Magically disappearing errors during FSMO transfer

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Magically disappearing errors during FSMO transfer

Samba - General mailing list
Recently tried transferring roles from Samba 4.3.11 to Samba 4.7.0. Ultimately,
both dcs agreed that the 4.7.0 dc (dc3) had all the roles and replication and
the databases were in good shape. However, during the process, I got a lot of
errors that seemed to magically disappear.

Should I be worried?

root@dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo s^C
root@dc3:~# samba-tool fsmo transfer --role all
FSMO transfer of 'rid' role successful ERROR: Transfer of 'pdc' role failed:
Failed FSMO transfer: NT_STATUS_IO_TIMEOUT
root@dc3:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role all This DC already has the 'rid'
FSMO role This DC already has the 'pdc' FSMO role FSMO transfer of 'naming' role
successful ERROR: Transfer of 'infrastructure' role failed: Failed FSMO
transfer: NT_STATUS_IO_TIMEOUT
root@dc3:~# samba-tool fsmo show SchemaMasterRole
owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role all This DC already has the 'rid'
FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role FSMO
transfer of 'schema' role successful ERROR: Failed to delete role 'domaindns':
LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write property
access
> <>
root@dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role all This DC already has the 'rid'
FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC
already has the 'schema' FSMO role ERROR: Failed to delete role 'domaindns':
LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write property
access
> <>
root@dc3:~# samba-tool fsmo transfer --role all -UAdministrator This DC already
has the 'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already
has the 'naming' FSMO role This DC already has the 'infrastructure' FSMO role
This DC already has the 'schema' FSMO role Password for [Example\Administrator]:
ERROR(<type 'exceptions.AttributeError'>): uncaught exception - 'module' object
has no attribute 'drs_utils' File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 515, in run
"domaindns", samdb) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 129, in
transfer_dns_role except samba.drs_utils.drsException, e:
root@dc3:~# samba-tool
fsmo transfer --role all -UAdministrator This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role This DC already has the 'naming' FSMO
role This DC already has the 'infrastructure' FSMO role This DC already has the
'schema' FSMO role Password for [Example\Administrator]: ERROR: Failed to delete
role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute
'fSMORoleOwner': no matching attribute value while deleting attribute on
'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
root@dc3:~#
samba-tool fsmo transfer --role all -UAdministrator This DC already has the
'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC
already has the 'schema' FSMO role Password for [Example\Administrator]: ERROR:
Failed to delete role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -
<attribute 'fSMORoleOwner': no matching attribute value while deleting attribute
on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
root@dc3:~#
samba-tool fsmo transfer --role all -UAdministrator This DC already has the
'rid' FSMO role This DC already has the 'pdc' FSMO role This DC already has the
'naming' FSMO role This DC already has the 'infrastructure' FSMO role This DC
already has the 'schema' FSMO role Password for [Example\Administrator]: ERROR:
Failed to delete role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -
<attribute 'fSMORoleOwner': no matching attribute value while deleting attribute
on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
root@dc3:~#
samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role domaindns ERROR: Failed to delete
role 'domaindns': LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098:
Object CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write
property access
> <>
root@dc3:~# samba-tool fsmo transfer --role domaindns -UAdministrator This DC
already has the 'domaindns' FSMO role
root@dc3:~# samba-tool fsmo show
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role forestdns ERROR: Failed to delete
role 'forestdns': LDAP error 50 LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098:
Object CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com has no write
property access
> <>
root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator Password
for [Example\Administrator]: ERROR(<type 'exceptions.AttributeError'>): uncaught
exception - 'module' object has no attribute 'drs_utils' File
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
return self.run(*args, **kwargs) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 520, in run
transfer_dns_role(self.outf, sambaopts, credopts, role, samdb) File
"/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 129, in
transfer_dns_role except samba.drs_utils.drsException, e:
root@dc3:~# samba-tool
fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator Password
for [Example\Administrator]: ERROR: Failed to delete role 'forestdns': LDAP
error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute 'fSMORoleOwner': no matching
attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones
,DC=example,DC=com'> <>
root@dc3:~# samba-tool fsmo transfer --role forestdns
-UAdministrator Password for [Example\Administrator]: ERROR: Failed to delete
role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute
'fSMORoleOwner': no matching attribute value while deleting attribute on
'CN=Infrastructure,DC=ForestDnsZones ,DC=example,DC=com'> <>
root@dc3:~#
samba-tool fsmo transfer --role forestdns -UAdministrator Password for
[Example\Administrator]: ERROR: Failed to delete role 'forestdns': LDAP error 16
LDAP_NO_SUCH_ATTRIBUTE -  <attribute 'fSMORoleOwner': no matching attribute
value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones
,DC=example,DC=com'> <>
root@dc3:~# samba-tool fsmo show SchemaMasterRole owner:
CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator Password
for [Example\Administrator]: ERROR: Failed to delete role 'forestdns': LDAP
error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute 'fSMORoleOwner': no matching
attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones
,DC=example,DC=com'> <>
root@dc3:~# samba-tool fsmo transfer --role forestdns
-UAdministrator This DC already has the 'forestdns' FSMO role
root@dc3:~#
samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
DomainDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
ForestDnsZonesMasterRole owner: CN=NTDS
Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com

