapi_spnego' registered
> > > GENSEC backend 'gssapi_krb5' registered
> > > GENSEC backend 'gssapi_krb5_sasl' registered
> > > GENSEC backend 'spnego' registered
> > > GENSEC backend 'schannel' registered
> > > GENSEC backend 'naclrpc_as_system' registered
> > > GENSEC backend 'sasl-EXTERNAL' registered
> > > GENSEC backend 'ntlmssp' registered
> > > GENSEC backend 'ntlmssp_resume_ccache' registered
> > > GENSEC backend 'http_basic' registered
> > > GENSEC backend 'http_ntlm' registered
> > > GENSEC backend 'krb5' registered
> > > GENSEC backend 'fake_gssapi_krb5' registered
> > > ERROR: Failed to delete role 'domaindns': LDAP error 50
> > > LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
> > > CN=Infrastructure,DC=DomainDnsZones,DC=tcsbasys,DC=com
> has no write
> > > property access
> > > > <>
> > > File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> > > 111, in transfer_dns_role
> > > samdb.modify(m)
> > > root at dc1:~#
> > >
> > >
> > > as always, any help you can provide would be immensely
> appreciated!
> > >
> > >
> > >
> > >
> >
> > If you run 'samba-tool fsmo transfer --help', you will find this
> > amongst the output:
> >
> > --role=ROLE The FSMO role to seize or transfer.
> > rid=RidAllocationMasterRole
> > schema=SchemaMasterRole
> > pdc=PdcEmulationMasterRole
> > naming=DomainNamingMasterRole
> > infrastructure=InfrastructureMasterRole
> > domaindns=DomainDnsZonesMasterRole
> > forestdns=ForestDnsZonesMasterRole
> all=all of the
> > above You must provide an Admin
> user and password.
> >
> > Does the last line give you a hint ;-)
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> *Taylor Hammerling* | *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list