[Samba] FSMO Transfer fail
Anderson Hoffmann do Carmo
anderson.hoffmann at gsurfnet.com
Fri Jul 8 12:28:20 UTC 2016
Hi for all!
Great news!
The procedure worked properly and fix the problem. Thank you so much 'Jason
Waters' and 'Rowland Penny' for Support :-)
root at gteste2:/anderson#
*root at gteste2:/anderson# ldbmodify -H /var/lib/samba/private/sam.ldb
--cross-ncs ./fsmofixdomaindns.ldif*
Modified 1 records successfully
*root at gteste2:/anderson# ldbmodify -H /var/lib/samba/private/sam.ldb
--cross-ncs ./fsmofixforestdns.ldif*
Modified 1 records successfully
root at gteste2:/anderson#
root at gteste2:/anderson#
*root at gteste2:/anderson# samba-tool fsmo show*
SchemaMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=GTESTE2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testead,DC=gsurfnet,DC=com
root at gteste2:/anderson#
root at gteste2:/anderson#
*root at gteste2:/anderson# samba-tool fsmo transfer --role=all
-UAdministrador --password=######*
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
This DC already has the 'naming' FSMO role
This DC already has the 'infrastructure' FSMO role
This DC already has the 'schema' FSMO role
This DC already has the 'domaindns' FSMO role
This DC already has the 'forestdns' FSMO role
root at gteste2:/anderson#
Thanks,
Anderson Hoffmann
2016-07-07 17:07 GMT-03:00 Jason Waters <jason at geeknocity.com>:
> This will help
>
> http://poster.bshellz.net/samba/Ubuntu_14.04_4.1.6_to_4.3.8_Upgrade_Notes.txt
>
> But basically you want to do this.
>
> Create two files, fsmofixdomaindns.ldif
>
> # For DomainDnsZonesMasterRole
> dn: CN=Infrastructure,DC=DomainDnsZones,dc=test,dc=local
> changetype: modify
> replace: fSMORoleOwner
> fSMORoleOwner: CN=NTDS Settings,CN=SAMBA4-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
>
> and fsmofixforestdns.ldif
>
> # For ForestDnsZonesMasterRole
> dn: CN=Infrastructure,DC=ForestDnsZones,dc=test,dc=local
> changetype: modify
> replace: fSMORoleOwner
> fSMORoleOwner: CN=NTDS Settings,CN=SAMBA4-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=test,DC=local
>
>
> Then modify them with these commands
>
> ldbmodify -H /var/lib/samba/private/sam.ldb --cross-ncs ./fsmofixdomaindns.ldif
> ldbmodify -H /var/lib/samba/private/sam.ldb --cross-ncs ./fsmofixforestdns.ldif
>
>
> Then run the samba-tool fsmo show and you should see them all.
>
>
> On Thu, Jul 7, 2016 at 4:01 PM, Anderson Hoffmann do Carmo <
> anderson.hoffmann at gsurfnet.com> wrote:
>
>> Hi.
>>
>> root at gteste2:~#
>> root at gteste2:~# samba-tool fsmo transfer --role=all -UAdministrador
>> --password=#######
>> This DC already has the 'rid' FSMO role
>> This DC already has the 'pdc' FSMO role
>> This DC already has the 'naming' FSMO role
>> This DC already has the 'infrastructure' FSMO role
>> This DC already has the 'schema' FSMO role
>> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
>> variable 'master_guid' referenced before assignment
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 452,
>> in run
>> transfer_dns_role(self.outf, sambaopts, credopts, "domaindns", samdb)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 76,
>> in transfer_dns_role
>> master_dns_name = '%s._msdcs.%s' % (master_guid,
>> root at gteste2:~#
>> root at gteste2:~#
>>
>>
>>
>>
>> root at gteste2:~#
>> root at gteste2:~#
>> root at gteste2:~# samba-tool fsmo show
>> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
>> element'
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 175, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 396,
>> in run
>> domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 43,
>> in get_fsmo_roleowner
>> master_owner = res[0]["fSMORoleOwner"][0]
>> root at gteste2:~#
>> root at gteste2:~#
