Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Transfer of FSMO roles
657 views
Skip to first unread message
John Gardeniers
Aug 24, 2015, 11:00:03 PM8/24/15
to
I just transferred all the FSMO roles from DC-MIGRATE to DC1:
[root@dc1 ~]# samba-tool fsmo transfer --role=all
FSMO transfer of 'rid' role successful
FSMO transfer of 'pdc' role successful
FSMO transfer of 'naming' role successful
FSMO transfer of 'infrastructure' role successful
FSMO transfer of 'schema' role successful
I then double checked as follows:
[root@dc1 ~]# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
Looks good but when I run this:
[root@dc1 ~]# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
"CN=Infrastructure,DC=DomainDnsZones,DC=omtest,DC=com" -s base fsmoroleowner
# record 1
dn: CN=Infrastructure,DC=DomainDnsZones,DC=omtest,DC=com
fSMORoleOwner: CN=NTDS
Settings,CN=DC-MIGRATE,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
You'll notice that this time it still lists DC-MIGRATE as the role owner
(I didn't bother running this for the other roles). I re-ran the command
again half an hour later, thinking that perhaps this just need a little
time to settle, but got the same results.
Does this indicate a problem that I need to resolve? If so, how do I
resolve it?
Incidentally, the link for " FSMO role management using the Windows GUI" on
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_roles
is broken.
regards,
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
[root@dc1 ~]# samba-tool fsmo transfer --role=all
FSMO transfer of 'rid' role successful
FSMO transfer of 'pdc' role successful
FSMO transfer of 'naming' role successful
FSMO transfer of 'infrastructure' role successful
FSMO transfer of 'schema' role successful
I then double checked as follows:
[root@dc1 ~]# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
SchemaMasterRole owner: CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
Looks good but when I run this:
[root@dc1 ~]# ldbsearch --cross-ncs -H /var/lib/samba/private/sam.ldb -b
"CN=Infrastructure,DC=DomainDnsZones,DC=omtest,DC=com" -s base fsmoroleowner
# record 1
dn: CN=Infrastructure,DC=DomainDnsZones,DC=omtest,DC=com
fSMORoleOwner: CN=NTDS
Settings,CN=DC-MIGRATE,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=omtest,DC=com
You'll notice that this time it still lists DC-MIGRATE as the role owner
(I didn't bother running this for the other roles). I re-ran the command
again half an hour later, thinking that perhaps this just need a little
time to settle, but got the same results.
Does this indicate a problem that I need to resolve? If so, how do I
resolve it?
Incidentally, the link for " FSMO role management using the Windows GUI" on
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_roles
is broken.
regards,
John
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
Aug 25, 2015, 3:00:04 AM8/25/15
to
On 25/08/15 03:46, John Gardeniers wrote:
> I just transferred all the FSMO roles from DC-MIGRATE to DC1:
Unfortunately, no you didn't, if you have read the wiki page, you will
> I just transferred all the FSMO roles from DC-MIGRATE to DC1:
now know there are 7 FSMO roles.
comes out and then upgrade, you will then be able to transfer all 7
roles, or (I never said this) download the latest 4.3.0rc tarball use
the fsmo.py on your machine.
> Incidentally, the link for " FSMO role management using the Windows
> GUI" on
> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_roles
> is broken.
Rowland
Rowland Penny
Aug 26, 2015, 4:30:05 AM8/26/15
to
On 25/08/15 22:44, John Gardeniers wrote:
> Hi Rowland,
>
> Yes, I did move all the roles and , yes, I did read the wiki, which is
> where I learned which commands to run. I moved the other two roles
> separately but as that has absolutely nothing to do with the questions
> I didn't see any great need to mention it.
>
> Just to clarify, the questions I am asking are:
>
> Why is one command showing that the roles have been moved and another
> telling me that they didn't? Which one is correct? How can I make them
> agree? Does it even matter that they don't agree?
>
> I need to remove the original DC, so I'd like to have some level of
> confidence about this.
>
> regards,
> John
You are using a samba4 version less than 4.3.0 and as such 'samba-tool
fsmo' only knows about the 5 main FSMO roles, so it can only show,
transfer or seize these. There are another 2 FSMO roles, the DNS
infrastructure roles, which you are now telling us that you have moved
manually. From samba 4.3.0, 'samba-tool fsmo' will show, transfer and
seize all 7 FSMO roles, from the information, so if you use 'fsmo.py'
from 4.3.0, you should be able to see if all the roles have transferred.
If you don't want to use the latest 'fsmo.py', see here:
https://wiki.samba.org/index.php/Transfering_/_seizing_FSMO_roles
Rowland
> Hi Rowland,
>
> Yes, I did move all the roles and , yes, I did read the wiki, which is
> where I learned which commands to run. I moved the other two roles
> separately but as that has absolutely nothing to do with the questions
> I didn't see any great need to mention it.
>
> Just to clarify, the questions I am asking are:
>
> Why is one command showing that the roles have been moved and another
> telling me that they didn't? Which one is correct? How can I make them
> agree? Does it even matter that they don't agree?
>
> I need to remove the original DC, so I'd like to have some level of
> confidence about this.
>
> regards,
> John
fsmo' only knows about the 5 main FSMO roles, so it can only show,
transfer or seize these. There are another 2 FSMO roles, the DNS
infrastructure roles, which you are now telling us that you have moved
manually. From samba 4.3.0, 'samba-tool fsmo' will show, transfer and
seize all 7 FSMO roles, from the information, so if you use 'fsmo.py'
from 4.3.0, you should be able to see if all the roles have transferred.
If you don't want to use the latest 'fsmo.py', see here:
https://wiki.samba.org/index.php/Transfering_/_seizing_FSMO_roles
Rowland
John Gardeniers
Aug 26, 2015, 5:40:03 PM8/26/15
to
Hi Rowland,
It's all academic now, as the attempt to move the roles and remove the
original DC left both DCs broken, so I have to start again from scratch
and this time I won't start with a DC that I later want to remove.
regards,
John
It's all academic now, as the attempt to move the roles and remove the
original DC left both DCs broken, so I have to start again from scratch
and this time I won't start with a DC that I later want to remove.
regards,
John
0 new messages