[Samba] Demoting and remoting a DC with same hostname.
- Date: Sat, 24 Jun 2017 14:14:38 +0200
- From: Prunk Dump via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Demoting and remoting a DC with same hostname.
Hello samba team !
As you know
during the upgrade from Debian Jessie to Debian Stretch all my three
DCs have lost their machine password. Or something is corrupted in the
machine password database. So the DRS stopped working.
To try to repair safely the issue I have virtualised the three
machines. Here what I have tried :
-> the "chgtdcpass" script works well on the DC with all the FSMO
rôles. The "samba-tools" commands using machine password works.
-> the "chgtdcpass" script work on one DC (it reconnect the DRS) but
not on the other... I don't know why. All the kerberos command works
or fail depending of the KDC used.
So I think that the best thing to do is to demote and remote the two
DCs without FSMO roles. This works with the three virtual machines but
I don't know what's can happen with all my other Linux and Windows
If someone can give me some tips.
("fichdc" is the DC owning all the FSMO roles, "fichds01" and
"fichds02" are DCs not owning any FSMO role)
1) As DRS does not works, to demote "fichds01" for example I need to :
-> on "fichds01" : disable Samba
-> on "fichdc" : demote "fichds01" with the "--remove-other-dead-server" option.
But I don't want to reinstall completely "fichds01". Hown can I
"clean" the bad samba database stored on "fichds01" ?
2) Next I plan to remote "fichds01" with the same "hostname" as this :
-> on "fichds01" : domain join
-> on "fichdc" : check DNS entries
-> on "fichds01" start samba
Is there a risk to keep the same hostname as fichds01 have a fixed IP address ?
3) As I only have samba DCs. Does I need to raise the domain level of
the (domain/forest) to 2008_R2 ?
Actually my current level is "server 2003".
4) At start I need to launch "chtdcpass" on fichdc. Does I need to
launch "chkrgtgtpass" before ? Before or after rising the domain level
Thanks very much if someone can help me !!!
To unsubscribe from this list go to the following URL and read the