[Samba] transferring fsmo

Andrew Bartlett abartlet at samba.org
Wed Dec 16 19:49:34 UTC 2020


A patch catching that specific error and printing some advise would be
accepted (particularly if it includes a test).

Andrew Bartlett

On Wed, 2020-12-16 at 20:01 +0100, Joachim Lindenberg via samba wrote:
> Actually I googled and I remember I used this before..
> Wouldn´t it make sense to either prompt for a user with sufficient
> rights or improve the wording to - are you domain admin?
> With -UAdministrator worked 😊
> Thanks, Joachim
> 
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland
> penny via samba
> Gesendet: Wednesday, 16 December 2020 19:56
> An: samba at lists.samba.org
> Betreff: Re: [Samba] transferring fsmo
> 
> On 16/12/2020 18:46, Joachim Lindenberg via samba wrote:
> > Hello,
> > 
> > I just tried to transfer all fsmo roles by
> > 
> > samba-tool fsmo transfer --role=all
> > 
> > and got:
> > 
> > FSMO transfer of 'rid' role successful
> > 
> > FSMO transfer of 'pdc' role successful
> > 
> > FSMO transfer of 'naming' role successful
> > 
> > FSMO transfer of 'infrastructure' role successful
> > 
> > FSMO transfer of 'schema' role successful
> > 
> > ERROR: Failed to add role 'domaindns': LDAP error 50 
> > LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object 
> > CN=Infrastructure,DC=DomainDnsZones,DC=samba,DC=lindenberg,DC=one
> > has 
> > no write property access
> > 
> I take it that you didn't run 'samba-tool fsmo transfer --help' where
> it shows (amongst others) this:
> 
>    --role=ROLE           The FSMO role to seize or transfer.
>                          rid=RidAllocationMasterRole
> schema=SchemaMasterRole
>                          pdc=PdcEmulationMasterRole
>                          naming=DomainNamingMasterRole
>                          infrastructure=InfrastructureMasterRole
>                          domaindns=DomainDnsZonesMasterRole
>                          forestdns=ForestDnsZonesMasterRole all=all
> of the
>                          above  You must provide an Admin user and
> password.
> 
> Try reading the last line 😂
> 
> It only really applies to the dns roles.
> 
> Rowland
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba





More information about the samba mailing list