Thanks,

Mike Ray

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Magically disappearing errors during FSMO transfer

Samba - General mailing list
On Thu, 5 Oct 2017 14:14:56 -0500 (CDT)
Mike Ray via samba <[hidden email]> wrote:

> Recently tried transferring roles from Samba 4.3.11 to Samba 4.7.0.
> Ultimately, both dcs agreed that the 4.7.0 dc (dc3) had all the roles
> and replication and the databases were in good shape. However, during
> the process, I got a lot of errors that seemed to magically
> disappear.
>
> Should I be worried?
>
> root@dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo s^C
> root@dc3:~# samba-tool fsmo transfer --role all
> FSMO transfer of 'rid' role successful ERROR: Transfer of 'pdc' role
> failed: Failed FSMO transfer: NT_STATUS_IO_TIMEOUT
> root@dc3:~# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role all This DC already has
> the 'rid' FSMO role This DC already has the 'pdc' FSMO role FSMO
> transfer of 'naming' role successful ERROR: Transfer of
> 'infrastructure' role failed: Failed FSMO transfer:
> NT_STATUS_IO_TIMEOUT root@dc3:~# samba-tool fsmo show SchemaMasterRole
> owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role all This DC already has
> the 'rid' FSMO role This DC already has the 'pdc' FSMO role This DC
> already has the 'naming' FSMO role This DC already has the
> 'infrastructure' FSMO role FSMO transfer of 'schema' role successful
> ERROR: Failed to delete role 'domaindns': LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
> CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write
> property access
> > <>
> root@dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role all This DC already has
> the 'rid' FSMO role This DC already has the 'pdc' FSMO role This DC
> already has the 'naming' FSMO role This DC already has the
> 'infrastructure' FSMO role This DC already has the 'schema' FSMO role
> ERROR: Failed to delete role 'domaindns': LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
> CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write
> property access
> > <>
> root@dc3:~# samba-tool fsmo transfer --role all -UAdministrator This
> DC already has the 'rid' FSMO role This DC already has the 'pdc' FSMO
> role This DC already has the 'naming' FSMO role This DC already has
> the 'infrastructure' FSMO role This DC already has the 'schema' FSMO
> role Password for [Example\Administrator]: ERROR(<type
> 'exceptions.AttributeError'>): uncaught exception - 'module' object
> has no attribute 'drs_utils' File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run return self.run(*args, **kwargs) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 515, in
> run "domaindns", samdb) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 129, in
> transfer_dns_role except samba.drs_utils.drsException, e: root@dc3:~#
> samba-tool fsmo transfer --role all -UAdministrator This DC already
> has the 'rid' FSMO role This DC already has the 'pdc' FSMO role This
> DC already has the 'naming' FSMO role This DC already has the
> 'infrastructure' FSMO role This DC already has the 'schema' FSMO role
> Password for [Example\Administrator]: ERROR: Failed to delete role
> 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute
> 'fSMORoleOwner': no matching attribute value while deleting attribute
> on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo transfer --role all -UAdministrator This
> DC already has the 'rid' FSMO role This DC already has the 'pdc' FSMO
> role This DC already has the 'naming' FSMO role This DC already has
> the 'infrastructure' FSMO role This DC already has the 'schema' FSMO
> role Password for [Example\Administrator]: ERROR: Failed to delete
> role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <attribute
> 'fSMORoleOwner': no matching attribute value while deleting attribute
> on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo transfer --role all -UAdministrator This
> DC already has the 'rid' FSMO role This DC already has the 'pdc' FSMO
> role This DC already has the 'naming' FSMO role This DC already has
> the 'infrastructure' FSMO role This DC already has the 'schema' FSMO
> role Password for [Example\Administrator]: ERROR: Failed to delete
> role 'domaindns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE - <attribute
> 'fSMORoleOwner': no matching attribute value while deleting attribute
> on 'CN=Infrastructure,DC=DomainDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role domaindns ERROR: Failed
> to delete role 'domaindns': LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
> CN=Infrastructure,DC=DomainDnsZones,DC=example,DC=com has no write
> property access
> > <>
> root@dc3:~# samba-tool fsmo transfer --role domaindns -UAdministrator
> This DC already has the 'domaindns' FSMO role
> root@dc3:~# samba-tool fsmo show
> SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role forestdns ERROR: Failed
> to delete role 'forestdns': LDAP error 50
> LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
> CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com has no write
> property access
> > <>
> root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator
> Password for [Example\Administrator]: ERROR(<type
> 'exceptions.AttributeError'>): uncaught exception - 'module' object
> has no attribute 'drs_utils' File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> 176, in _run return self.run(*args, **kwargs) File
> "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 520, in
> run transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
> File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line
> 129, in transfer_dns_role except samba.drs_utils.drsException, e:
> root@dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator
> Password for [Example\Administrator]: ERROR: Failed to delete role
> 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute
> 'fSMORoleOwner': no matching attribute value while deleting attribute
> on 'CN=Infrastructure,DC=ForestDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo transfer --role forestdns
> -UAdministrator Password for [Example\Administrator]: ERROR: Failed
> to delete role 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -
> <attribute 'fSMORoleOwner': no matching attribute value while
> deleting attribute on
> 'CN=Infrastructure,DC=ForestDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator
> Password for [Example\Administrator]: ERROR: Failed to delete role
> 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute
> 'fSMORoleOwner': no matching attribute value while deleting attribute
> on 'CN=Infrastructure,DC=ForestDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo show SchemaMasterRole owner:
> CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC0,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator
> Password for [Example\Administrator]: ERROR: Failed to delete role
> 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute
> 'fSMORoleOwner': no matching attribute value while deleting attribute
> on 'CN=Infrastructure,DC=ForestDnsZones ,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo transfer --role forestdns
> -UAdministrator This DC already has the 'forestdns' FSMO role
> root@dc3:~#
> samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> InfrastructureMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> RidAllocationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> PdcEmulationMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainNamingMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> DomainDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
> ForestDnsZonesMasterRole owner: CN=NTDS
> Settings,CN=DC3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com
>
> Thanks,
>
> Mike Ray
>

