[Samba] SAMBA failing to start after upgrade

Rowland Penny rpenny at samba.org
Fri Nov 17 10:06:41 UTC 2017 

On Fri, 17 Nov 2017 11:38:22 +0200
Harsh Kukreja <h.kukreja at ium.edu.na> wrote:

> The upgrade shouldn't have touched the Samba database, just the
> binaries etc, so check the smb.conf file and recreate it if you cannot
> find it, or if it is incorrect.
> The smb.conf still exists
> [global]
>         workgroup = IUMNET
>         realm = IUMNET.EDU.NA
>         netbios name = IUMDCDP01
>         server role = active directory domain controller
>         dns forwarder = 172.16.10.254
>         domain master = yes
>         preferred master = yes
> #       server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
>         password server = 172.16.10.5
>         allow dns updates = nonsecure and secure
> #       lanman auth = Yes
> #       client lanman auth = Yes
>         ntlm auth = yes
>         client use spnego = no
>         client ldap sasl wrapping = sign
> #       ldap ssl ads = yes
> #       ldap ssl = start tls
>         ldap server require strong auth = no
> #       wins server = iumnet.edu.na
> #       wins support = Yes
>         time server = Yes
>         template shell = /bin/bash
>         template homedir = /home/%U
> #       idmap config * : backend = tdb
> #       idmap config *:range = 50000-1000000
>         full_audit:prefix = %u|%I|%m|%S
>         full_audit:failure = connect
>         full_audit:success = connect disconnect
> 
> seize the FSMO roles to another DC, forcibly demote the dead DC
> Please help with the commands to seize the FSMO roles to another DC
> and forcibly demote the dead DC.

OK, open a terminal on the DC you want to seize the FSMO roles to.
Type 'samba-tool --help'
This will show you the sub-commands available, the first one you want
is 'fsmo', so enter 'samba-tool fsmo --help'

This will display:

Usage: samba-tool fsmo <subcommand>

Flexible Single Master Operations (FSMO) roles management.


Options:
  -h, --help  show this help message and exit


Available subcommands:
  seize     - Seize the role.
  show      - Show the roles.
  transfer  - Transfer the role.
For more help on a specific subcommand, please type: samba-tool fsmo <subcommand> (-h|--help)

Now enter 'samba-tool fsmo seize --help'

From the output of the above command, you should be able to work out
the command to seize the FSMO roles to this DC is:

samba-tool fsmo seize --role=all --force -UAdministrator

You will be prompted for a password

The roles should be now be 'seized' to this DC.

You can use another user instead of 'Administrator', but the user must
have the required permissions.

you use '--force' to stop the command trying to transfer the roles,
this will fail because the old DC is offline, so why bother ;-)

I will leave you to work out how to remove the other dead server, but
as a hint, it is under 'samba-tool domain'

Rowland

More information about the samba mailing list