[Samba] Fwd: No DNS/Kerberos after DC OS upgrade

[Nicolas Canonne]

Le 30/03/2025 à 19:41, Rowland Penny via samba a écrit :
> On Sun, 30 Mar 2025 19:30:03 +1100
> Nicolas Canonne via samba <samba at lists.samba.org> wrote:
>
>> Le 30/03/2025 à 19:04, Rowland Penny via samba a écrit :
>>
>>> First, you do not have a 'main' DC, you just have DCs, it is just
>>> that one of them holds the FSMO roles.
>>>
>>> And from what you posted, it doesn't look like DC2 holds any of the
>>> FSMO roles, it certainly doesn't hold the PDC_Emulator role.
>>>
>>> Here is what I suggest you do:
>>> Transfer all the FSMO roles to DC2 (seize them if you have to).
>>> Demote DC1 and turn it off.
>>> Install Debian 12 and use backports.
>>> This will get you Samba 4.21.4 , 4.19.5 is EOL from the Samba point
>>> of view.
>>> Join this as a new DC
>>>
>>> Rowland
>>>
>> Rowland,
>>
>> The problem is that I'm on remote location, doing all things via SSH
> You are certainly remote to me, I am on the other side of the planet in
> the UK ;-)
>
>> So, this Debian12 OS change is not possible before a lot of hours and
>> whole AD is off at site
> Then replace 'use Debian 12' with 'use Ubuntu' and set up a new DC,
> provided that DC2 is working okay, it is your fastest way out of this
> problem, using Debian would be a way of getting a Samba supported
> version.
>
>> it really looks like Kerberos is broken
> To me, it looks like everything is broken.
> If you must try to fix DC1, then first check that you have all the
> Samba packages installed, there were some changes recently.
>
> Rowland
>
Not sure about how I done it (will check logs later : nearly midnight 
there, around 12H fight) : no FSMO move

DC2 is alive and responding to clients

FS1 serves files

Every user will be happy tomorrow (with a strange 1 leg working AD)

Installed some crypto renamed packages on DC2, setup entries in 
/etc/hosts on FS1 and edited dhcpd.conf on gateway

Thanks Rowland for the help and happy sunday to you (mine is over)

Nicolas