[Fwd: problems demoting samba4 DC]

Greg Dickie greg at justaguy.ca
Mon Jun 18 10:56:15 MDT 2012 

OK I've moved beyond the last problem (by completely reinitializing the
AD). Now I get another error:

 
[root at hamba4 samba-master]# /usr/local/samba/bin/samba-tool domain
demote 
Using MTL-DC1.example.local as partner server for the demotion
Password for [administrator at EXAMPLE.LOCAL]:
Desactivating inbound replication
Asking partner server MTL-DC1.example.local to synchronize from us
Changing userControl and container
Error while demoting, re-enabling inbound replication
ERROR(ldb): Error while changing account control - LDAP error 1
LDAP_OPERATIONS_ERROR -  <000004DC: LdapErr: DSID-0C0906E8, comment: In
order to perform this operation a successful bind must be completed on
the connection., data 0, v1db1> <>

I've looked at this in domain.py and the only thing I can see is that
there is no bind to the LDAP service in MTL-DC1 before searching for
UAC.

The question is, should demote work at this point or should I stop
looking at it?

Thanks,
Greg




-------- Forwarded Message --------
> From: Greg Dickie <greg at justaguy.ca>
> To: Samba list <samba-technical at lists.samba.org>
> Subject: problems demoting samba4 DC
> Date: Sun, 17 Jun 2012 15:51:19 -0400
> 
> Hi,
> 
>   Using 4.0.0beta2-GIT-6440720 and trying to demote a samba4 DC from a
> domain which was migrated from samba3.
> 
> First problem I get is:
> 
> [root at hamba4 ~]# /usr/local/samba/bin/samba-tool domain demote 
> ERROR: Current DC is still the owner of 2 role(s), use the role command
> to transfer roles to another DC
> 
> Hmmm I thought I transferred all the roles to the windows DC so put in
> some debug in domain.py
> 
> Then I get:
> 
> Still has role CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=local
> Still has role CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=local
> 
> Don't see a way to change roles on application partitions either in
> samba or Windows so I just used ldbmodify.
> 
> Now demote proceeds but I get this:
> 
> [root at hamba4 ~]# /usr/local/samba/bin/samba-tool domain demote 
> Using MTL-DC1.example.local as partner server for the demotion
> Password for [administrator at EXAMPLE.LOCAL]:
> Desactivating inbound replication
> Asking partner server MTL-DC1.example.local to synchronize from us
> Error while demoting, re-enabling inbound replication
> ERROR(<class 'samba.drs_utils.drsException'>): Error while sending a
> DsReplicaSync for partion DC=example,DC=local - drsException:
> DsReplicaSync failed (8606,
> 'WERR_DS_INSUFFICIENT_ATTR_TO_CREATE_OBJECT')
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
> line 280, in run
>     sendDsReplicaSync(drsuapiBind, drsuapi_handle, ntds_guid, str(part),
> drsuapi.DRSUAPI_DRS_WRIT_REP)
>   File
> "/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
> line 83, in sendDsReplicaSync
>     raise drsException("DsReplicaSync failed %s" % estr)
> 
> 
> Any ideas?
> 
> 
> thanks,
> Greg
> 
> 
> -- 
> Greg Dickie
> just a guy
> 514-983-5400
> 

-- 
Greg Dickie
just a guy
514-983-5400

More information about the samba-technical mailing list