[Samba] Error while transferring fsmo-roles
mathias dufresne
infractory at gmail.com
Wed Aug 9 10:37:00 UTC 2017
After applying change in fsmo.py proposed by Norbert Hanke I was able to
transfer roles without error but only when proceeding one by one:
# for role in rid pdc naming infrastructure schema domaindns forestdns ; do
samba-tool fsmo transfer --role=$role -k yes ; done
FSMO transfer of 'rid' role successful
FSMO transfer of 'pdc' role successful
FSMO transfer of 'naming' role successful
FSMO transfer of 'infrastructure' role successful
FSMO transfer of 'schema' role successful
FSMO transfer of 'domaindns' role successful
FSMO transfer of 'forestdns' role successful
Regarding _ldap._tcp.pdc._msdcs.samdom.domain.tld SRV entry there is still
an issue as now I have both DC declared into that SRV rather than one as
explained here:
https://blogs.msdn.microsoft.com/servergeeks/2014/07/12/dns-records-that-are-required-for-proper-functionality-of-active-directory/
I'm using Samba 4.6.5 on both DC.
I'll remove manually non-PDC entry from PDC SRV records and I'll try to
remember to to test that again once I'll have upgraded my DC's Samba
version.
2017-08-09 11:42 GMT+02:00 gizmo via samba <samba at lists.samba.org>:
> > After demotion and reinstallation I joined DC1 with success again, but
> all SRV-entries (_kerberos, _ldap, _kpasswd)
> > were not generated.
>
> SOLVED, everything works fine.
>
> The DNS-SRV-entries were not generated, because after transferring the
> roles, the SOA-entries for all zones contained
> still the old DC which didnt exist anymore. I changed to the new PDC. Same
> for the DNS-entry _msdcs->pdc.
> After this change the DCs wrote the missing entries into the DNS.
>
> Another problem I had with the tool "Active Directory Sites and Services".
> The information about the DCs were
> incomplete for the newly joinned DCs. I compared the attribute list and
> saw, that the attribute "serverReference" was
> empty. But a check with "ldbsearch" showed a value for this attribute
> (serverReferenceBL). Was like the value had
> a hidden character the tool "Active Directory Sites and Services" couldnt
> interpret.
> After rewriting this value everything worked.
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list