[Samba] FSMO commands not working on 4.3.1

Rowland penny rpenny at samba.org
Mon Dec 14 20:58:22 UTC 2015 

On 14/12/15 20:31, George wrote:
> On Sun, Dec 13, 2015 at 6:08 AM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 13/12/15 05:31, George wrote:
>>
>>> Hi guys!
>>> I am currently running 4.3.1 on Debian Jessie (compiled from the
>>> experimental repo).
>>>
>>> Pretty much everything seems to be working fine, but the FSMO functions:
>>>
>>> ---------
>>> root at dc2:~# samba-tool fsmo show
>>> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
>>> element'
>>>     File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>>> 175, in _run
>>>       return self.run(*args, **kwargs)
>>>     File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 395,
>>> in run
>>>       domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>>>     File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 42,
>>> in
>>> get_fsmo_roleowner
>>>       master_owner = res[0]["fSMORoleOwner"][0]
>>> ---------
>>>
>>> Transfering or seizing the roles one by one, I can see that any operation
>>> involving the two "new" roles (domaindns and forestdns) is what actually
>>> breaks it.
>>>
>>> I don't think this is an upstream bug (is it?) Any ideas?
>>>
>>> Best regards,
>>> George
>>>
>> Are you using an admin user and password ?
>>
>> Rowland
>>
>>
> Even if I do (with the domain administrator user and pass) the same error
> comes up

OK, I use 4.3.1

root at dc1:~# samba -V
Version 4.3.1

Probably the only difference is I installed into /usr/local instead of 
/var/lib

When I try samba-tool, I get this:

root at dc1:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS 
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com

Do you actually have all 7 FSMO roles?
Try this:

ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb 
'(fsmoroleowner=*)' | grep 'dn:' | sed 's|dn: ||'

It should return something like this:

CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
CN=Partitions,CN=Configuration,DC=samdom,DC=example,DC=com
CN=Infrastructure,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
CN=Infrastructure,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
CN=Infrastructure,DC=samdom,DC=example,DC=com
DC=samdom,DC=example,DC=com
CN=RID Manager$,CN=System,DC=samdom,DC=example,DC=com

How did you provision?

Rowland

More information about the samba mailing list