[Samba] Lost DC with FSMO-Rolls

Stefan Kania stefan at kania-online.de
Wed Nov 5 12:37:03 MST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

some more informations:
when I do a : "samba-tool dbcheck --fix --cross-ncs"

I get the following:

root at SVL-V-AD1:~# samba-tool dbcheck --fix --cross-ncs
Checking 3747 objects
ERROR: fSMORoleOwner not found for role
CN=Partitions,CN=Configuration,DC=egf,DC=ntd
Sieze role CN=Partitions,CN=Configuration,DC=egf,DC=ntd onto current
DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=SVL-V-AD1,CN=Servers,CN=Vertrieb,CN=Sites,CN=Configuration,DC=egf,DC=ntd
[y/N/all/none] y
Failed to sieze role CN=Partitions,CN=Configuration,DC=egf,DC=ntd onto
current DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=SVL-V-AD1,CN=Servers,CN=Vertrieb,CN=Sites,CN=Configuration,DC=egf,DC=ntd
: (20, 'SINGLE-VALUE attribute fSMORoleOwner on
CN=Partitions,CN=Configuration,DC=egf,DC=ntd specified more than once')
Checked 3747 objects (1 errors)

I checked the Object with ldbsearch and got the following:

root at SVL-V-AD1:~# ldbsearch --url=/var/lib/samba/private/sam.ldb  -b
"CN=Partitions,CN=Configuration,DC=egf,DC=ntd"

# record 6
dn: CN=Partitions,CN=Configuration,DC=egf,DC=ntd
objectClass: top
objectClass: crossRefContainer
cn: Partitions
instanceType: 4
whenCreated: 20141027112453.0Z
whenChanged: 20141027112456.0Z
uSNCreated: 3162
uSNChanged: 3162
showInAdvancedViewOnly: TRUE
name: Partitions
objectGUID: 8e7d5bd0-d15f-4f08-ae26-33931aedb98d
systemFlags: -2147483648
objectCategory:
CN=Cross-Ref-Container,CN=Schema,CN=Configuration,DC=egf,DC=ntd
msDS-Behavior-Version: 2
distinguishedName: CN=Partitions,CN=Configuration,DC=egf,DC=ntd

There is no attribut "fSMORoleOwner".
I checkes it on a working DC in another domain. In this domain the
attribut is listed in CN=Partitions

Then I tried it the hard way with ldbedit:

root at SVL-V-AD1:~# ldbedit --url=/var/lib/samba/private/sam.ldb  -b
"CN=Partitions,CN=Configuration,DC=egf,DC=ntd"
failed to modify CN=Partitions,CN=Configuration,DC=egf,DC=ntd -
SINGLE-VALUE attribute fSMORoleOwner on
CN=Partitions,CN=Configuration,DC=egf,DC=ntd specified more than once

As you can see, ldbedit gives the same errormessage. But there is no
other entry with an attribute "fSMORoleOwner"

I don't know what to do next

Any help?

Stefan


Am 05.11.2014 um 17:54 schrieb Stefan Kania:
> Hello,
> 
> I lost my DC with all fsmo-roles. I try to "seize" the roles to 
> another DC. It worked four out of five roles:
> 
> root at SVL-V-AD1:~# samba-tool fsmo seize --role=rid Attempting
> transfer... Transfer unsuccessful, seizing... FSMO seize of 'rid'
> role successful
> 
> root at SVL-V-AD1:~# samba-tool fsmo seize --role=pdc Attempting
> transfer... Transfer unsuccessful, seizing... FSMO seize of 'pdc'
> role successful
> 
> root at SVL-V-AD1:~# samba-tool fsmo seize --role=infrastructure 
> Attempting transfer... Transfer unsuccessful, seizing... FSMO seize
> of 'infrastructure' role successful
> 
> root at SVL-V-AD1:~# samba-tool fsmo seize --role=schema Attempting
> transfer... Transfer unsuccessful, seizing... FSMO seize of
> 'schema' role successful
> 
> But it faild foir the role "naming":
> 
> root at SVL-V-AD1:~# samba-tool fsmo seize --role=naming Attempting
> transfer... ERROR(ldb): uncaught exception - Failed FSMO transfer: 
> NT_STATUS_CONNECTION_REFUSED File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 175, in _run return self.run(*args, **kwargs) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 160,
> in run self.seize_role(role, samdb, force) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 126,
> in seize_role transfer_role(self.outf, role, samdb) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 53,
> in transfer_role samdb.modify(m)
> 
> After that "samba-tool fsmo show " gives the following error:
> 
> root at SVL-V-AD1:~# samba-tool fsmo show ERROR(<type
> 'exceptions.KeyError'>): uncaught exception - 'No such element' 
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", 
> line 175, in _run return self.run(*args, **kwargs) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 207,
> in run self.namingMaster = res[0]["fSMORoleOwner"][0]
> 
> What can I do, to get all roles back to work?
> 
> Stefan
> 
> 

- -- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRafF8ACgkQ2JOGcNAHDTZR9ACdH9P2rUsRFtGuS/nUU9CeeySa
kbUAni19XIGWVabZHdSbyxWPxtlahTdT
=rmp8
-----END PGP SIGNATURE-----

More information about the samba mailing list