[Samba] problem with samba-tool fsmo transfer

Guido Lorenzutti guido at lorenzutti.com.ar
Tue Jul 25 15:15:20 UTC 2017 

  

On Tue, 25 Jul 2017 16:00:48 +0100, Rowland Penny via samba wrote:


> On Tue, 25 Jul 2017 11:45:23 -0300
> Guido Lorenzutti via samba
wrote:
> 
>> ERROR: Failed to delete role 'domaindns': LDAP error 50
LDAP_INSUFFICIENT_ACCESS _RIGHTS -
> 
> Yes, you need to supply an admin
user & password to transfer the DNS
> FSMO roles.
> 
>> Password for
[TRUSTadministrador]: ERROR: Failed to add role 'domaindns': LDAP error
53 LDAP_UNWILLING_TO_PERFORM - DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SERVERIBM,CN=Servers,CN=Nombre-pred
eterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=SERVERIBM,CN=Servers,CN=Nombre-pred
eterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
> 
>
Have you checked that the above objects exist in AD ?

It seems that
seizing works! 

root at dc:/var/log/samba# samba-tool fsmo show


SchemaMasterRole owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
InfrastructureMasterRole
owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
RidAllocationMasterRole
owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
PdcEmulationMasterRole
owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
DomainNamingMasterRole
owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
DomainDnsZonesMasterRole
owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local
ForestDnsZonesMasterRole
owner: CN=NTDS
Settings,CN=DC,CN=Servers,CN=Nombre-predeterminado-primer-sitio,CN=Sites,CN=Configuration,DC=Trust,DC=local

I
was trying to avoid that... but.. well.. I will test everything
now.

Tnxs !

  

Links:
------
[1] mailto:samba at lists.samba.org

More information about the samba mailing list