>>
>>
>>
>> Thanks,
>> Anderson Hoffmann
>>
>>
>>
>>
>> 2016-07-07 16:50 GMT-03:00 Jason Waters <jason at geeknocity.com>:
>>
>>> what do you get when you do samba-tool fsmo show,
>>>
>>> also try samba-tool fsmo transfer --role=all -UAdministrator
>>> --password=yourpassword
>>>
>>>
>>>
>>> On Thu, Jul 7, 2016 at 3:49 PM, Anderson Hoffmann do Carmo <
>>> anderson.hoffmann at gsurfnet.com> wrote:
>>>
>>>> Fail! :-(
>>>>
>>>> root at gteste2:~# samba-tool fsmo transfer --role=all -UAdministrador
>>>> FSMO transfer of 'rid' role successful
>>>> FSMO transfer of 'pdc' role successful
>>>> FSMO transfer of 'naming' role successful
>>>> FSMO transfer of 'infrastructure' role successful
>>>> FSMO transfer of 'schema' role successful
>>>> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception -
>>>> local variable 'master_guid' referenced before assignment
>>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>>> line 175, in _run
>>>> return self.run(*args, **kwargs)
>>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
>>>> 452, in run
>>>> transfer_dns_role(self.outf, sambaopts, credopts, "domaindns",
>>>> samdb)
>>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
>>>> 76, in transfer_dns_role
>>>> master_dns_name = '%s._msdcs.%s' % (master_guid,
>>>> root at gteste2:~#
>>>> root at gteste2:~#
>>>>
>>>>
>>
>>
>>
>>>
>>>>
>>>> Thanks,
>>>> Anderson Hoffmann
>>>>
>>>>
>>>>
>>>> 2016-07-07 16:43 GMT-03:00 Jason Waters <jason at geeknocity.com>:
>>>>
>>>>> try
>>>>> samba-tool fsmo transfer --role=all -UAdministrator
>>>>>
>>>>> And see if that works.
>>>>>
>>>>> On Thu, Jul 7, 2016 at 2:57 PM, Anderson Hoffmann do Carmo <
>>>>> anderson.hoffmann at gsurfnet.com> wrote:
>>>>>
>>>>>> Hi for All!
>>>>>>
>>>>>> I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server
>>>>>> 16.04
>>>>>> as secundary DC with Samba 4.3.9 (from repository/apt-get).
>>>>>> During a migration test of FSMO roles I received an error from Samba:
>>>>>>
>>>>>> root at gteste2:~# samba-tool fsmo transfer --role=all
>>>>>> ERROR: Failed to delete role 'domaindns': LDAP error 50
>>>>>> LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: SecErr: DSID-0315211E,
>>>>>> problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
>>>>>> root at gteste2:~#
>>>>>>
>>>>>>
>>>>>> After this, I am getting the error below:
>>>>>>
>>>>>> root at gteste2:~# samba-tool fsmo show
>>>>>> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
>>>>>> element'
>>>>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>>>>> line
>>>>>> 175, in _run
>>>>>> return self.run(*args, **kwargs)
>>>>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
>>>>>> 396,
>>>>>> in run
>>>>>> domaindnszonesMaster = get_fsmo_roleowner(samdb, domaindns_dn)
>>>>>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
>>>>>> 43, in
>>>>>> get_fsmo_roleowner
>>>>>> master_owner = res[0]["fSMORoleOwner"][0]
>>>>>> root at gteste2:~#
>>>>>>
>>>>>>
>>>>>> My samba config is:
>>>>>>
>>>>>> root at gteste2:~# cat /etc/samba/smb.conf
>>>>>> # Global parameters
>>>>>> [global]
>>>>>> workgroup = TESTEAD
>>>>>> realm = testead.gsurfnet.com
>>>>>> netbios name = GTESTE2
>>>>>> interfaces = lo ens33
>>>>>> bind interfaces only = Yes
>>>>>> server role = active directory domain controller
>>>>>> dns forwarder = 8.8.8.8
>>>>>>
>>>>>> [netlogon]
>>>>>> path = /var/lib/samba/sysvol/testead.gsurfnet.com/scripts
>>>>>> read only = No
>>>>>>
>>>>>> [sysvol]
>>>>>> path = /var/lib/samba/sysvol
>>>>>> read only = No
>>>>>> root at gteste2:~#
>>>>>>
>>>>>>
>>>>>>
>>>>>> I do not know what to do... :-(
>>>>>>
>>>>>>
>>>>>> Anderson Hoffmann
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
>
More information about the samba
mailing list