samba4.3.4: failure attempting to show/transfer/seize DomainDns FSMO role

Rowland Penny repenny241155 at gmail.com
Tue Jan 12 16:25:03 UTC 2016


On 12/01/16 15:06, Daniele Dario wrote:
> Hi Rowland,
> happy new year guys
>
>
> On mar, 2016-01-12 at 14:21 +0000, Rowland Penny wrote:
>> On 12/01/16 13:43, Daniele Dario wrote:
>>> Hi all,
>>> I just updated to samba 4.3.4 and before doing it I transferred all FSMO
>>> roles from kdc01 to kdc02 before start updating it.
>> What Samba version did you upgrade from?
>> I ask because before Samba version 4.3.0, fsmo.py only transferred 5 of
>> the 7 FSMO roles
>>
> Yeah, I was upgrading from 4.2.16
>
>>> After updated kdc01 I tried to transfer again all roles from kdc02 to
>>> kdc01 in order to update also kdc02 but I get this error:
>>>
>>> [root at kdc01:~]# samba-tool fsmo transfer --role=all
>>> ldb_wrap open of secrets.ldb
>>> This DC already has the 'rid' FSMO role
>>> This DC already has the 'pdc' FSMO role
>>> This DC already has the 'naming' FSMO role
>>> This DC already has the 'infrastructure' FSMO role
>>> This DC already has the 'schema' FSMO role
>>> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
>>> variable 'master_guid' referenced before assignment
>>>     File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
>>> line 175, in _run
>>>       return self.run(*args, **kwargs)
>>>     File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
>>> line 452, in run
>>>       transfer_dns_role(self.outf, sambaopts, credopts, "domaindns",
>>> samdb)
>>>     File
>>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
>>> line 76, in transfer_dns_role
>>>       master_dns_name = '%s._msdcs.%s' % (master_guid,
>>>
>>> I get something similar also trying to seize the roles or even show
>>> them.
>>>
>>> Guess that I'm missing something inside my dbs even if samba-tool
>>> dbcheck says everything is ok.
>>>
>>> [root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
>>> "CN=Infrastructure,DC=DomainDnsZones,DC=Saitel,DC=loc"
>>> GENSEC backend 'gssapi_spnego' registered
>>> GENSEC backend 'gssapi_krb5' registered
>>> GENSEC backend 'gssapi_krb5_sasl' registered
>>> GENSEC backend 'spnego' registered
>>> GENSEC backend 'schannel' registered
>>> GENSEC backend 'naclrpc_as_system' registered
>>> GENSEC backend 'sasl-EXTERNAL' registered
>>> GENSEC backend 'ntlmssp' registered
>>> GENSEC backend 'http_basic' registered
>>> GENSEC backend 'http_ntlm' registered
>>> GENSEC backend 'krb5' registered
>>> GENSEC backend 'fake_gssapi_krb5' registered
>>> # record 1
>>> dn: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
>>> objectClass: top
>>> objectClass: infrastructureUpdate
>>> cn: Infrastructure
>>> instanceType: 4
>>> whenCreated: 20120924143109.0Z
>>> whenChanged: 20150422114545.0Z
>>> uSNCreated: 5263
>>> uSNChanged: 5263
>>> showInAdvancedViewOnly: TRUE
>>> name: Infrastructure
>>> objectGUID: 8f2c0c68-c571-4ffd-9413-0bb7384f70d4
>>> systemFlags: -1946157056
>>> objectCategory:
>>> CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=saitel,
>>>    DC=loc
>>> isCriticalSystemObject: TRUE
>>> distinguishedName: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
>>>
>>> # returned 1 records
>>> # 1 entries
>>> # 0 referrals
>> It looks you need to add an fsmoroleowner for
>> 'CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc'
>>
>> Rowland
>>
>>> Any idea on how to fix this?
>>>
>>> Assuming that even with the fault the 5 roles have been transferred I
>>> also updated kdc02.
>>>
>>> Thanks in advance,
>>> Daniele.
>>>
>>>
>>
> How do I add it?

Try 'samba-tool fsmo seize --force --role=domaindns -U Administrator' on 
the DC that you want to hold this role (must be >= Samba 4.3.0

Rowland

>
> Just to say, wouldn't be useful to make samba-tool able to add (or ask
> to add) it directly?
>
> Daniele
>




More information about the samba-technical mailing list