[Samba] Fwd: No DNS/Kerberos after DC OS upgrade
Rowland Penny
rpenny at samba.org
Sun Mar 30 08:41:38 UTC 2025
On Sun, 30 Mar 2025 19:30:03 +1100
Nicolas Canonne via samba <samba at lists.samba.org> wrote:
> Le 30/03/2025 à 19:04, Rowland Penny via samba a écrit :
>
> > First, you do not have a 'main' DC, you just have DCs, it is just
> > that one of them holds the FSMO roles.
> >
> > And from what you posted, it doesn't look like DC2 holds any of the
> > FSMO roles, it certainly doesn't hold the PDC_Emulator role.
> >
> > Here is what I suggest you do:
> > Transfer all the FSMO roles to DC2 (seize them if you have to).
> > Demote DC1 and turn it off.
> > Install Debian 12 and use backports.
> > This will get you Samba 4.21.4 , 4.19.5 is EOL from the Samba point
> > of view.
> > Join this as a new DC
> >
> > Rowland
> >
> Rowland,
>
> The problem is that I'm on remote location, doing all things via SSH
You are certainly remote to me, I am on the other side of the planet in
the UK ;-)
>
> So, this Debian12 OS change is not possible before a lot of hours and
> whole AD is off at site
Then replace 'use Debian 12' with 'use Ubuntu' and set up a new DC,
provided that DC2 is working okay, it is your fastest way out of this
problem, using Debian would be a way of getting a Samba supported
version.
>
> it really looks like Kerberos is broken
To me, it looks like everything is broken.
If you must try to fix DC1, then first check that you have all the
Samba packages installed, there were some changes recently.
Rowland
More information about the samba
mailing list