[Samba] Magically disappearing errors during FSMO transfer

Rowland Penny rpenny at samba.org
Thu Oct 5 21:32:37 UTC 2017 

On Thu, 5 Oct 2017 15:32:38 -0500 (CDT)
Mike Ray via samba <samba at lists.samba.org> wrote:

> ----- On Oct 5, 2017, at 2:55 PM, samba samba at lists.samba.org wrote:
> 
> > The problem is that you need to Authenticate to transfer the
> > domaindns and forestdns FSMO roles, this means you also need to
> > authenticate if you transfer 'all' the FSMO roles.
> > 
> > If 'samba-tool fsmo show is now displaying the correct owners and
> > everything is working correctly, you are probably going to be okay.
> > 
> > I will look into refusing to do anything if 'all' or 'domaindns' or
> > 'forestdns' roles are selected without using authentication.
> > 
> > Rowland
> 
> 
> Sorry about the message, I did not split it well. I've included some
> of the last lines below in a more readable format:
> 
> > root at dc3:~# samba-tool fsmo transfer --role forestdns
> > -UAdministrator Password for [Example\Administrator]:
> > ERROR: Failed to delete role> 'forestdns': LDAP error 16
> > LDAP_NO_SUCH_ATTRIBUTE -  <attribute> 'fSMORoleOwner': no matching
> > attribute value while deleting attribute on
> > 'CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com'> <>
> > root at dc3:~# samba-tool fsmo transfer --role forestdns>
> > -UAdministrator This DC already has the 'forestdns' FSMO role
> 
> I did do some authenticating, but still saw some errors. Any
> explanation for this?

Not really, I think it just got confused, but as I said the two dns
roles need authentication. this is because the code that transfers them
is very different.
> 
> 
> Also, do you have any insight into the "Failed FSMO transfer:
> NT_STATUS_IO_TIMEOUT" errors?
> These popped up on like the "pdc" role, so authentication shouldn't
> have been an issue here.
> 

Again, I think that because you initially tried without authentication,
this did something and the later attempts didn't like it.

As I said, if everything is working correctly now and the FSMO roles
are being shown as belonging to the DCs they should be, then there
shouldn't be anything to worry about.

Rowland

More information about the samba mailing list