samba - Jun 2015 - Need another workaround for FSMO transfer problem

On 05/26/2015 07:34 AM, Rowland Penny wrote:
> On 26/05/15 03:05, John Lewis wrote:
>>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>
>>
>> I ran into that while trying to rebuild my LXC's as Debian 8. The
>> proposed work arrounds assume you have access to a Windows Domain
>> controller in your domain, and I don't. Is there anything else I
can do
>> to get all 7 Roles moved to my other domain controller so I can
>> rebuild it?
>
> Funny you should say that, I have a patch pending to show all 7 modes
> and to seize them, I am also working on the transfer, but this seems
> to be a lot more complex and is proving troublesome.
>
> Rowland
>
Can you link me to your patches so that I may rebuild my samba packages
with them applied or learn what the seizing process is so I can complete
it by editing the ldap tree with ldbedit? Perhaps I should check the
development mailing list.

On 28/05/15 01:33, John Lewis wrote:
> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>> On 26/05/15 03:05, John Lewis wrote:
>>>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>
>>>
>>> I ran into that while trying to rebuild my LXC's as Debian 8.
The
>>> proposed work arrounds assume you have access to a Windows Domain
>>> controller in your domain, and I don't. Is there anything else
I can do
>>> to get all 7 Roles moved to my other domain controller so I can
>>> rebuild it?
>> Funny you should say that, I have a patch pending to show all 7 modes
>> and to seize them, I am also working on the transfer, but this seems
>> to be a lot more complex and is proving troublesome.
>>
>> Rowland
>>
> Can you link me to your patches so that I may rebuild my samba packages
> with them applied or learn what the seizing process is so I can complete
> it by editing the ldap tree with ldbedit? Perhaps I should check the
> development mailing list.
Yes, it is on the technical list, starting here: 
https://lists.samba.org/archive/samba-technical/2015-May/107448.html

The patch has morphed into just showing & siezing the 7 roles, 
transferring the two dns roles is much more complex than what I 
originally thought. The problem is that Microsoft (in their wisdom) 
provides a mechanism to transfer the 5 roles that everybody knows about, 
but not for the two dns roles. You need to delete the role on the DC 
that holds it, then recreate it, but this time pointing at the new role 
owner, this all needs to be done from the new role owner, you then need 
to kickstart replication of the role. I have got everything working 
apart from the replication (I think)

Rowland

On 05/28/2015 04:18 AM, Rowland Penny wrote:
> On 28/05/15 01:33, John Lewis wrote:
>> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>>> On 26/05/15 03:05, John Lewis wrote:
>>>>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>>
>>>>
>>>>
>>>> I ran into that while trying to rebuild my LXC's as Debian
8. The
>>>> proposed work arrounds assume you have access to a Windows
Domain
>>>> controller in your domain, and I don't. Is there anything
else I
>>>> can do
>>>> to get all 7 Roles moved to my other domain controller so I can
>>>> rebuild it?
>>> Funny you should say that, I have a patch pending to show all 7
modes
>>> and to seize them, I am also working on the transfer, but this
seems
>>> to be a lot more complex and is proving troublesome.
>>>
>>> Rowland
>>>
>> Can you link me to your patches so that I may rebuild my samba packages
>> with them applied or learn what the seizing process is so I can
complete
>> it by editing the ldap tree with ldbedit? Perhaps I should check the
>> development mailing list.
>
> Yes, it is on the technical list, starting here:
> https://lists.samba.org/archive/samba-technical/2015-May/107448.html
>
> The patch has morphed into just showing & siezing the 7 roles,
> transferring the two dns roles is much more complex than what I
> originally thought. The problem is that Microsoft (in their wisdom)
> provides a mechanism to transfer the 5 roles that everybody knows
> about, but not for the two dns roles. You need to delete the role on
> the DC that holds it, then recreate it, but this time pointing at the
> new role owner, this all needs to be done from the new role owner, you
> then need to kickstart replication of the role. I have got everything
> working apart from the replication (I think)
>
> Rowland
>
I don't know if this has got too advanced for the user list, but I tried
applying your patch to the source package in Debian and here is my result.
> john at
thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$
> quilt push fsmo.patch
> Applying patch ../patches/05_share_ldb_module
> can't find file to patch at input line 4
> Perhaps you used the wrong -p or --strip option?
> The text leading up to this was:
> --------------------------
> |=== modified file 'source4/param/wscript_build'
> |--- a/source4/param/wscript_build
> |+++ b/source4/param/wscript_build
> --------------------------
> No file to patch.  Skipping patch.
> 2 out of 2 hunks ignored
> Patch ../patches/05_share_ldb_module does not apply (enforce with -f)

I would like to get this built in so I can migrate my Domain Controller
so I can finally finish my OS upgrade s so I can work on my front end stuff.