[Samba] FSMO commands not working on 4.3.1

Rowland penny rpenny at samba.org
Tue Dec 22 08:06:28 UTC 2015


On 21/12/15 23:38, Hiroshi K wrote:
>> On 21/12/15 17:53, George wrote:
>>> On Mon, Dec 14, 2015 at 5:58 PM, Rowland penny <rpenny at samba.org>
> wrote:
>>>> Try this:
>>>>
>>>> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb
>>>> '(fsmoroleowner=*)' | grep 'dn:' | sed 's|dn: ||'
>>>>
>>>> It should return something like this:
>>>>
>>>> CN=Schema,CN=Configuration,DC=samdom,DC=example,DC=com
>>>> CN=Partitions,CN=Configuration,DC=samdom,DC=example,DC=com
>>>> CN=Infrastructure,DC=DomainDnsZones,DC=samdom,DC=example,DC=com
>>>> CN=Infrastructure,DC=ForestDnsZones,DC=samdom,DC=example,DC=com
>>>> CN=Infrastructure,DC=samdom,DC=example,DC=com
>>>> DC=samdom,DC=example,DC=com
>>>> CN=RID Manager$,CN=System,DC=samdom,DC=example,DC=com
>>>>
>>>> How did you provision?
>>>>
>>>>
>>>> Rowland
>>>>
>>>>
>>> Yes, that command returns exactly what you said. This domain was
>>> provisioned on some early 4.0.x release and upgraded several times
>>> afterwards.
>>>
>>> Any other idea? Maybe it is some kind of bug within the Debian
> packaging.
>>> Best regards.
>> Very strange, can you find fsmo.py on your system (probably somewhere
>> like /usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py) and then
>> send me a copy (send it directly to 'rpenny at samba.org') , can you
>> also send your smb.conf.
>>
>> Rowland
>
> I go to the same that I upgraded Samba 4.0.x to 4.3.x,
> and getting same (previously quoted) error.
> (Tested on Debian 7,8 and CentOS 7 and got the same error)
>
> I managed to solve the problem, and I'll share the info,
> hoping it'll solve yours and future releases to be better.
>
>
> The error I also got is the same as George, so I'll quote his
> (the point is 'No such element')
>
>>>> * ---------
> *>>>* root at dc2 <https://lists.samba.org/mailman/listinfo/samba>:~#
> samba-tool fsmo show
> *>>>* ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
> *>>>* element'
> *>>>*     File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> *>>>* 175, in _run
> *>>>*       return self.run(*args, **kwargs)
> *>>>*     File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py",
> line 395,
> *>>>* in run
> *>>>*       domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
> *>>>*     File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 42,
> *>>>* in
> *>>>* get_fsmo_roleowner
> *>>>*       master_owner = res[0]["fSMORoleOwner"][0]
> *>>>
>
> * ---------*
>
> Follwing command returned a record, but without fSMORoleOwner
>
>
> $ /usr/local/samba/bin/ldbsearch -H /usr/local/samba/private/sam.ldb
> --cross-ncs --show-binary -b
> "CN=Infrastructure,DC=ForestDnsZones,DC=test,DC=local" fSMORoleOwner
>
> # record 1
> dn: CN=Infrastructure,DC=ForestDnsZones,DC=test,DC=local
> (*** without fSMORoleOwner here ***)
>
>
> It seemed that the my case (upgrading from Samba 4.0.x),
> there was no ForestDns/DomainDnsZone entries with riht FSMO server name...
>
> And so, I prepared ldif file & loaded to edit it
>
> $ cat ldb.ldif
> dn: CN=Infrastructure,DC=DomainDnsZones,dc=test,dc=local
> changetype: modify
> replace: fSMORoleOwner
> fSMORoleOwner: CN=NTDS
> Settings,CN=SAMBA4-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
>
> $ /usr/local/samba/bin/ldbmodify -H /usr/local/samba/private/sam.ldb
> --cross-ncs ./ldb.ldif
> Modified 1 records successfully
>
>
> After, fsmo works properly (tested with Samba 4.3.3 on Debian 8 and CentOS 7).
>
> $ /usr/local/samba/bin/samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=SAMBA4-DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
>
>
> I hope it helps!

Hi, that is what I expected the OP to say, that he didn't have all 7 
fsmo roles, but he claims that he has. I think I need to come up with a 
script to get the info from sam.ldb and display it in a meaningful way.

Rowland



More information about the samba mailing list