mourik jan heupink - merit
2014-Jul-22 14:44 UTC
[Samba] another demoting that doesn't work
Hi, I have searched here, and noticed some discussion lately on problems demoting a dc. In my case, all roles are on DC2, and DC1 & DC3 know that: root at DC1:/var/log/samba# samba-tool fsmo show InfrastructureMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com RidAllocationMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com PdcEmulationMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com DomainNamingMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com SchemaMasterRole owner: CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com root at DC1:/var/log/samba# and yet, demoting DC1 gives: root at DC1:/var/log/samba# samba-tool domain demote -Uadministrator ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC root at DC1:/var/log/samba# It seems there have been two threads lately on this same subject (by Fernando Rodriguez and Petr MOTEJLEK). Could it be that there is a problem in samba itself? In both threads, two roles remained on the to-be-demoted DC. Seems a bit too coincidental, doesn't it? MJ
Am 22.07.2014 16:44, schrieb mourik jan heupink - merit:> root at DC1:/var/log/samba# samba-tool domain demote -Uadministrator > ERROR: Current DC is still the owner of 2 role(s), use the role command > to transfer roles to another DC > root at DC1:/var/log/samba# > > It seems there have been two threads lately on this same subject (by > Fernando Rodriguez and Petr MOTEJLEK). Could it be that there is a > problem in samba itself? > > In both threads, two roles remained on the to-be-demoted DC. Seems a bit > too coincidental, doesn't it?I reproduced this with 4.1.8. Please file a bug report, to get this fixed soon. Thanks. Regards, Marc
Hello, Yes, could be a problem on samba itself. as suggested by Marc Muehlfeld i filled a samba bug report. Let see what it goes :) In the other hand, right now I dont know if my domain has still "trash" from the old DC that i am afraid it could affect in the future (Marc points me to that topic too.) Thank you everybody! Fernando On 22/07/2014 16:44, mourik jan heupink - merit wrote:> Hi, > > I have searched here, and noticed some discussion lately on problems > demoting a dc. In my case, all roles are on DC2, and DC1 & DC3 know that: > > root at DC1:/var/log/samba# samba-tool fsmo show > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > root at DC1:/var/log/samba# > > and yet, demoting DC1 gives: > > root at DC1:/var/log/samba# samba-tool domain demote -Uadministrator > ERROR: Current DC is still the owner of 2 role(s), use the role command > to transfer roles to another DC > root at DC1:/var/log/samba# > > It seems there have been two threads lately on this same subject (by > Fernando Rodriguez and Petr MOTEJLEK). Could it be that there is a > problem in samba itself? > > In both threads, two roles remained on the to-be-demoted DC. Seems a bit > too coincidental, doesn't it? > > MJ--- Este mensaje no contiene virus ni malware porque la protecci?n de avast! Antivirus est? activa. http://www.avast.com
Hello, Yes, could be a problem on samba itself. as suggested by Marc Muehlfeld i filled a samba bug report. Let see what it goes :) In the other hand, right now I dont know if my domain has still "trash" from the old DC that i am afraid it could affect in the future (Marc points me to that topic too.) Thank you everybody! Fernando On 22/07/2014 16:44, mourik jan heupink - merit wrote:> Hi, > > I have searched here, and noticed some discussion lately on problems > demoting a dc. In my case, all roles are on DC2, and DC1 & DC3 know that: > > root at DC1:/var/log/samba# samba-tool fsmo show > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba,DC=company,DC=com > > root at DC1:/var/log/samba# > > and yet, demoting DC1 gives: > > root at DC1:/var/log/samba# samba-tool domain demote -Uadministrator > ERROR: Current DC is still the owner of 2 role(s), use the role command > to transfer roles to another DC > root at DC1:/var/log/samba# > > It seems there have been two threads lately on this same subject (by > Fernando Rodriguez and Petr MOTEJLEK). Could it be that there is a > problem in samba itself? > > In both threads, two roles remained on the to-be-demoted DC. Seems a bit > too coincidental, doesn't it? > > MJ