[Samba] LDAP_INSUFFICIENT_ACCESS_RIGHTS error stops FSMO transfer
Adam Tauno Williams
awilliam at whitemice.org
Fri Jan 27 19:47:25 UTC 2017
Attempting to move FSMO roles from one SerNET Samba 4.5.4 DC to
another, all roles transfered except the DNS related ones - those fail
with an LDAP_INSUFFICIENT_ACCESS_RIGHTS
[root at larkin28 ~]# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
[root at larkin28 ~]# samba-tool fsmo transfer --role=domaindns
ERROR: Failed to delete role 'domaindns': LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
CN=Infrastructure,DC=DomainDnsZones,DC=micore,DC=us has no write
property access
> <>
[root at larkin28 ~]# samba-tool fsmo transfer --role=forestdns
ERROR: Failed to delete role 'forestdns': LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
CN=Infrastructure,DC=ForestDnsZones,DC=micore,DC=us has no write
property access
> <>
More information about the samba
mailing list