[WIP] Fix samba-tool domain demote to remove another dead DC
Andrew Bartlett
abartlet at samba.org
Wed Oct 14 22:13:29 UTC 2015
On Wed, 2015-10-14 at 23:56 +0200, Marc Muehlfeld wrote:
> Hello Andrew,
>
> Am 14.10.2015 um 12:34 schrieb Andrew Bartlett:
> > samba-tool domain demote --remove-other-dead-server=deaddc -H
> > /path/to/sam.ldb
>
>
> The first try looks good. Everything seems to be removed. I'll have a
> closer look soon.
>
>
> The only remaining I saw, is the DNS account:
> dn: CN=dns-DC2,CN=Users,DC=samdom,DC=example,DC=com
> Is there any reason, to keep it?
No, and that is really, really helpful feedback.
> And maybe a more beautiful error would be nice, if trying to remove a
> none-existent DC ;-)
:-)
> # samba-tool domain demote --remove-other-dead-server=DC3 -H
> /usr/local/samba/private/sam.ldb
> ERROR(<class 'samba.remove_dc.demoteException'>): uncaught exception
> -
> demoteException: DC3 is not an AD DC in samdom.example.com
> File
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/domain.py",
> line 678, in run
> remove_dc.remove_dc(samdb, remove_other_dead_server)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/remove_dc.py",
> line 260, in remove_dc
> % (dc_name, samdb.domain_dns_name()))
> A transaction is still active in ldb context [0x2101200] on
> /usr/local/samba/private/sam.ldb
>
>
> And also if you try to remove the DC, you're starting this command
> on:
>
> [root at DC1 ~]# samba-tool domain demote --remove-other-dead-server=DC1
> -H
> /usr/local/samba/private/sam.ldb
> ERROR(ldb): uncaught exception - objectclass: Cannot delete CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com,
> it's the DC's ntDSDSA object!
> File
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/__init__.py",
> line 175, in _run
> return self.run(*args, **kwargs)
> File
> "/usr/local/samba/lib64/python2.7/site-
> packages/samba/netcmd/domain.py",
> line 678, in run
> remove_dc.remove_dc(samdb, remove_other_dead_server)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/remove_dc.py",
> line 288, in remove_dc
> remove_dns_names=True)
> File
> "/usr/local/samba/lib64/python2.7/site-packages/samba/remove_dc.py",
> line 239, in offline_remove_ntds_dc
> samdb.delete(ntds_dn, ["tree_delete:0"])
> A transaction is still active in ldb context [0x1a36200] on
> /usr/local/samba/private/sam.ldb
I agree that isn't ideal. I tried to make it only as ugly as the first
message, but my check must not be correct.
Thanks!
Andrew Bartlett
--
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team https://samba.org
Samba Development and Support, Catalyst IT
https://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list