[Samba] FMSO transfer gone wrong

Denis CARDON dcardon at tranquil.it
Sun Apr 5 18:02:01 UTC 2020 

Hi Arne,

Le 05/04/2020 à 19:47, Arne Zachlod via samba a écrit :
> On 4/5/20 7:14 PM, Rowland penny via samba wrote:
>> On 05/04/2020 17:47, Arne Zachlod via samba wrote:
>>> Hello,
>>>
>>> I'm currently in the process of updating our Samba environment from 
>>> 4.3 to 4.11. Looks like I did something wrong. Some pointers would be 
>>> much appreciated.
>>>
>>> Since I wanted to migrate from Ubuntu to Debian anyway, I decided to 
>>> not upgrade in place, but instead create new VMs, join them and then 
>>> remove the old 4.3 ones. Everything went well until I also wanted to 
>>> transfer FSMO roles to a new VM.
>>>
>>> Since 'samba-tool fsmo transfer --role=all' didn't work, I decided to 
>>> use seize instead. There was no error output other than the expected 
>>> error that the transfer didn't work and I shut the old FSMO master DC 
>>> down.
>>>
>>> So, now nothing really works as expected: the other DCs didn't get 
>>> the memo to change to the new FSMO master DC and I cant find any 
>>> documentation on how to change that by hand.
>>>
>>> Also, drs showrepl request take forever to finish on the now 
>>> disconnected DCs while they just timeout on the FSMO master.
>>
>> Hmm, 4.3.x to 4.11.0, are smbd & winbind running, or is just samba 
>> running ?
> 
> Samba, winbind and smbd are all running.
> 
>>
>> Your new DC could be re-indexing, if so just wait.
> 
> How can I verify this? The Domain isn't very big, sub 100 PCs and 
> roughly the same amount of users, so I expect it shouldn't take very long.

First you should double check your dns configuration (/etc/resolv.conf 
and /etc/krb5.conf). If you are using bind-dlz double check that is it 
really started. In more recent version it does not startup if there is 
on NS record in every zone (which include reverse zones).

For the seize command I think there is a --force option, otherwise it 
starts with a transfer that may timeout first before really sizing the 
roles.

You'll have to do a dbcheck --cross-ncs --fix --yes (after doing 
backup) to fix everything that has been corrected since 4.3.

You may check that you don't have leftover from old DCs in sites and 
services and then force a samba_kcc.

Cheers,

Denis


> 
> Arne
>

More information about the samba mailing list