redundant DNS setup with bind_dlz possible ?

Daniele Dario d.dario76 at gmail.com
Fri Apr 13 06:07:19 MDT 2012 

Hi Andreas,

On Fri, 2012-04-13 at 12:34 +0200, Andreas Oster wrote:
> Am 13.04.2012 08:58, schrieb Daniele Dario:
> > Hi Andreas and Amitay,
> > 
> > On Fri, 2012-04-13 at 08:09 +0200, Andreas Oster wrote:
> >> Am 13.04.2012 03:08, schrieb Amitay Isaacs:
> >>> On Fri, Apr 13, 2012 at 3:43 AM, Andreas Oster <aoster at novanetwork.de> wrote:
> >>>>
...
> > 
> Hello Daniele,
> 
> as you might have seen in my last post I have run into the same demoting
> issue. Did you manage to demote your server in the meanwhile ?
> 
> best regards
> 
> Andreas
> 

I made a little change in
samba/lib//python2.7/site-packages/samba/netcmd/domain.py to show how
many rules are locking the demote operation (and which ones). My python
knowledge is not so deep but changes are on line 250 like:
        if len(res) != 0:
-            raise CommandError("Current DC is still the owner of %d
role(s), use the role command to transfer roles to another DC"
+           for foundRole in res:
                print foundRole.dn
            raise CommandError("Current DC is still the owner of %d
role(s), use the role command to transfer roles to another DC" %
len(res))

And it seems that secondary DC is owner of the DNS zones replication

[root at kdc02:~/samba4/samba-master]# samba-tool domain demote -U
administrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
CN=Infrastructure,DC=DomainDnsZones,DC=saitelitalia,DC=local
CN=Infrastructure,DC=ForestDnsZones,DC=saitelitalia,DC=local
ERROR: Current DC is still the owner of 2 role(s), use the role command
to transfer roles to another DC

If instead of print foundRole.dn you use just foundRole it shows a very
long message where you can find more things like

'fSMORoleOwner': MessageElement(['CN=NTDS
Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local'])

At this point I think there is something wrong because samba-tool fsmo
show doesn't show at all these two roles.

Maybe we can just try to delete them using ldbdel ...?

Daniele.

More information about the samba-technical mailing list