redundant DNS setup with bind_dlz possible ?
Daniele Dario
d.dario76 at gmail.com
Fri Apr 13 06:07:19 MDT 2012
Hi Andreas,
On Fri, 2012-04-13 at 12:34 +0200, Andreas Oster wrote:
> Am 13.04.2012 08:58, schrieb Daniele Dario:
> > Hi Andreas and Amitay,
> >
> > On Fri, 2012-04-13 at 08:09 +0200, Andreas Oster wrote:
> >> Am 13.04.2012 03:08, schrieb Amitay Isaacs:
> >>> On Fri, Apr 13, 2012 at 3:43 AM, Andreas Oster <aoster at novanetwork.de> wrote:
> >>>>
...
> >
> Hello Daniele,
>
> as you might have seen in my last post I have run into the same demoting
> issue. Did you manage to demote your server in the meanwhile ?
>
> best regards
>
> Andreas
>
I made a little change in
samba/lib//python2.7/site-packages/samba/netcmd/domain.py to show how
many rules are locking the demote operation (and which ones). My python
knowledge is not so deep but changes are on line 250 like:
if len(res) != 0:
- raise CommandError("Current DC is still the owner of %d
role(s), use the role command to transfer roles to another DC"
+ for foundRole in res:
print foundRole.dn
raise CommandError("Current DC is still the owner of %d
role(s), use the role command to transfer roles to another DC" %
len(res))
And it seems that secondary DC is owner of the DNS zones replication
[root at kdc02:~/samba4/samba-master]# samba-tool domain demote -U
administrator
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
CN=Infrastructure,DC=DomainDnsZones,DC=saitelitalia,DC=local
CN=Infrastructure,DC=ForestDnsZones,DC=saitelitalia,DC=local
ERROR: Current DC is still the owner of 2 role(s), use the role command
to transfer roles to another DC
If instead of print foundRole.dn you use just foundRole it shows a very
long message where you can find more things like
'fSMORoleOwner': MessageElement(['CN=NTDS
Settings,CN=KDC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=saitelitalia,DC=local'])
At this point I think there is something wrong because samba-tool fsmo
show doesn't show at all these two roles.
Maybe we can just try to delete them using ldbdel ...?
Daniele.
More information about the samba-technical
mailing list