[Samba] LDAP_INSUFFICIENT_ACCESS_RIGHTS error stops FSMO transfer

Carlos A. P. Cunha carlos.hollow at gmail.com
Fri Jan 27 19:53:55 UTC 2017 

Hello

To transfer the files referring to dns use -U <Domain Administrator>

example:

samba-tool fsmo transfer --role=forestdns -U administrator

regards

Em 27-01-2017 17:47, Adam Tauno Williams via samba escreveu:
> Attempting to move FSMO roles from one SerNET Samba 4.5.4 DC to 
> another, all roles transfered except the DNS related ones - those fail 
> with an LDAP_INSUFFICIENT_ACCESS_RIGHTS
>
> [root at larkin28 ~]# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> InfrastructureMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> RidAllocationMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> PdcEmulationMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> DomainNamingMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN28,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> DomainDnsZonesMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> ForestDnsZonesMasterRole owner: CN=NTDS 
> Settings,CN=LARKIN27,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=micore,DC=us
> [root at larkin28 ~]# samba-tool fsmo transfer --role=domaindns
> ERROR: Failed to delete role 'domaindns': LDAP error 50 
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object 
> CN=Infrastructure,DC=DomainDnsZones,DC=micore,DC=us has no write 
> property access
>> <>
> [root at larkin28 ~]# samba-tool fsmo transfer --role=forestdns
> ERROR: Failed to delete role 'forestdns': LDAP error 50 
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object 
> CN=Infrastructure,DC=ForestDnsZones,DC=micore,DC=us has no write 
> property access
>> <>
>
>
>
>

More information about the samba mailing list