> Here is my implementation: > Samba 4 with bind <----------------replicate-------------------- old > windows AD > > After replication, I want to demote Windows AD (WAD) and turn it off. So > I'll use Samba 4 as only active directory domain controller. > Everything is fine until I join new client to my domain (samba 4 is now > only AD, already update DNS). It pop-up an error: "Samba security database > is corrupted", and here is my samba.log: > > ../source4/dsdb/repl/drepl_ridalloc.c:207: Failed to find fSMORoleOwner in > RID Manager object - Cannot find attribute fSMORoleOwner of CN=RID > Manager$,CN=System,DC=tuan,DC=local to calculate reference dn > > So, it's too much for me to handle this kind of error. Any idea? > > Thanks you all. > -- > Jade Nguyen - System Specialist > Network Operation Center, FPT Online Service JSC >
One thing you forgot to perform before you turned off your Samba 4 DC was to transfer the FSMO roles. Since you've powered off your existing Windows AD DC, the only way to repair it is to seize the RID Master to the samba 4 DC as the Samba 4 DC can't seem to figure out where the appropriate RIDs are. If you can't... well, sorry but you really hosed the domain entirely. On Wed, Jan 9, 2013 at 8:44 PM, chidokato <tuanpro.itman at gmail.com> wrote:>> Here is my implementation: >> Samba 4 with bind <----------------replicate-------------------- old >> windows AD >> >> After replication, I want to demote Windows AD (WAD) and turn it off. So >> I'll use Samba 4 as only active directory domain controller. >> Everything is fine until I join new client to my domain (samba 4 is now >> only AD, already update DNS). It pop-up an error: "Samba security database >> is corrupted", and here is my samba.log: >> >> ../source4/dsdb/repl/drepl_ridalloc.c:207: Failed to find fSMORoleOwner in >> RID Manager object - Cannot find attribute fSMORoleOwner of CN=RID >> Manager$,CN=System,DC=tuan,DC=local to calculate reference dn >> >> So, it's too much for me to handle this kind of error. Any idea? >> >> Thanks you all. >> -- >> Jade Nguyen - System Specialist >> Network Operation Center, FPT Online Service JSC >> > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
As curriegrad2004 has said you need to move these roles... There are two ways of doing it, via MS AD or via Samba4... I've managed, in the past, to move the four roles without too many problems... Any googled site explaining how to move the roles will do. There's also a samba-tool command to manage these roles. As for your setup, I am trying to accomplish exactly the same. My question is: have you been able to replicate correctly the DNS Zone from MS AD to Samba 4? Have you tried to demote the old MS AD with DCPROMO? I always get a message saying that the DNS could not be correctly moved and that the last 'replicated' copy is still on the old MS AD. What version of MS AD are you running? I've been trying these for months, since the first Samba4 RC with no luck. If you manage to finally shut down completely and effectively the old MS AD I'd really appreciate to know how have you managed to do it. Thanks, Aleix.
Possibly Parallel Threads
- Samba4 as BDC on a Win2003 AD_PDC
- Getting rIDNextRID errors after upgrading two samba ADs to 4.2
- Raising domain functionality level with samba-tool fails with uncaught exception errors from Python
- DRS replication fails with Windows 2003 R2
- ldb segment fault. Problem on joining as a DC member.