samba4.3.4: failure attempting to show/transfer/seize DomainDns FSMO role

Daniele Dario d.dario76 at gmail.com
Tue Jan 12 16:38:11 UTC 2016 



On mar, 2016-01-12 at 16:25 +0000, Rowland Penny wrote:
> On 12/01/16 15:06, Daniele Dario wrote:
> > Hi Rowland,
> > happy new year guys
> >
> >
> > On mar, 2016-01-12 at 14:21 +0000, Rowland Penny wrote:
> >> On 12/01/16 13:43, Daniele Dario wrote:
> >>> Hi all,
> >>> I just updated to samba 4.3.4 and before doing it I transferred all FSMO
> >>> roles from kdc01 to kdc02 before start updating it.
> >> What Samba version did you upgrade from?
> >> I ask because before Samba version 4.3.0, fsmo.py only transferred 5 of
> >> the 7 FSMO roles
> >>
> > Yeah, I was upgrading from 4.2.16
> >
> >>> After updated kdc01 I tried to transfer again all roles from kdc02 to
> >>> kdc01 in order to update also kdc02 but I get this error:
> >>>
> >>> [root at kdc01:~]# samba-tool fsmo transfer --role=all
> >>> ldb_wrap open of secrets.ldb
> >>> This DC already has the 'rid' FSMO role
> >>> This DC already has the 'pdc' FSMO role
> >>> This DC already has the 'naming' FSMO role
> >>> This DC already has the 'infrastructure' FSMO role
> >>> This DC already has the 'schema' FSMO role
> >>> ERROR(<type 'exceptions.UnboundLocalError'>): uncaught exception - local
> >>> variable 'master_guid' referenced before assignment
> >>>     File
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> >>> line 175, in _run
> >>>       return self.run(*args, **kwargs)
> >>>     File
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> >>> line 452, in run
> >>>       transfer_dns_role(self.outf, sambaopts, credopts, "domaindns",
> >>> samdb)
> >>>     File
> >>> "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
> >>> line 76, in transfer_dns_role
> >>>       master_dns_name = '%s._msdcs.%s' % (master_guid,
> >>>
> >>> I get something similar also trying to seize the roles or even show
> >>> them.
> >>>
> >>> Guess that I'm missing something inside my dbs even if samba-tool
> >>> dbcheck says everything is ok.
> >>>
> >>> [root at kdc01:~]# ldbsearch -H /usr/local/samba/private/sam.ldb -b
> >>> "CN=Infrastructure,DC=DomainDnsZones,DC=Saitel,DC=loc"
> >>> GENSEC backend 'gssapi_spnego' registered
> >>> GENSEC backend 'gssapi_krb5' registered
> >>> GENSEC backend 'gssapi_krb5_sasl' registered
> >>> GENSEC backend 'spnego' registered
> >>> GENSEC backend 'schannel' registered
> >>> GENSEC backend 'naclrpc_as_system' registered
> >>> GENSEC backend 'sasl-EXTERNAL' registered
> >>> GENSEC backend 'ntlmssp' registered
> >>> GENSEC backend 'http_basic' registered
> >>> GENSEC backend 'http_ntlm' registered
> >>> GENSEC backend 'krb5' registered
> >>> GENSEC backend 'fake_gssapi_krb5' registered
> >>> # record 1
> >>> dn: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
> >>> objectClass: top
> >>> objectClass: infrastructureUpdate
> >>> cn: Infrastructure
> >>> instanceType: 4
> >>> whenCreated: 20120924143109.0Z
> >>> whenChanged: 20150422114545.0Z
> >>> uSNCreated: 5263
> >>> uSNChanged: 5263
> >>> showInAdvancedViewOnly: TRUE
> >>> name: Infrastructure
> >>> objectGUID: 8f2c0c68-c571-4ffd-9413-0bb7384f70d4
> >>> systemFlags: -1946157056
> >>> objectCategory:
> >>> CN=Infrastructure-Update,CN=Schema,CN=Configuration,DC=saitel,
> >>>    DC=loc
> >>> isCriticalSystemObject: TRUE
> >>> distinguishedName: CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc
> >>>
> >>> # returned 1 records
> >>> # 1 entries
> >>> # 0 referrals
> >> It looks you need to add an fsmoroleowner for
> >> 'CN=Infrastructure,DC=DomainDnsZones,DC=saitel,DC=loc'
> >>
> >> Rowland
> >>
> >>> Any idea on how to fix this?
> >>>
> >>> Assuming that even with the fault the 5 roles have been transferred I
> >>> also updated kdc02.
> >>>
> >>> Thanks in advance,
> >>> Daniele.
> >>>
> >>>
> >>
> > How do I add it?
> 
> Try 'samba-tool fsmo seize --force --role=domaindns -U Administrator' on 
> the DC that you want to hold this role (must be >= Samba 4.3.0
> 
> Rowland
> 
> >
> > Just to say, wouldn't be useful to make samba-tool able to add (or ask
> > to add) it directly?
> >
> > Daniele
> >
> 
> 
Already tried :-(

[root at kdc01:~]# samba-tool fsmo seize --force --role=domaindns -U
Administrator
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
element'
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 175, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 352, in run
    versionopts, force)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 302, in seize_dns_role
    master_owner = get_fsmo_roleowner(samdb, m.dn)
  File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/fsmo.py",
line 43, in get_fsmo_roleowner
    master_owner = res[0]["fSMORoleOwner"][0]

Now samba is 4.3.4

Guess that ldbmodify is the only choice but I don't know how to use it.

Can you or someone post an hint?

More information about the samba-technical mailing list