[Samba] Issue to Demote old DC

Marcio Demetrio Bacci marciobacci at gmail.com
Tue May 23 15:02:38 UTC 2017 

Hi,

The DC that I want demote is Samba 4.2.1 and it doesn't know the parameter
"ldap server require strong auth".

Following my smb.conf


# Global parameters
[global]
        workgroup = EMPRESA
        realm = EMPRESA.COM.BR
        netbios name = DC3
        server role = active directory domain controller
        dns forwarder = 192.168.0.36
        idmap_ldb:use rfc2307 = yes
        ldap server require strong auth = no
[netlogon]
        path = /opt/samba/var/locks/sysvol/empresa.com.br/scripts
        read only = No

[sysvol]
        path = /opt/samba/var/locks/sysvol
        read only = No
        acl_xattr:ignore system acls = yes



When I reboot the Samba4 the below message appears:

[ ok ] Stopping Samba 4 daemon: samba.
[....] Starting Samba 4 daemon: sambaUnknown parameter encountered: "ldap
server require strong auth"
Ignoring unknown parameter "ldap server require strong auth"


My new DC is Samba 4.6.3
My Old DC is Samba 4.2.1

Regards,

Márcio Bacci

2017-05-23 3:00 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Mon, 22 May 2017 19:37:58 -0300
> Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:
>
> > Hi,
> >
> > I'm trying demote my old DC, but the following message appear:
> >
> > root at dc-old:~# samba-tool domain demote -Uadministrator
> > Using dc1.empresa.com.br as partner server for the demotion
> > Password for [EMPRESA\administrator]:
> > Deactivating inbound replication
> > Asking partner server dc1.empresa.com.br to synchronize from us
> > Failed to bind - LDAP error 8 LDAP_STRONG_AUTH_REQUIRED -
> > <SASL:[GSS-SPNEGO]: Sign or Seal are required.> <>
> > Failed to connect to 'ldap://dc1.empresa.com.br' with backend 'ldap':
> > (null) Error while demoting, re-enabling inbound replication
> > ERROR(ldb): Error while changing account control - None
> >
>
> try adding 'ldap server require strong auth = no' to the smb.conf on
> the DC you are trying to demote.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list