Web lists-archives.com

[Samba] Errors transferring forestdns and domaindns FSMO roles




I am attempting to transfer the all FSMO roles from an old DC to our new DC.
Both DCs are running Samba 4.7.3.  I have transferred the Schma,
Infrastructure, RID, PDC and Naming roles without issue.

unfortunately, the forestdns and domaindns roles are giving me grief.

Here is the output of the commands

root@dc1:~# samba-tool fsmo transfer --role=forestdns
ldb_wrap open of secrets.ldb
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
resolve_lmhosts: Attempting lmhosts lookup for name
7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR: Failed to delete role 'forestdns': LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
CN=Infrastructure,DC=ForestDnsZones,DC=tcsbasys,DC=com has no write
property access
> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 111,
in transfer_dns_role
    samdb.modify(m)
root@dc1:~#


root@dc1:~# samba-tool fsmo transfer --role=domaindns
ldb_wrap open of secrets.ldb
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
resolve_lmhosts: Attempting lmhosts lookup for name
7da1efbb-3b68-4249-ab03-e09c3ffc0d1a._msdcs.tcsbasys.com<0x20>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR: Failed to delete role 'domaindns': LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS -  <00002098: Object
CN=Infrastructure,DC=DomainDnsZones,DC=tcsbasys,DC=com has no write
property access
> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 111,
in transfer_dns_role
    samdb.modify(m)
root@dc1:~#


as always, any help you can provide would be immensely appreciated!




-- 
*Taylor Hammerling* |  *IT Manager*
2800 Laura Lane | Middleton, WI 53562
*O *(608) 669-9070 *| C *(608) 512-7849
tcsbasys.com | ubiquistat.com
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba