[Samba] FSMO commands not working on 4.3.1

Hiroshi K k.hiroshi at gmail.com
Mon Dec 21 23:38:01 UTC 2015 

> On 21/12/15 17:53, George wrote:
> > On Mon, Dec 14, 2015 at 5:58 PM, Rowland penny <rpenny at samba.org>
wrote:
> >
> >> Try this:
> >>
> >> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb
> >> '(fsmoroleowner=*)' | grep 'dn:' | sed 's|dn: ||'
> >>
> >> It should return something like this:
> >>
> >> CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
> >> CN=Partitions,CN=Configuration,DC=samdom,DC=example,DC=com
> >> CN=Infrastructure,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
> >> CN=Infrastructure,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
> >> CN=Infrastructure,DC=samdom,DC=example,DC=com
> >> DC=samdom,DC=example,DC=com
> >> CN=RID Manager$,CN=System,DC=samdom,DC=example,DC=com
> >>
> >> How did you provision?
> >>
> >>
> >> Rowland
> >>
> >>
> > Yes, that command returns exactly what you said. This domain was
> > provisioned on some early 4.0.x release and upgraded several times
> > afterwards.
> >
> > Any other idea? Maybe it is some kind of bug within the Debian
packaging.
> >
> > Best regards.
>
> Very strange, can you find fsmo.py on your system (probably somewhere
> like /usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py) and then
> send me a copy (send it directly to 'rpenny at samba.org') , can you
> also send your smb.conf.
>
> Rowland


I go to the same that I upgraded Samba 4.0.x to 4.3.x,
and getting same (previously quoted) error.
(Tested on Debian 7,8 and CentOS 7 and got the same error)

I managed to solve the problem, and I'll share the info,
hoping it'll solve yours and future releases to be better.


The error I also got is the same as George, so I'll quote his
(the point is 'No such element')

>>>* ---------
*>>>* root at dc2 <https://lists.samba.org/mailman/listinfo/samba>:~#
samba-tool fsmo show
*>>>* ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
*>>>* element'
*>>>*     File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
*>>>* 175, in _run
*>>>*       return self.run(*args, **kwargs)
*>>>*     File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py",
line 395,
*>>>* in run
*>>>*       domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
*>>>*     File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 42,
*>>>* in
*>>>* get_fsmo_roleowner
*>>>*       master_owner = res[0]["fSMORoleOwner"][0]
*>>>

* ---------*

Follwing command returned a record, but without fSMORoleOwner


$ /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb
--cross-ncs --show-binary -b
"CN=Infrastructure,DC=ForestDnsZones,DC=test,DC=local" fSMORoleOwner

# record 1
dn: CN=Infrastructure,DC=ForestDnsZones,DC=test,DC=local
(*** without fSMORoleOwner here ***)


It seemed that the my case (upgrading from Samba 4.0.x),
there was no ForestDns/DomainDnsZone entries with riht FSMO server name...

And so, I prepared ldif file & loaded to edit it

$ cat ldb.ldif
dn: CN=Infrastructure,DC=DomainDnsZones,dc=test,dc=local
changetype: modify
replace: fSMORoleOwner
fSMORoleOwner: CN=NTDS
Settings,CN=SAMBA4-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local

$ /usr/local/samba/bin/ldbmodify -H /usr/local/samba/private/sam.ldb
--cross-ncs ./ldb.ldif
Modified 1 records successfully


After, fsmo works properly (tested with Samba 4.3.3 on Debian 8 and CentOS 7).

$ /usr/local/samba/bin/samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local


I hope it helps!

More information about the samba mailing list