[Samba] Magically disappearing errors during FSMO transfer
Mike Ray
mray at xes-inc.com
Thu Oct 5 19:14:56 UTC 2017
Recently tried transferring roles from Samba 4.3.11 to Samba 4.7.0. Ultimately,
both dcs agreed that the 4.7.0 dc (dc3) had all the roles and replication and
the databases were in good shape. However, during the process, I got a lot of
errors that seemed to magically disappear.
Should I be worried?
root at dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo s^C
root at dc3:~# samba-tool fsmo transfer --role all
FSMO transfer of 'rid' role successful ERROR: Transfer of 'pdc' role failed:
Failed FSMO transfer: NT_STATUS_IO_TIMEOUT
root at dc3:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role all This DC already has the 'rid'
FSMO role This DC already has the 'pdc' FSMO role FSMO transfer of 'naming' role
successful ERROR: Transfer of 'infrastructure' role failed: Failed FSMO
transfer: NT_STATUS_IO_TIMEOUT
root at dc3:~# samba-tool fsmo show SchemaMasterRole
owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role all This DC already has the 'rid'
FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role FSMO
transfer of 'schema' role successful ERROR: Failed to delete role 'domaindns':
LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write property
access
> <>
root at dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role all This DC already has the 'rid'
FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC
already has the 'schema' FSMO role ERROR: Failed to delete role 'domaindns':
LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: Object
CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write property
access
> <>
root at dc3:~# samba-tool fsmo transfer --role all -UAdministrator This DC already
has the 'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already
has the 'naming' FSMO role This DC already has the 'infrastructure' FSMO role
This DC already has the 'schema' FSMO role Password for [Example\Administrator]:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object
has no attribute 'drs_utils' File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 515, in run
"domaindns", samdb) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 129, in
transfer_dns_role except samba.drs_utils.drsException, e:
root at dc3:~# samba-tool
fsmo transfer --role all -UAdministrator This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role This DC already has the 'naming' FSMO
role This DC already has the 'infrastructure' FSMO role This DC already has the
'schema' FSMO role Password for [Example\Administrator]: ERROR: Failed to delete
role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <attribute
'fSMORoleOwner': no matching attribute value while deleting attribute on
'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
root at dc3:~#
samba-tool fsmo transfer --role all -UAdministrator This DC already has the
'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC
already has the 'schema' FSMO role Password for [Example\Administrator]: ERROR:
Failed to delete role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -
<attribute 'fSMORoleOwner': no matching attribute value while deleting attribute
on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
root at dc3:~#
samba-tool fsmo transfer --role all -UAdministrator This DC already has the
'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC
already has the 'schema' FSMO role Password for [Example\Administrator]: ERROR:
Failed to delete role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -
<attribute 'fSMORoleOwner': no matching attribute value while deleting attribute
on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
root at dc3:~#
samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role domaindns ERROR: Failed to delete
role 'domaindns': LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098:
Object CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write
property access
> <>
root at dc3:~# samba-tool fsmo transfer --role domaindns -UAdministrator This DC
already has the 'domaindns' FSMO role
root at dc3:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role forestdns ERROR: Failed to delete
role 'forestdns': LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098:
Object CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com has no write
property access
> <>
root at dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator Password
for [Example\Administrator]: ERROR(<type 'exceptions.AttributeError'>): uncaught
exception - 'module' object has no attribute 'drs_utils' File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 520, in run
transfer_dns_role(self.outf, sambaopts, credopts, role, samdb) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 129, in
transfer_dns_role except samba.drs_utils.drsException, e:
root at dc3:~# samba-tool
fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator Password
for [Example\Administrator]: ERROR: Failed to delete role 'forestdns': LDAP
error 16 LDAP_NO_SUCH_ATTRIBUTE - <attribute 'fSMORoleOwner': no matching
attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones
,DC=example,DC=com'> <>
root at dc3:~# samba-tool fsmo transfer --role forestdns
-UAdministrator Password for [Example\Administrator]: ERROR: Failed to delete
role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <attribute
'fSMORoleOwner': no matching attribute value while deleting attribute on
'CN=Infrastructure,DC=ForestDnsZones ,DC=example,DC=com'> <>
root at dc3:~#
samba-tool fsmo transfer --role forestdns -UAdministrator Password for
[Example\Administrator]: ERROR: Failed to delete role 'forestdns': LDAP error 16
LDAP_NO_SUCH_ATTRIBUTE - <attribute 'fSMORoleOwner': no matching attribute
value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones
,DC=example,DC=com'> <>
root at dc3:~# samba-tool fsmo show SchemaMasterRole owner:
CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root at dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator Password
for [Example\Administrator]: ERROR: Failed to delete role 'forestdns': LDAP
error 16 LDAP_NO_SUCH_ATTRIBUTE - <attribute 'fSMORoleOwner': no matching
attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones
,DC=example,DC=com'> <>
root at dc3:~# samba-tool fsmo transfer --role forestdns
-UAdministrator This DC already has the 'forestdns' FSMO role
root at dc3:~#
samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
Thanks,
Mike Ray
More information about the samba
mailing list