[Samba] forestdns fsmo role transfer fails - module 'samba' has no attribute 'drs_utils'

Roy Eastwood spindles7 at gmail.com
Mon Jul 22 11:00:04 UTC 2019 

Have joined a new DC to an existing AD and am trying to transfer the fsmo
roles to the new DC with a view to retiring the old DC.  The forestdns role
transfer failed with the error:

	ERROR(<class 'AttributeError'>): uncaught exception - module 'samba'
has no attribute 'drs_utils'

all the other roles transferred successfully.   The console output is below:

root at tiger-db:~# samba-tool fsmo transfer --role=all -Uadministrator
FSMO transfer of 'rid' role successful
FSMO transfer of 'pdc' role successful
FSMO transfer of 'naming' role successful
FSMO transfer of 'infrastructure' role successful
FSMO transfer of 'schema' role successful
Password for [MICROLYNX\administrator]:
ERROR(<class 'AttributeError'>): uncaught exception - module 'samba' has no
attribute 'drs_utils'
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/fsmo.py", line 526, in
run
    "domaindns", samdb)
  File "/usr/lib/python3/dist-packages/samba/netcmd/fsmo.py", line 134, in
transfer_dns_role
    except samba.drs_utils.drsException as e:
root at tiger-db:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=TIGER-DB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=microlynx,DC=org
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=TIGER-DB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=microlynx,DC=org
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=TIGER-DB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=microlynx,DC=org
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=TIGER-DB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=microlynx,DC=org
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=TIGER-DB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=microlynx,DC=org
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=TIGER-DB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=microlynx,DC=org
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DEBIAN-VB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
iguration,DC=microlynx,DC=org
root at tiger-db:~#
root at tiger-db:~# samba-tool fsmo transfer --role=forestdns -Uadministrator
Password for [MICROLYNX\administrator]:
ERROR(<class 'AttributeError'>): uncaught exception - module 'samba' has no
attribute 'drs_utils'
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line 185,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/fsmo.py", line 531, in
run
    transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
  File "/usr/lib/python3/dist-packages/samba/netcmd/fsmo.py", line 134, in
transfer_dns_role
    except samba.drs_utils.drsException as e:
root at tiger-db:~#

The operating system on both DCs is Debian Buster, and the samba version is
4.10.6: on the new DC, using Louis' build, the other was self-compiled.  The
old DC (DEBIAN-VB) is running in a VM (VirtualBox) if that is relevant.
The new DC was a member server, but has been removed from the domain, the
samba config files and databases cleaned up and re-configured as a DC and
joined to the domain with the command:

	samba-tool domain join microlynx.org DC -k yes
--dns-backend=BIND9_DLZ

which was successful showing no errors.

smb.conf on the new DC (tiger-db) is:
# Global parameters
[global]
	netbios name = TIGER-DB
	realm = MICROLYNX.ORG
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
	workgroup = MICROLYNX
	# prevent CUPS errors in syslog
	printcap name = /dev/null
	load printers = no

	# add the following two lines for testing - remove for production
	winbind enum users = yes
	winbind enum groups = yes
	log file = /var/log/samba/samba.log
	log level = 1

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

[netlogon]
	path = /var/lib/samba/sysvol/microlynx.org/scripts
	read only = No

I haven't tried to seize the role yet, as I am wondering if I have missed
something.    Please advise.

Thanks,

Roy

More information about the samba mailing list