samba-tool domain demote

Greg Dickie greg at justaguy.ca
Fri Sep 14 22:01:02 MDT 2012 

Debugging this a bit (nice to have lots of stuff in python so I can
easily add debug). I get this:

Desactivating inbound replication
Asking partner server HAI-MTL-DC1.haivision.local to synchronize from us
Changing userControl and container
DN is CN=HAMBA4,OU=Domain Controllers,DC=haivision,DC=local - UAC is
0x83000, old UAC is 0x1000
Error while demoting, re-enabling inbound replication
ERROR(ldb): Error while changing account control2 - LDAP error 80
LDAP_OTHER -  <00000057: SysErr: DSID-031A1202, problem 22 (Invalid
argument), data 0
> <>


So I assume it does not like the new UAC of 0x83000. Which is all the
bits for     UF_WORKSTATION_TRUST_ACCOUNT,
    UF_SERVER_TRUST_ACCOUNT,
    UF_TRUSTED_FOR_DELEGATION


But why?

Greg


On Fri, 2012-09-14 at 22:44 -0400, Greg Dickie wrote:
> OK I'm doing something very wrong then. I'm trying to demote a samba DC.
> The other server is win2008R2 and the AD was created by a classicupgrade
> from samba3.
> 
> I get this:
> 
> [root at hamba4 ~]# /usr/local/samba-beta8/bin/samba-tool domain demote
> -Uadministrator
> Using HAI-MTL-DC1.haivision.local as partner server for the demotion
> Password for [HAI\administrator]:
> Desactivating inbound replication
> Asking partner server HAI-MTL-DC1.haivision.local to synchronize from us
> Changing userControl and container
> Error while demoting, re-enabling inbound replication
> ERROR(ldb): Error while changing account control - LDAP error 80
> LDAP_OTHER -  <00000057: SysErr: DSID-031A1202, problem 22 (Invalid
> argument), data 0
> > <>
> 
> Any tips on how to debug this?
> 
> Thanks,
> Greg
> 
> 
> On Sat, 2012-08-18 at 16:47 +0200, steve wrote:
> > On 18/08/12 14:51, Andrew Bartlett wrote:
> > > On Sat, 2012-08-18 at 12:50 +0200, steve wrote:
> > >> Hi everyone
> > >>
> > >> I want to reinstall our secondary DC and start with a new install. This
> > >> is to test the new openSUSE 12.2 RC2 with Samba4.
> > >>
> > >> How about this on the secodary DC?
> > >> samba-tool domain demote -UAdministrator
> > >>
> > >> Question:
> > >> 1. Is that all?
> > >> 2. Does samba need to be running on both DC's?
> > >
> > > Yes, this is an on-line tool, to run on the DC being demoted.  Both DCs
> > > must be up and operational at the time of the demote.
> > >
> > > Andrew Bartlett
> > >
> > Hi Andrew
> > Thanks. it worked fine.
> > I think we need to stop samba on the demoted DC and stop and start it a 
> > few times on the live DC otherwise it still keeps trying to replicate:
> > 
> > Failed to connect host 192.168.1.6 
> > (d1929b53-0de5-43c6-a3d7-2686e8f7bffe._msdcs.hh3.site) on port 135 - 
> > NT_STATUS_CONNECTION_REFUSED.
> > Failed to connect host 192.168.1.6 on port 135 - 
> > NT_STATUS_CONNECTION_REFUSED
> > 
> > Otherwise fine.
> > Cheers,
> > Steve
> > 
> > 
> 

-- 
Greg Dickie
just a guy
514-983-5400

More information about the samba-technical mailing list