demote error

Daniele Dario d.dario76 at gmail.com
Wed Jun 27 01:49:48 MDT 2012


On Wed, 2012-06-27 at 09:38 +0200, Andreas Oster wrote:
> Am 27.06.2012 09:24, schrieb Daniele Dario:
> > On Wed, 2012-06-27 at 07:29 +0200, Andreas Oster wrote:
> >> Am 12.04.2012 16:29, schrieb Daniele Dario:
> >>> Sorry,
> >>> the problem was that I didn't submit the -U administrator statement.
> >>>
> >>> Using it all works.
> >>>
> >>> Again sorry,
> >>> Daniele.
> >>>
> >>> On Thu, 2012-04-12 at 15:44 +0200, Daniele Dario wrote:
> >>>> Hi samba team,
> >>>> I've seen in other threads that with Version 4.0.0alpha20-GIT-81d1749
> >>>> replication of DNS partitions between DCs now should be automatic so I
> >>>> decided to try to demote my secondary DC to try to join it again to the
> >>>> domain and see if replication starts also for me.
> >>>>
> >>>> Trying to run samba-tool domain demote -d 10 it fails with
> >>>>
> >>>> ...
> >>>> ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 12
> >>>>      drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> >>>>         out: struct drsuapi_DsReplicaSync
> >>>>             result                   : WERR_OK
> >>>> rpc reply data:
> >>>> [0000] 00 00 00 00                                       .... 
> >>>> lpcfg_servicenumber: couldn't find ldb
> >>>> added interface eth0 ip=fe80::20e:cff:fe3c:b729%eth0
> >>>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> >>>> added interface eth0 ip=192.168.12.2 bcast=192.168.12.255
> >>>> netmask=255.255.255.0
> >>>> added interface eth0 ip=fe80::20e:cff:fe3c:b729%eth0
> >>>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> >>>> added interface eth0 ip=192.168.12.2 bcast=192.168.12.255
> >>>> netmask=255.255.255.0
> >>>> Changing userControl and container
> >>>> Error while demoting, re-enabling inbound replication
> >>>> ldb:acl_modify: options
> >>>> Sorting rpmd with attid exception 3 rDN=CN DN=CN=NTDS
> >>>> Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
> >>>> ERROR(ldb): Error while changing account control - LDAP error 1
> >>>> LDAP_OPERATIONS_ERROR -  <00002020: Operation unavailable without
> >>>> authentication> <>
> >>>>   File
> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> >>>> line 288, in run
> >>>>     attrs=["userAccountControl"])
> >>>>
> >>>> how can I proceed to solve the problem?
> >>>>
> >>>> Thanks in advance,
> >>>> Daniele
> >>>>
> >>>
> >>>
> >>>
> >> Hello Daniele,
> >>
> >> can you tell me if samba needs to be stopped before demoting ?
> >>
> >> Thanks
> >>
> >> Andreas
> >>
> >>
> > 
> > Hello Andreas,
> > I did not stop it when I demoted the DC.
> > 
> > I think that stop samba on the DC to demote would prevent replicas/syncs
> > to other DCs so the command would fail.
> > 
> > Daniele.
> > 
> > 
> Hello Daniele,
> 
> thank you for the fast reply. You are right, samba needs to be running
> for demoting.
> 
> I have managed to demote the second DC but am now stuck as I am unable
> to re-join it to the domain. I aways get errors when trying to do so :-(
> I already tried to add a a new posting but the attachment (log file)
> is to big and needs to be reviewed by the moderator.
> 
> best regards
> 
> Andreas
> 
> 
> 

Hi Andreas,
I've seen that after demote of "secondary" DCs, the DNS record related
to the DC is still present in the _msdcs zone (it happened to me, don't
know if it was due to me or to the fact I started with very old releases
and had to manually add the record).

Once I manually removed it using samba-tool dns delete, I was again able
to re-join the DC and I've seen that with latest git version of samba4
replication started automatically also for DNS zones.

Best regards,
Daniele.



More information about the samba-technical mailing list