Web lists-archives.com

Re: [Samba] Magically disappearing errors during FSMO transfer




On Thu, 5 Oct 2017 15:32:38 -0500 (CDT)
Mike Ray via samba <samba@xxxxxxxxxxxxxxx> wrote:

> ----- On Oct 5, 2017, at 2:55 PM, samba samba@xxxxxxxxxxxxxxx wrote:
> 
> > The problem is that you need to Authenticate to transfer the
> > domaindns and forestdns FSMO roles, this means you also need to
> > authenticate if you transfer 'all' the FSMO roles.
> > 
> > If 'samba-tool fsmo show is now displaying the correct owners and
> > everything is working correctly, you are probably going to be okay.
> > 
> > I will look into refusing to do anything if 'all' or 'domaindns' or
> > 'forestdns' roles are selected without using authentication.
> > 
> > Rowland
> 
> 
> Sorry about the message, I did not split it well. I've included some
> of the last lines below in a more readable format:
> 
> > root@dc3:~# samba-tool fsmo transfer --role forestdns
> > -UAdministrator Password for [Example\Administrator]:
> > ERROR: Failed to delete role> 'forestdns': LDAP error 16
> > LDAP_NO_SUCH_ATTRIBUTE -  <attribute> 'fSMORoleOwner': no matching
> > attribute value while deleting attribute on
> > 'CN=Infrastructure,DC=ForestDnsZones,DC=example,DC=com'> <>
> > root@dc3:~# samba-tool fsmo transfer --role forestdns>
> > -UAdministrator This DC already has the 'forestdns' FSMO role
> 
> I did do some authenticating, but still saw some errors. Any
> explanation for this?

Not really, I think it just got confused, but as I said the two dns
roles need authentication. this is because the code that transfers them
is very different.
> 
> 
> Also, do you have any insight into the "Failed FSMO transfer:
> NT_STATUS_IO_TIMEOUT" errors?
> These popped up on like the "pdc" role, so authentication shouldn't
> have been an issue here.
> 

Again, I think that because you initially tried without authentication,
this did something and the later attempts didn't like it.

As I said, if everything is working correctly now and the FSMO roles
are being shown as belonging to the DCs they should be, then there
shouldn't be anything to worry about.

Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba