[Samba] problems with sysvol after fsmo transfer

Thu Jan 12 14:57:45 UTC 2023

Am 12.01.23 um 14:03 schrieb Rowland Penny via samba:
> On 12/01/2023 12:51, Rowland Penny via samba wrote:
>> On 12/01/2023 12:28, Thorsten Marquardt via samba wrote:
>>> srv-kb-dc1:~ # klist
>>> Ticket cache: DIR::/run/user/0/krb5cc/tkt
>> What OS is this ?

the old host:

srv-kb-primdc:~ # cat /etc/os-release
NAME="openSUSE Leap"
VERSION="42.3"
ID=opensuse
ID_LIKE="suse"
VERSION_ID="42.3"
PRETTY_NAME="openSUSE Leap 42.3"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:42.3"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
srv-kb-primdc:~ # uname -a
Linux srv-kb-primdc 4.4.76-1-default #1 SMP Fri Jul 14 08:48:13 UTC 2017 
(9a2885c) x86_64 x86_64 x86_64 GNU/Linux
srv-kb-primdc:~ # smbd -V
Version 4.7.4 # (build from sources years ago)

and the new one:

srv-kb-dc1:~ # cat /etc/os-release
NAME="openSUSE Leap"
VERSION="15.0"
ID="opensuse-leap"
ID_LIKE="suse opensuse"
VERSION_ID="15.0"
PRETTY_NAME="openSUSE Leap 15.0"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:leap:15.0"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
srv-kb-dc1:~ # uname -a
Linux srv-kb-dc1 4.12.14-lp150.12.82-default #1 SMP Tue Nov 12 16:32:38 
UTC 2019 (c939e24) x86_64 x86_64 x86_64 GNU/Linux
srv-kb-dc1:~ # smbd -V
Version 4.7.11-git.186.d75219614c3lp150.3.18.2-SUSE-oS15.0-x86_64

I know these os's are realy outdated and want to lift them up to the 
current versions. But I fear to make to big leaps with samba. That's why 
I set up the new host with the old release. I was afraid that something 
is breaking my domain if I use the latest openSUSE Leap 15.4 (I don't 
know what samba is packed along with it but it's 4.15.x afair) on the 
new host and have both samba versions mixed in the same domain as domain 
controllers.

>>> Default principal:administrator at MY.LOCAL.DOM
>>>
>>> Valid starting       Expires              Service principal
>>> 12.01.2023 12:57:56  12.01.2023 22:57:56krbtgt/MY.LOCAL.DOM at MY.LOCAL.DOM
>>>           renew until 13.01.2023 12:57:54
>>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=rid -k yes
>>> FSMO transfer of 'rid' role successful
>>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=pdc -k yes
>>> FSMO transfer of 'pdc' role successful
>>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=naming -k yes
>>> FSMO transfer of 'naming' role successful
>>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=infrastructure -k yes
>>> FSMO transfer of 'infrastructure' role successful
>>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=schema -k yes
>>> FSMO transfer of 'schema' role successful
>>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=domaindns -k yes
>>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception -
>>> 'module' object has no attribute 'drs_utils'
>> That is something different, you appear to be missing a python module
>> and I haven't seen that for a few years, what version of Samba is this?
>>
>>>     File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> And then after my last post I noticed something I missed before.
> Whatever version of Samba is in use, it is that old it is still using
> python 2
>
> Okay, find a file called 'fsmo.py' and open it in your favourite editor.
> Scroll down to the line 'from samba.auth import system_session', beneath
> that line, add a new line:
>
> import samba.drs_utils
>
> Close and save the file.
>
> Your error should now go away.
>
> Rowland

Things work very much better now. Transfering the roles step by step ( 
--role=[rid|pdc|infrastructure|schema|naming|domaindns|forestdns] ) 
works fine. I didn't try to use --role=all --- gebranntes Kind scheut's 
Feuer - as we say in german ;-).

And finally I got it (hopefully). I stopped the firewall on the new host 
and my problems seem to vanish....
I will stop samba on the old host tomorrow and see whether problems pop 
up. If not, I'll demote the old host and upgrade the new one step by 
step. Or are there objections?

Thank you very much for all your efforts.