After accidentally destroying my primary DC which held all of the FSMO
roles, I am unable to show any roles, or sieze the naming role. I
initialy tried to sieze --role=all, and it failed, but by doing
them individually I was able to seize them all except for the
naming role. Any suggestions on how to fix this?
# samba-tool fsmo show -d 9
<removed generic debug info>
pm_process() returned Yes
ldb_wrap open of secrets.ldb
lpcfg_servicenumber: couldn't find ldb
schema_fsmo_init: we are master[no] updates allowed[no]
schema_fsmo_init: we are master[no] updates allowed[no]
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No
such element'
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
line 197, in run
self.infrastructureMaster = res[0]["fSMORoleOwner"][0]
# samba-tool fsmo seize --role=naming -d 9
<removed generic debug info>
schema_fsmo_init: we are master[yes] updates allowed[no]
schema_fsmo_init: we are master[yes] updates allowed[no]
Attempting transfer...
imessaging: cleaning up
/var/lib/samba/private/smbd.tmp/msg/msg.24602.585963648
ERROR(ldb): uncaught exception - Failed FSMO transfer:
NT_STATUS_CONNECTION_REFUSED
File "/usr/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
line 160, in run
self.seize_role(role, samdb, force)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
line 126, in seize_role
transfer_role(self.outf, role, samdb)
File "/usr/lib64/python2.6/site-packages/samba/netcmd/fsmo.py",
line 53, in transfer_role
samdb.modify(m)
I did find one samba list post where someone suggested the following to
fix a similar problem, but it errors out with the following error, and
seizing fails with exactly the same error as before.
# samba-tool dbcheck --fix --cross-ncs
Checking 3916 objects
ERROR: fSMORoleOwner not found for role
Sieze role CN=Partitions,CN=Configuration,DC=ad,DC=mydomain,DC=com onto current
DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=AUTH-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=com
[y/N/all/none] y
Failed to sieze role CN=Partitions,CN=Configuration,DC=ad,DC=mydomain,DC=com
onto current
DC by adding fSMORoleOwner=CN=NTDS
Settings,CN=AUTH-01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ad,DC=mydomain,DC=com
: (20, 'SINGLE-VALUE attribute fSMORoleOwner on
CN=Partitions,CN=Configuration,DC=ad,DC=mydomain,DC=com specified more than
once')
Checked 3916 objects (1 errors)
