[PATCH] make samba-tool aware of all 7 fsmo roles
Rowland Penny
repenny241155 at gmail.com
Tue May 26 05:22:05 MDT 2015
On 23/05/15 11:13, Rowland Penny wrote:
> On 22/05/15 11:45, Stefan (metze) Metzmacher wrote:
>> Hi Rowland,
>>
>>> I will prepare a patch without the transfer part.
>> Thanks!
>>
>>> but I would like to point out that I have now found this:
>>>
>>> http://blogs.msmvps.com/ulfbsimonweidner/2008/07/31/how-many-infrastructure-masters-do-you-have/
>>>
>>>
>>>
>>> Which seems to say that the two dns zones in question are not critical.
>> Yes, and Samba ignores most of the roles anyway.
>>
>>> I have also found this:
>>>
>>> https://support.microsoft.com/en-us/kb/949257
>>>
>>> The script it provides seems to work in the same way that I proposed.
>> Yes, it basically does seize_role(..., force=true)
>>
>> And I guess that would match your patch without having the transfer
>> implemented.
>>
>> But if we implement the transfer command we should try to do better
>> and avoid having two owners for a short time.
>>
>> metze
>>
>
> Hi Stefan, I have attempted what you described (have attached a copy),
> but I keep getting this:
>
> ERROR: Failed to initiate transfer of 'forestdns' role:
> rootdse_modify: unknown attribute to change!
>
> I have tried several things but keep getting the same result, I did a
> search on 'rootdse_modify' and came up with this:
>
> https://msdn.microsoft.com/en-us/library/cc223297.aspx
>
> I 'think' it means that I am back to where I started, there is no
> 'becomeForestDnsZoneMaster' attribute.
>
> Rowland
>
OK Stefan, not being one to give up, I have tried several ways to do
what you asked and have finally managed to do it, but only after jumping
through various hoops, finding out that 'FLAG_MOD_DEL' is actually
'FLAG_MOD_DELETE' and finally discovering that you need to give a
username & password, what I have at the moment is a mess that works but
is not much different from seizing, only doing it on the DC that holds
the dns infrastructure role.
Should I continue and tidy things up into what I believe will have to be
a new 'def' ? or are you prepared to accept that perhaps it should be
done the way that Microsoft suggests ?
Rowland
More information about the samba-technical
mailing list