problem transfer domain dns zones and forest dns zones

Omnis ludis - games sergey.gortinsc17 at gmail.com
Wed Jul 10 09:13:36 UTC 2024 

yes, I conducted manual testing first from the windows server side and I
managed to change the owner through adsi edit by connecting to a
samba-based domain controller, then I found a variable that needed to be
replaced and performed a role change already through the samba-tool fsmo
role transfer --all -U Administrator command, I was asked for a password
and that's it the roles have been successfully transferred

ср, 10 июл. 2024 г. в 12:09, Andrew Bartlett <abartlet at samba.org>:

> On Wed, 2024-07-10 at 11:34 +0300, Omnis ludis - games via samba-technical
> wrote:
>
> while transferring fsmo roles I encountered a problem transferring the
>
> DomainDnsZones and ForestDnzZones roles in samba 4.20.2, I went to the
>
> samba source code in the fsmo.py file and started studying the code snippet
>
> in the Transfer_dns_role() function
>
>
> if master_dns_name != new_dns_name:
>
>         lp = sambaopts.get_loadparm()
>
>         creds = credopts.get_credentials(lp, Fallback_machine=True)
>
>         samdb = SamDB(url="ldap://%s" % (master_dns_name),
>
>                       session_info=system_session(),
>
>                       credentials=credits, lp=lp)
>
> and then I discovered a problem in the line SamDB(url="ldap://%s" %
>
> (master_dns_name)
>
> you must use new_dns_name, otherwise the following error will occur when
>
> transferring roles.
>
> Failed to add role 'domaindns': LDAP error 53 LDAP_UNWILLING_TO_PERFORM -
>
> <000020AE: SvcErr: DSID-03152DA8, issue 5003 (WILL_NOT_PERFORM), data 0
>
> since the ability to make corrections to the owner of the video is
>
> prohibited by MSAD, please fix this in the next version of Samba
>
>
> I assume you mean that the change to the FSMO role owner must be made on
> the new FSMO role owner?
>
> Perhaps submit a merge request with this, including a test (or at least
> checking that it is covered by an existing one) if possible?
>
> https://wiki.samba.org/index.php/Contribute
>
> Samba is often not quite as strict as windows, it would be great if tested
> changes to tighten this up were also contributed, but that would be a
> harder task.
>
> Andrew Bartlett
>
> --
>
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead                https://catalyst.net.nz/services/samba
> Catalyst.Net Ltd
>
> Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company
>
> Samba Development and Support: https://catalyst.net.nz/services/samba
>
> Catalyst IT - Expert Open Source Solutions
>

More information about the samba-technical mailing list