[Samba] SAMBA failing to start after upgrade
Rowland Penny
rpenny at samba.org
Fri Nov 17 10:06:41 UTC 2017
On Fri, 17 Nov 2017 11:38:22 +0200
Harsh Kukreja <h.kukreja at ium.edu.na> wrote:
> The upgrade shouldn't have touched the Samba database, just the
> binaries etc, so check the smb.conf file and recreate it if you cannot
> find it, or if it is incorrect.
> The smb.conf still exists
> [global]
> workgroup = IUMNET
> realm = IUMNET.EDU.NA
> netbios name = IUMDCDP01
> server role = active directory domain controller
> dns forwarder = 172.16.10.254
> domain master = yes
> preferred master = yes
> # server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
> password server = 172.16.10.5
> allow dns updates = nonsecure and secure
> # lanman auth = Yes
> # client lanman auth = Yes
> ntlm auth = yes
> client use spnego = no
> client ldap sasl wrapping = sign
> # ldap ssl ads = yes
> # ldap ssl = start tls
> ldap server require strong auth = no
> # wins server = iumnet.edu.na
> # wins support = Yes
> time server = Yes
> template shell = /bin/bash
> template homedir = /home/%U
> # idmap config * : backend = tdb
> # idmap config *:range = 50000-1000000
> full_audit:prefix = %u|%I|%m|%S
> full_audit:failure = connect
> full_audit:success = connect disconnect
>
> seize the FSMO roles to another DC, forcibly demote the dead DC
> Please help with the commands to seize the FSMO roles to another DC
> and forcibly demote the dead DC.
OK, open a terminal on the DC you want to seize the FSMO roles to.
Type 'samba-tool --help'
This will show you the sub-commands available, the first one you want
is 'fsmo', so enter 'samba-tool fsmo --help'
This will display:
Usage: samba-tool fsmo <subcommand>
Flexible Single Master Operations (FSMO) roles management.
Options:
-h, --help show this help message and exit
Available subcommands:
seize - Seize the role.
show - Show the roles.
transfer - Transfer the role.
For more help on a specific subcommand, please type: samba-tool fsmo <subcommand> (-h|--help)
Now enter 'samba-tool fsmo seize --help'
From the output of the above command, you should be able to work out
the command to seize the FSMO roles to this DC is:
samba-tool fsmo seize --role=all --force -UAdministrator
You will be prompted for a password
The roles should be now be 'seized' to this DC.
You can use another user instead of 'Administrator', but the user must
have the required permissions.
you use '--force' to stop the command trying to transfer the roles,
this will fail because the old DC is offline, so why bother ;-)
I will leave you to work out how to remove the other dead server, but
as a hint, it is under 'samba-tool domain'
Rowland
More information about the samba
mailing list