[Samba] Magically disappearing errors during FSMO transfer

Mike Ray mray at xes-inc.com
Thu Oct 5 20:32:38 UTC 2017


----- On Oct 5, 2017, at 2:55 PM, samba samba at lists.samba.org wrote:

> The problem is that you need to Authenticate to transfer the domaindns
> and forestdns FSMO roles, this means you also need to authenticate if
> you transfer 'all' the FSMO roles.
> 
> If 'samba-tool fsmo show is now displaying the correct owners and
> everything is working correctly, you are probably going to be okay.
> 
> I will look into refusing to do anything if 'all' or 'domaindns' or
> 'forestdns' roles are selected without using authentication.
> 
> Rowland


Sorry about the message, I did not split it well. I've included some of the last 
lines below in a more readable format:

> root at dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator
> Password for [Example\Administrator]:
> ERROR: Failed to delete role> 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute> 'fSMORoleOwner': no matching attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com'> <>
> root at dc3:~# samba-tool fsmo transfer --role forestdns> -UAdministrator
> This DC already has the 'forestdns' FSMO role

I did do some authenticating, but still saw some errors. Any explanation for
this?


Also, do you have any insight into the "Failed FSMO transfer:
NT_STATUS_IO_TIMEOUT" errors?
These popped up on like the "pdc" role, so authentication shouldn't have been an
issue here.



More information about the samba mailing list