[Samba] FSMO roles

Sketch smblist at rednsx.org
Wed Aug 27 13:02:03 MDT 2014 

After accidentally destroying my primary DC which held all of the FSMO 
roles, I am unable to show any roles, or sieze the naming role.  I 
initialy tried to sieze --role=all, and it failed, but by doing 
them individually I was able to seize them all except for the 
naming role.  Any suggestions on how to fix this?


# samba-tool fsmo show -d 9
<removed generic debug info>
pm_process() returned Yes
ldb_wrap open of secrets.ldb
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[no] updates allowed[no]
schema_fsmo_init: we are master[no] updates allowed[no]
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 197, in run
     self.infrastructureMaster = res[0]["fSMORoleOwner"][0]


# samba-tool fsmo seize --role=naming -d 9
<removed generic debug info>
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
Attempting transfer...
imessaging: cleaning up 
/var/lib/samba/private/smbd.tmp/msg/msg.24602.585963648
ERROR(ldb): uncaught exception - Failed FSMO transfer: 
NT_STATUS_CONNECTION_REFUSED
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 175, in _run
     return self.run(*args, **kwargs)
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 160, in run
     self.seize_role(role, samdb, force)
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 126, in seize_role
     transfer_role(self.outf, role, samdb)
   File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py", line 53, in transfer_role
     samdb.modify(m)

I did find one samba list post where someone suggested the following to 
fix a similar problem, but it errors out with the following error, and 
seizing fails with exactly the same error as before.

# samba-tool dbcheck --fix --cross-ncs
Checking 3916 objects
ERROR: fSMORoleOwner not found for role 
Sieze role CN=Partitions,CN=Configuration,DC=ad,DC=mydomain,DC=com onto current DC by adding fSMORoleOwner=CN=NTDS Settings,CN=AUTH-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=com 
[y/N/all/none] y
Failed to sieze role CN=Partitions,CN=Configuration,DC=ad,DC=mydomain,DC=com onto current 
DC by adding fSMORoleOwner=CN=NTDS Settings,CN=AUTH-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=com : (20, 'SINGLE-VALUE attribute fSMORoleOwner on CN=Partitions,CN=Configuration,DC=ad,DC=mydomain,DC=com specified more than once')
Checked 3916 objects (1 errors)

More information about the samba mailing list