[Samba] Fwd: Re: Problem with Samba4 DB

bentunx bentunx at gmail.com
Wed Jun 29 09:02:48 UTC 2016 

dear roland and mathias


i already upgrade samba server version to 4.4.4

i have domote 3 of 4 offline dc successfully

one dc that i cant demote shown this error message

/**//*[root at pdc ~]# samba-tool domain demote 
--remove-other-dead-server=dc25*//*
*//*ERROR: Demote failed: DemoteException: dc25 is not an AD DC in 
domain.co.id*//*
*//*A transaction is still active in ldb context [0x1c11b00] on 
tdb:///usr/local/samba/private/sam.ldb*//*
*/

i  still cant change my DNS
i have another suspect, maybe it caused by authority problem ?
because error message while deleting DNS by RSAT /*
*//*"the record cannot be deleted, The Local Security Authority Database 
Contains an internal inconsistency"*/

On 15/06/2016 18:02, Rowland penny wrote:
> On 15/06/16 10:14, bentunx wrote:
>> hi mathias
>>
>> let me confirm your statement
>> so.. you think if we demote those 2 DC server that already offline, 
>> the DNS will be running well
>> well if this is one of option we have, i will consider to upgrade our 
>> FSMO DC from samba 4.1.X  to 4.4.x , by the way, are there any 
>> consideration if we update samba directly from 4.1 to 4.4 ?
>>
>> let me answer some of your question
>> *1 - what command are you launching to update your DNS? What are 
>> error messages?*
>> *2 - what are the DNS names of new entry which refuse to be added? 
>> Same question for the two DC your colleague removed from AD?*
>> /# samba-tool dns add pdc domain.co.id milis A 172.16.99.49//
>> //Password for [administrator at domain.CO.ID]://
>> //ERROR(runtime): uncaught exception - (1383, 
>> 'WERR_INTERNAL_DB_ERROR')//
>> //  File 
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", 
>> line 175, in _run//
>> //    return self.run(*args, **kwargs)//
>> //  File 
>> "/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/dns.py", 
>> line 1067, in run//
>> //    0, server, zone, name, add_rec_buf, None)/
>>
>>
>>
>> *3 - what version of Samba are you running?* 4.1 >> New versions 
>> include a command switch to remove DC from AD database from another 
>> DC. In others words you could cleanup database from old DC entries.
>>     yes i will try this,
>>
>> *4 - what gives the following commands? And what are DNS name and IP  
>> of your FSMO owner?*
>> /DNS : pdc.domain.co.id //
>> //InfrastructureMasterRole owner: CN=NTDS 
>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
>> //RidAllocationMasterRole owner: CN=NTDS 
>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
>> //PdcEmulationMasterRole owner: CN=NTDS 
>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
>> //DomainNamingMasterRole owner: CN=NTDS 
>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
>> //SchemaMasterRole owner: CN=NTDS 
>> Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=co,DC=id//
>> /
>> TIA
>> Zhia
>>
>
> There should be no problem with upgrading to 4.4.4, in fact there 
> could be several benefits including a much improved samba-tool fsmo 
> code, this will show you all the fsmo role owners:
>
> SchemaMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS 
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samdom,DC=example,DC=com
>
> But, you should always backup Samba before upgrading.
>
> Rowland
>
>

More information about the samba mailing list