[Samba] Errors transferring forestdns and domaindns FSMO roles

L.P.H. van Belle belle at bazuin.nl
Wed Dec 13 07:45:46 UTC 2017


Hai, can you post the exact error again, or is is really exact like the January link. 

drs_utils.py on debian should be these. 

/usr/lib/python2.7/dist-packages/samba/drs_utils.py
/usr/lib/python2.7/dist-packages/samba/drs_utils.pyc

And now i see whats the differrence here. 

Rowland showd in january. 
/usr/local/samba/lib/python2.7/site-packages/samba/drs_utils.py 
/usr/lib/            python2.7/dist-packages/samba/drs_utils.py

I see ...   dist-packages
And         site-packages  

Rowland can you verify this again, so we can find where in this command:
samba-tool fsmo transfer --role=domaindns  The wrong path is used. 



Greetz, 

Louis

Ps. 
@Taylor, and thanks for the nice comments..  ;-) 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Taylor Hammerling via samba
> Verzonden: dinsdag 12 december 2017 19:20
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] Errors transferring forestdns and 
> domaindns FSMO roles
> 
> Thanks Rowland, I figured it out just before you sent this 
> email thanks to
> this old mailing list entry
> 
> https://lists.samba.org/archive/samba/2017-January/206177.html
> 
> the role transfer still throws an error (just as the person 
> in the january
> entry saw) but the role got transferred.
> 
> On Tue, Dec 12, 2017 at 12:08 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
> 
> > On Tue, 12 Dec 2017 11:56:08 -0600
> > Taylor Hammerling via samba <samba at lists.samba.org> wrote:
> >
> > > I am attempting to transfer the all FSMO roles from an 
> old DC to our
> > > new DC. Both DCs are running Samba 4.7.3.  I have transferred the
> > > Schma, Infrastructure, RID, PDC and Naming roles without issue.
> > >
> > > unfortunately, the forestdns and domaindns roles are 
> giving me grief.
> > >
> > > Here is the output of the commands
> > >
> > > root at dc1:~# samba-tool fsmo transfer --role=forestdns
> > > ldb_wrap open of secrets.ldb
> > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> > > resolve_lmhosts: Attempting lmhosts lookup for name
> > > 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20>
> > > GENSEC backend 'gssapi_spnego' registered
> > > GENSEC backend 'gssapi_krb5' registered
> > > GENSEC backend 'gssapi_krb5_sasl' registered
> > > GENSEC backend 'spnego' registered
> > > GENSEC backend 'schannel' registered
> > > GENSEC backend 'naclrpc_as_system' registered
> > > GENSEC backend 'sasl-EXTERNAL' registered
> > > GENSEC backend 'ntlmssp' registered
> > > GENSEC backend 'ntlmssp_resume_ccache' registered
> > > GENSEC backend 'http_basic' registered
> > > GENSEC backend 'http_ntlm' registered
> > > GENSEC backend 'krb5' registered
> > > GENSEC backend 'fake_gssapi_krb5' registered
> > > ERROR: Failed to delete role 'forestdns': LDAP error 50
> > > LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
> > > CN=Infrastructure,DC=ForestDnsZones,DC=tcsbasys,DC=com 
> has no write
> > > property access
> > > > <>
> > >   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> > > 111, in transfer_dns_role
> > >     samdb.modify(m)
> > > root at dc1:~#
> > >
> > >
> > > root at dc1:~# samba-tool fsmo transfer --role=domaindns
> > > ldb_wrap open of secrets.ldb
> > > lpcfg_load: refreshing parameters from /etc/samba/smb.conf
> > > resolve_lmhosts: Attempting lmhosts lookup for name
> > > 7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20>
> > > GENSEC backend 'gssapi_spnego' registered
> > > GENSEC backend 'gssapi_krb5' registered
> > > GENSEC backend 'gssapi_krb5_sasl' registered
> > > GENSEC backend 'spnego' registered
> > > GENSEC backend 'schannel' registered
> > > GENSEC backend 'naclrpc_as_system' registered
> > > GENSEC backend 'sasl-EXTERNAL' registered
> > > GENSEC backend 'ntlmssp' registered
> > > GENSEC backend 'ntlmssp_resume_ccache' registered
> > > GENSEC backend 'http_basic' registered
> > > GENSEC backend 'http_ntlm' registered
> > > GENSEC backend 'krb5' registered
> > > GENSEC backend 'fake_gssapi_krb5' registered
> > > ERROR: Failed to delete role 'domaindns': LDAP error 50
> > > LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
> > > CN=Infrastructure,DC=DomainDnsZones,DC=tcsbasys,DC=com 
> has no write
> > > property access
> > > > <>
> > >   File 
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> > > 111, in transfer_dns_role
> > >     samdb.modify(m)
> > > root at dc1:~#
> > >
> > >
> > > as always, any help you can provide would be immensely 
> appreciated!
> > >
> > >
> > >
> > >
> >
> > If you run 'samba-tool fsmo transfer --help', you will find this
> > amongst the output:
> >
> >   --role=ROLE           The FSMO role to seize or transfer.
> >                         rid=RidAllocationMasterRole
> > schema=SchemaMasterRole
> >                         pdc=PdcEmulationMasterRole
> >                         naming=DomainNamingMasterRole
> >                         infrastructure=InfrastructureMasterRole
> >                         domaindns=DomainDnsZonesMasterRole
> >                         forestdns=ForestDnsZonesMasterRole  
> all=all of the
> >                         above  You must provide an Admin 
> user and password.
> >
> > Does the last line give you a hint ;-)
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> 
> 
> 
> -- 
> *Taylor Hammerling* |  *IT Manager*
> 2800 Laura Lane | Middleton, WI 53562
> *O *(608) 669-9070 *| C *(608) 512-7849
> tcsbasys.com | ubiquistat.com
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 




More information about the samba mailing list