problem transfer domain dns zones and forest dns zones

[Andrew Bartlett]

On Wed, 2024-07-10 at 11:34 +0300, Omnis ludis - games via samba-
technical wrote:
> while transferring fsmo roles I encountered a problem transferring
> theDomainDnsZones and ForestDnzZones roles in samba 4.20.2, I went to
> thesamba source code in the fsmo.py file and started studying the
> code snippetin the Transfer_dns_role() function
> if master_dns_name != new_dns_name:        lp =
> sambaopts.get_loadparm()        creds = credopts.get_credentials(lp,
> Fallback_machine=True)        samdb = SamDB(url="ldap://%s" %
> (master_dns_name),                      session_info=system_session()
> ,                      credentials=credits, lp=lp)and then I
> discovered a problem in the line SamDB(url="ldap://%s"
> %(master_dns_name)you must use new_dns_name, otherwise the following
> error will occur whentransferring roles.Failed to add role
> 'domaindns': LDAP error 53 LDAP_UNWILLING_TO_PERFORM -<000020AE:
> SvcErr: DSID-03152DA8, issue 5003 (WILL_NOT_PERFORM), data 0since the
> ability to make corrections to the owner of the video isprohibited by
> MSAD, please fix this in the next version of Samba

I assume you mean that the change to the FSMO role owner must be made
on the new FSMO role owner?

Perhaps submit a merge request with this, including a test (or at least
checking that it is covered by an existing one) if possible?

https://wiki.samba.org/index.php/Contribute

Samba is often not quite as strict as windows, it would be great if
tested changes to tighten this up were also contributed, but that would
be a harder task.

Andrew Bartlett


-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/Samba Team Member (since 2001) https://samba.orgSamba Team Lead                https://catalyst.net.nz/services/sambaCatalyst.Net Ltd
Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company
Samba Development and Support: https://catalyst.net.nz/services/samba
Catalyst IT - Expert Open Source Solutions