samba4.3.4: failure attempting to show/transfer/seize DomainDns FSMO role
Daniele Dario
d.dario76 at gmail.com
Tue Jan 12 15:06:57 UTC 2016
Hi Rowland,
happy new year guys
On mar, 2016-01-12 at 14:21 +0000, Rowland Penny wrote:
> On 12/01/16 13:43, Daniele Dario wrote:
> > Hi all,
> > I just updated to samba 4.3.4 and before doing it I transferred all FSMO
> > roles from kdc01 to kdc02 before start updating it.
>
> What Samba version did you upgrade from?
> I ask because before Samba version 4.3.0, fsmo.py only transferred 5 of
> the 7 FSMO roles
>
Yeah, I was upgrading from 4.2.16
> >
> > After updated kdc01 I tried to transfer again all roles from kdc02 to
> > kdc01 in order to update also kdc02 but I get this error:
> >
> > [root at kdc01:~]# samba-tool fsmo transfer --role=all
> > ldb_wrap open of secrets.ldb
> > This DC already has the 'rid' FSMO role
> > This DC already has the 'pdc' FSMO role
> > This DC already has the 'naming' FSMO role
> > This DC already has the 'infrastructure' FSMO role
> > This DC already has the 'schema' FSMO role
> > ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
> > variable 'master_guid' referenced before assignment
> > File
> > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> > line 175, in _run
> > return self.run(*args, **kwargs)
> > File
> > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> > line 452, in run
> > transfer_dns_role(self.outf, sambaopts, credopts, "domaindns",
> > samdb)
> > File
> > "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> > line 76, in transfer_dns_role
> > master_dns_name = '%s._msdcs.%s' % (master_guid,
> >
> > I get something similar also trying to seize the roles or even show
> > them.
> >
> > Guess that I'm missing something inside my dbs even if samba-tool
> > dbcheck says everything is ok.
> >
> > [root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
> > "CN=Infrastructure,DC=DomainDnsZones,DC=Saitel,DC=loc"
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > # record 1
> > dn: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
> > objectClass: top
> > objectClass: infrastructureUpdate
> > cn: Infrastructure
> > instanceType: 4
> > whenCreated: 20120924143109.0Z
> > whenChanged: 20150422114545.0Z
> > uSNCreated: 5263
> > uSNChanged: 5263
> > showInAdvancedViewOnly: TRUE
> > name: Infrastructure
> > objectGUID: 8f2c0c68-c571-4ffd-9413-0bb7384f70d4
> > systemFlags: -1946157056
> > objectCategory:
> > CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=saitel,
> > DC=loc
> > isCriticalSystemObject: TRUE
> > distinguishedName: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
> >
> > # returned 1 records
> > # 1 entries
> > # 0 referrals
>
> It looks you need to add an fsmoroleowner for
> 'CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc'
>
> Rowland
>
> > Any idea on how to fix this?
> >
> > Assuming that even with the fault the 5 roles have been transferred I
> > also updated kdc02.
> >
> > Thanks in advance,
> > Daniele.
> >
> >
>
>
How do I add it?
Just to say, wouldn't be useful to make samba-tool able to add (or ask
to add) it directly?
Daniele
More information about the samba-technical
mailing list