demote error
Daniele Dario
d.dario76 at gmail.com
Wed Jun 27 01:49:48 MDT 2012
On Wed, 2012-06-27 at 09:38 +0200, Andreas Oster wrote:
> Am 27.06.2012 09:24, schrieb Daniele Dario:
> > On Wed, 2012-06-27 at 07:29 +0200, Andreas Oster wrote:
> >> Am 12.04.2012 16:29, schrieb Daniele Dario:
> >>> Sorry,
> >>> the problem was that I didn't submit the -U administrator statement.
> >>>
> >>> Using it all works.
> >>>
> >>> Again sorry,
> >>> Daniele.
> >>>
> >>> On Thu, 2012-04-12 at 15:44 +0200, Daniele Dario wrote:
> >>>> Hi samba team,
> >>>> I've seen in other threads that with Version 4.0.0alpha20-GIT-81d1749
> >>>> replication of DNS partitions between DCs now should be automatic so I
> >>>> decided to try to demote my secondary DC to try to join it again to the
> >>>> domain and see if replication starts also for me.
> >>>>
> >>>> Trying to run samba-tool domain demote -d 10 it fails with
> >>>>
> >>>> ...
> >>>> ../librpc/rpc/dcerpc_util.c:140: auth_pad_length 12
> >>>> drsuapi_DsReplicaSync: struct drsuapi_DsReplicaSync
> >>>> out: struct drsuapi_DsReplicaSync
> >>>> result : WERR_OK
> >>>> rpc reply data:
> >>>> [0000] 00 00 00 00 ....
> >>>> lpcfg_servicenumber: couldn't find ldb
> >>>> added interface eth0 ip=fe80::20e:cff:fe3c:b729%eth0
> >>>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> >>>> added interface eth0 ip=192.168.12.2 bcast=192.168.12.255
> >>>> netmask=255.255.255.0
> >>>> added interface eth0 ip=fe80::20e:cff:fe3c:b729%eth0
> >>>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> >>>> added interface eth0 ip=192.168.12.2 bcast=192.168.12.255
> >>>> netmask=255.255.255.0
> >>>> Changing userControl and container
> >>>> Error while demoting, re-enabling inbound replication
> >>>> ldb:acl_modify: options
> >>>> Sorting rpmd with attid exception 3 rDN=CN DN=CN=NTDS
> >>>> Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local
> >>>> ERROR(ldb): Error while changing account control - LDAP error 1
> >>>> LDAP_OPERATIONS_ERROR - <00002020: Operation unavailable without
> >>>> authentication> <>
> >>>> File
> >>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> >>>> line 288, in run
> >>>> attrs=["userAccountControl"])
> >>>>
> >>>> how can I proceed to solve the problem?
> >>>>
> >>>> Thanks in advance,
> >>>> Daniele
> >>>>
> >>>
> >>>
> >>>
> >> Hello Daniele,
> >>
> >> can you tell me if samba needs to be stopped before demoting ?
> >>
> >> Thanks
> >>
> >> Andreas
> >>
> >>
> >
> > Hello Andreas,
> > I did not stop it when I demoted the DC.
> >
> > I think that stop samba on the DC to demote would prevent replicas/syncs
> > to other DCs so the command would fail.
> >
> > Daniele.
> >
> >
> Hello Daniele,
>
> thank you for the fast reply. You are right, samba needs to be running
> for demoting.
>
> I have managed to demote the second DC but am now stuck as I am unable
> to re-join it to the domain. I aways get errors when trying to do so :-(
> I already tried to add a a new posting but the attachment (log file)
> is to big and needs to be reviewed by the moderator.
>
> best regards
>
> Andreas
>
>
>
Hi Andreas,
I've seen that after demote of "secondary" DCs, the DNS record related
to the DC is still present in the _msdcs zone (it happened to me, don't
know if it was due to me or to the fact I started with very old releases
and had to manually add the record).
Once I manually removed it using samba-tool dns delete, I was again able
to re-join the DC and I've seen that with latest git version of samba4
replication started automatically also for DNS zones.
Best regards,
Daniele.
More information about the samba-technical
mailing list