The problem is that you need to Authenticate to transfer the domaindns
and forestdns FSMO roles, this means you also need to authenticate if
you transfer 'all' the FSMO roles.

If 'samba-tool fsmo show is now displaying the correct owners and
everything is working correctly, you are probably going to be okay.

I will look into refusing to do anything if 'all' or 'domaindns' or
'forestdns' roles are selected without using authentication.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Magically disappearing errors during FSMO transfer

Samba - General mailing list
----- On Oct 5, 2017, at 2:55 PM, samba [hidden email] wrote:

> The problem is that you need to Authenticate to transfer the domaindns
> and forestdns FSMO roles, this means you also need to authenticate if
> you transfer 'all' the FSMO roles.
>
> If 'samba-tool fsmo show is now displaying the correct owners and
> everything is working correctly, you are probably going to be okay.
>
> I will look into refusing to do anything if 'all' or 'domaindns' or
> 'forestdns' roles are selected without using authentication.
>
> Rowland


Sorry about the message, I did not split it well. I've included some of the last
lines below in a more readable format:

> root@dc3:~# samba-tool fsmo transfer --role forestdns -UAdministrator
> Password for [Example\Administrator]:
> ERROR: Failed to delete role> 'forestdns': LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -  <attribute> 'fSMORoleOwner': no matching attribute value while deleting attribute on 'CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com'> <>
> root@dc3:~# samba-tool fsmo transfer --role forestdns> -UAdministrator
> This DC already has the 'forestdns' FSMO role

I did do some authenticating, but still saw some errors. Any explanation for
this?


Also, do you have any insight into the "Failed FSMO transfer:
NT_STATUS_IO_TIMEOUT" errors?
These popped up on like the "pdc" role, so authentication shouldn't have been an
issue here.

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
Reply | Threaded
Open this post in threaded view
|

Re: Magically disappearing errors during FSMO transfer

Samba - General mailing list
On Thu, 5 Oct 2017 15:32:38 -0500 (CDT)
Mike Ray via samba <[hidden email]> wrote:

> ----- On Oct 5, 2017, at 2:55 PM, samba [hidden email] wrote:
>
> > The problem is that you need to Authenticate to transfer the
> > domaindns and forestdns FSMO roles, this means you also need to
> > authenticate if you transfer 'all' the FSMO roles.
> >
> > If 'samba-tool fsmo show is now displaying the correct owners and
> > everything is working correctly, you are probably going to be okay.
> >
> > I will look into refusing to do anything if 'all' or 'domaindns' or
> > 'forestdns' roles are selected without using authentication.
> >
> > Rowland
>
>
> Sorry about the message, I did not split it well. I've included some
> of the last lines below in a more readable format:
>
> > root@dc3:~# samba-tool fsmo transfer --role forestdns
> > -UAdministrator Password for [Example\Administrator]:
> > ERROR: Failed to delete role> 'forestdns': LDAP error 16
> > LDAP_NO_SUCH_ATTRIBUTE -  <attribute> 'fSMORoleOwner': no matching
> > attribute value while deleting attribute on
> > 'CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com'> <>
> > root@dc3:~# samba-tool fsmo transfer --role forestdns>
> > -UAdministrator This DC already has the 'forestdns' FSMO role
>
> I did do some authenticating, but still saw some errors. Any
> explanation for this?

Not really, I think it just got confused, but as I said the two dns
roles need authentication. this is because the code that transfers them
is very different.
>
>
> Also, do you have any insight into the "Failed FSMO transfer:
> NT_STATUS_IO_TIMEOUT" errors?
> These popped up on like the "pdc" role, so authentication shouldn't
> have been an issue here.
>

Again, I think that because you initially tried without authentication,
this did something and the later attempts didn't like it.

As I said, if everything is working correctly now and the FSMO roles
are being shown as belonging to the DCs they should be, then there
shouldn't be anything to worry about.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba