[Samba] Error while transferring fsmo-roles

Norbert Hanke norbert.hanke at gmx.ch
Sun Aug 6 19:44:45 UTC 2017 

Hi,

I faced the same problem, solved it by adding the line
import samba.drs_utils
to the file fsmo.py.

When building samba yourself, from withtin the base directory you can 
apply this patch file to do it for you:

--- python/samba/netcmd/fsmo.py.old     2016-12-05 08:18:44.000000000 +0000
+++ python/samba/netcmd/fsmo.py 2017-03-11 10:27:31.453884091 +0000
@@ -20,6 +20,7 @@
  import samba
  import samba.getopt as options
  import ldb
+import samba.drs_utils
  from ldb import LdbError
  from samba.dcerpc import drsuapi, misc
  from samba.auth import system_session

regards,
Norbert


On 04.08.2017 21:20, gizmo via samba wrote:
> Hello,
> I transfered all fsmo-roles from a DC (4.3.11-SerNet, SLES 11 SP3) to another DC (4.6.6-SerNet, SLES 12 SP2).
> I had to try a couple of times because of an error "Failed FSMO transfer: NT_STATUS_IO_TIMEOUT"
> But then following error happened:
>
>    samba-tool fsmo transfer --role=all
>
>    This DC already has the 'rid' FSMO role
>    This DC already has the 'pdc' FSMO role
>    This DC already has the 'naming' FSMO role
>    This DC already has the 'infrastructure' FSMO role
>    FSMO transfer of 'schema' role successful
>    ERROR: Failed to delete role 'domaindns': LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
>    CN=Infrastructure,DC=DomainDnsZones,DC=domain,DC=university,DC=de has no write property access
>
>
> OK, "LDAP_INSUFFICIENT_ACCESS_RIGHTS", another try with credentials:
>
>
>    samba-tool fsmo transfer --role=all -Uadministrator
>
>    ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object has no attribute 'drs_utils'
>      File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run
>        return self.run(*args, **kwargs)
>      File "/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line 515, in run
>        "domaindns", samdb)
>      File "/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line 129, in transfer_dns_role
>        except samba.drs_utils.drsException, e
>
>
> Same error occurred with the role "forestdns".
> In spite of the errors the roles were transfered.
>
> Can I ignore this error or went something wrong ?
> "samba-tool fsmo show" says, the owner of all roles is the new DC.
>
> Also with the following check for all roles everything is ok.
> ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b "CN=Infrastructure,DC=domain,DC=university,DC=de" -s base fsmoroleowner
>
> The only thing I saw - there is an DNS-entry "Forward-Lookupzones->domain->_msdcs.domain->pdc->_tcp".
> Sounds like an entry for the PDC, and there is still the DC which owned the roles.
> Do I have to change this manually ?
>
> In a next step I will demote (and reinstall) the DC which owned the roles, maybe this solves any inconsistencies, in case there are some.
>
> Regards
>

More information about the samba mailing list