demote error

Andreas Oster aoster at novanetwork.de
Wed Jun 27 01:38:00 MDT 2012 

Am 27.06.2012 09:24, schrieb Daniele Dario:
> On Wed, 2012-06-27 at 07:29 +0200, Andreas Oster wrote:
>> Am 12.04.2012 16:29, schrieb Daniele Dario:
>>> Sorry,
>>> the problem was that I didn't submit the -U administrator statement.
>>>
>>> Using it all works.
>>>
>>> Again sorry,
>>> Daniele.
>>>
>>> On Thu, 2012-04-12 at 15:44 +0200, Daniele Dario wrote:
>>>> Hi samba team,
>>>> I've seen in other threads that with Version 4.0.0alpha20-GIT-81d1749
>>>> replication of DNS partitions between DCs now should be automatic so I
>>>> decided to try to demote my secondary DC to try to join it again to the
>>>> domain and see if replication starts also for me.
>>>>
>>>> Trying to run samba-tool domain demote -d 10 it fails with
>>>>
>>>> ...
>>>> ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 12
>>>>      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
>>>>         out: struct drsuapi_DsReplicaSync
>>>>             result                   : WERR_OK
>>>> rpc reply data:
>>>> [0000] 00 00 00 00                                       .... 
>>>> lpcfg_servicenumber: couldn't find ldb
>>>> added interface eth0 ip=fe80::20e:cff:fe3c:b729%eth0
>>>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>>> added interface eth0 ip=192.168.12.2 bcast=192.168.12.255
>>>> netmask=255.255.255.0
>>>> added interface eth0 ip=fe80::20e:cff:fe3c:b729%eth0
>>>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>>> added interface eth0 ip=192.168.12.2 bcast=192.168.12.255
>>>> netmask=255.255.255.0
>>>> Changing userControl and container
>>>> Error while demoting, re-enabling inbound replication
>>>> ldb:acl_modify: options
>>>> Sorting rpmd with attid exception 3 rDN=CN DN=CN=NTDS
>>>> Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
>>>> ERROR(ldb): Error while changing account control - LDAP error 1
>>>> LDAP_OPERATIONS_ERROR -  <00002020: Operation unavailable without
>>>> authentication> <>
>>>>   File
>>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
>>>> line 288, in run
>>>>     attrs=["userAccountControl"])
>>>>
>>>> how can I proceed to solve the problem?
>>>>
>>>> Thanks in advance,
>>>> Daniele
>>>>
>>>
>>>
>>>
>> Hello Daniele,
>>
>> can you tell me if samba needs to be stopped before demoting ?
>>
>> Thanks
>>
>> Andreas
>>
>>
> 
> Hello Andreas,
> I did not stop it when I demoted the DC.
> 
> I think that stop samba on the DC to demote would prevent replicas/syncs
> to other DCs so the command would fail.
> 
> Daniele.
> 
> 
Hello Daniele,

thank you for the fast reply. You are right, samba needs to be running
for demoting.

I have managed to demote the second DC but am now stuck as I am unable
to re-join it to the domain. I aways get errors when trying to do so :-(
I already tried to add a a new posting but the attachment (log file)
is to big and needs to be reviewed by the moderator.

best regards

Andreas

More information about the samba-technical mailing list