[PATCH] make samba-tool aware of all 7 fsmo roles
Rowland Penny
repenny241155 at gmail.com
Sat May 23 04:13:30 MDT 2015
On 22/05/15 11:45, Stefan (metze) Metzmacher wrote:
> Hi Rowland,
>
>> I will prepare a patch without the transfer part.
> Thanks!
>
>> but I would like to point out that I have now found this:
>>
>> http://blogs.msmvps.com/ulfbsimonweidner/2008/07/31/how-many-infrastructure-masters-do-you-have/
>>
>>
>> Which seems to say that the two dns zones in question are not critical.
> Yes, and Samba ignores most of the roles anyway.
>
>> I have also found this:
>>
>> https://support.microsoft.com/en-us/kb/949257
>>
>> The script it provides seems to work in the same way that I proposed.
> Yes, it basically does seize_role(..., force=true)
>
> And I guess that would match your patch without having the transfer
> implemented.
>
> But if we implement the transfer command we should try to do better
> and avoid having two owners for a short time.
>
> metze
>
Hi Stefan, I have attempted what you described (have attached a copy),
but I keep getting this:
ERROR: Failed to initiate transfer of 'forestdns' role: rootdse_modify:
unknown attribute to change!
I have tried several things but keep getting the same result, I did a
search on 'rootdse_modify' and came up with this:
https://msdn.microsoft.com/en-us/library/cc223297.aspx
I 'think' it means that I am back to where I started, there is no
'becomeForestDnsZoneMaster' attribute.
Rowland
-------------- next part --------------
elif role == "forestdns":
forest_dn = "DC=" + samdb.forest_dns_name().replace(".", ",DC=")
role_object = "CN=Infrastructure,DC=ForestDnsZones," + forest_dn
try:
res = samdb.search(role_object, attrs=["fSMORoleOwner"],
scope=ldb.SCOPE_BASE, controls=["extended_dn:1:1"])
if 'fSMORoleOwner' in res[0]:
try:
master_guid = str(misc.GUID(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0]).get_extended_component('GUID')))
master_owner = str(ldb.Dn(samdb, res[0]['fSMORoleOwner'][0]))
except LdbError, (num, msg):
raise CommandError("Can't find GUID in naming master on partition DN %s" % res[0]['fSMORoleOwner'][0])
return
except LdbError, (num, msg):
raise CommandError("Forest DNS partion %s not found : %s" % (role, msg))
return
master_dns_name = '%s._msdcs.%s' % (master_guid, samdb.forest_dns_name())
#new_dns_name = '%s._msdcs.%s' % (samdb.get_ntds_GUID(), samdb.forest_dns_name())
new_owner = samdb.get_dsServiceName()
if master_owner != new_owner:
def run(self, H=None, role=None,
credopts=None, sambaopts=None, versionopts=None):
lp = sambaopts.get_loadparm()
creds = credopts.get_credentials(lp, fallback_machine=True)
samdb = SamDB(url="ldap://%s" % master_dns_name, session_info=system_session(),
credentials=creds, lp=lp)
# NOTE: this was tried with 'master_dns_name' & 'new_dns_name', same result
m.dn = ldb.Dn(samdb, role_object)
m["fSMORoleOwner"]= ldb.MessageElement(
"%s" % master_owner, ldb.FLAG_MOD_DEL,
"fSMORoleOwner")
m["fSMORoleOwner"]= ldb.MessageElement(
"%s" % new_owner, ldb.FLAG_MOD_ADD,
"fSMORoleOwner")
else:
print "This computer already is the ForestDnsZoneMaster."
else:
raise CommandError("Invalid FSMO role.")
try:
samdb.modify(m)
if role == "forestdns":
try:
drs_utils.drsuapi_connect(samdb.host_dns_name(), lp, creds)
drs_utils.sendDsReplicaSync(drsuapi_connection, drsuapi_handle, master_guid, NC=role_object, req_options=drsuapi.DRSUAPI_DRS_WRIT_REP)
except:
print "replication error"
except LdbError, (num, msg):
raise CommandError("Failed to initiate transfer of '%s' role: %s" % (role, msg))
outf.write("FSMO transfer of '%s' role successful\n" % role)
###################################################################################
ERROR: Failed to initiate transfer of 'forestdns' role: rootdse_modify: unknown attribute to change!
More information about the samba-technical
mailing list