samba4.3.4: failure attempting to show/transfer/seize DomainDns FSMO role

Daniele Dario d.dario76 at gmail.com
Tue Jan 12 13:43:34 UTC 2016 

Hi all,
I just updated to samba 4.3.4 and before doing it I transferred all FSMO
roles from kdc01 to kdc02 before start updating it.

After updated kdc01 I tried to transfer again all roles from kdc02 to
kdc01 in order to update also kdc02 but I get this error:

[root at kdc01:~]# samba-tool fsmo transfer --role=all
ldb_wrap open of secrets.ldb
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
This DC already has the 'naming' FSMO role
This DC already has the 'infrastructure' FSMO role
This DC already has the 'schema' FSMO role
ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
variable 'master_guid' referenced before assignment
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 452, in run
    transfer_dns_role(self.outf, sambaopts, credopts, "domaindns",
samdb)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 76, in transfer_dns_role
    master_dns_name = '%s._msdcs.%s' % (master_guid,

I get something similar also trying to seize the roles or even show
them.

Guess that I'm missing something inside my dbs even if samba-tool
dbcheck says everything is ok.

[root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
"CN=Infrastructure,DC=DomainDnsZones,DC=Saitel,DC=loc"
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
# record 1
dn: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
objectClass: top
objectClass: infrastructureUpdate
cn: Infrastructure
instanceType: 4
whenCreated: 20120924143109.0Z
whenChanged: 20150422114545.0Z
uSNCreated: 5263
uSNChanged: 5263
showInAdvancedViewOnly: TRUE
name: Infrastructure
objectGUID: 8f2c0c68-c571-4ffd-9413-0bb7384f70d4
systemFlags: -1946157056
objectCategory:
CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=saitel,
 DC=loc
isCriticalSystemObject: TRUE
distinguishedName: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc

# returned 1 records
# 1 entries
# 0 referrals

Any idea on how to fix this?

Assuming that even with the fault the 5 roles have been transferred I
also updated kdc02.

Thanks in advance,
Daniele.

More information about the samba-technical mailing list