samba4.3.4: failure attempting to show/transfer/seize DomainDns FSMO role

Rowland Penny repenny241155 at gmail.com
Tue Jan 12 14:21:02 UTC 2016


On 12/01/16 13:43, Daniele Dario wrote:
> Hi all,
> I just updated to samba 4.3.4 and before doing it I transferred all FSMO
> roles from kdc01 to kdc02 before start updating it.

What Samba version did you upgrade from?
I ask because before Samba version 4.3.0, fsmo.py only transferred 5 of 
the 7 FSMO roles

>
> After updated kdc01 I tried to transfer again all roles from kdc02 to
> kdc01 in order to update also kdc02 but I get this error:
>
> [root at kdc01:~]# samba-tool fsmo transfer --role=all
> ldb_wrap open of secrets.ldb
> This DC already has the 'rid' FSMO role
> This DC already has the 'pdc' FSMO role
> This DC already has the 'naming' FSMO role
> This DC already has the 'infrastructure' FSMO role
> This DC already has the 'schema' FSMO role
> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
> variable 'master_guid' referenced before assignment
>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 175, in _run
>      return self.run(*args, **kwargs)
>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> line 452, in run
>      transfer_dns_role(self.outf, sambaopts, credopts, "domaindns",
> samdb)
>    File
> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> line 76, in transfer_dns_role
>      master_dns_name = '%s._msdcs.%s' % (master_guid,
>
> I get something similar also trying to seize the roles or even show
> them.
>
> Guess that I'm missing something inside my dbs even if samba-tool
> dbcheck says everything is ok.
>
> [root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
> "CN=Infrastructure,DC=DomainDnsZones,DC=Saitel,DC=loc"
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> # record 1
> dn: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
> objectClass: top
> objectClass: infrastructureUpdate
> cn: Infrastructure
> instanceType: 4
> whenCreated: 20120924143109.0Z
> whenChanged: 20150422114545.0Z
> uSNCreated: 5263
> uSNChanged: 5263
> showInAdvancedViewOnly: TRUE
> name: Infrastructure
> objectGUID: 8f2c0c68-c571-4ffd-9413-0bb7384f70d4
> systemFlags: -1946157056
> objectCategory:
> CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=saitel,
>   DC=loc
> isCriticalSystemObject: TRUE
> distinguishedName: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
>
> # returned 1 records
> # 1 entries
> # 0 referrals

It looks you need to add an fsmoroleowner for 
'CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc'

Rowland

> Any idea on how to fix this?
>
> Assuming that even with the fault the 5 roles have been transferred I
> also updated kdc02.
>
> Thanks in advance,
> Daniele.
>
>




More information about the samba-technical mailing list