Hello, I recently migrated our samba 3 domain to an AD domain using Samba 4 classic upgrade tool. DNS is provided by the internal dns server of Samba 4. I promoted a Windows 2k8 box as a new DC of this domain and I transfer all the 5 FSMO roles to this windows box. Now I would like to demote the Samba4 DC but when I tried I got this message : # samba-tool domain demote ERROR: Current DC is still the owner of 2 role(s), use the role command to transfer roles to another DC When check the fsmo roles status via "samba-tool fsmo show" on linux or with ntdsutil on windows it confirms that the Samba 4 DC doesn't own anything. Then, I tried to just stop samba4 and follow the microsoft procedure to remove a failed DC. But when I do that the domain fails, i've got an error message when i try to open any AD tool (ADUC for example) saying that the "domain cannot be found". It seems that something is handled by Samba only but I can't figure out what. Is this a DNS problem ? Should I use Bind ? Well, it's not urgent... wait a minute, my boss has a chainsaw, maybe I should hurry :D . Best regards, -- Davy HUBERT DSI/SMI - Unit? Syst?mes Universit? Paul-Val?ry, Montpellier 3 davy.hubert at univ-montp3.fr
Hi Greg, Thank you for your answer. Yes, I installed the dns service in the same time I promoted the windows server. When I checked the windows dns, it seemed to be well populated but there maybe some deep record that I missed. So, when I tried to stop samba windows used it's own dns server. Is there any known issues with the dns replication between Samba4 and Windows ? Best regards, Davy HUBERT DSI/SMI - Unit? Syst?mes Universit? Paul-Val?ry, Montpellier 3 davy.hubert at univ-montp3.fr Le 24/09/2013 16:25, Gregory Sloop a ?crit :> If you haven't moved DNS to the Windows box, then you turn off the > Samba box, you're going to have serious problems. > > So, yes, I'd guess it's a DNS problem. > [Here's hoping you still have all your limbs :) ] > > > -Greg > > DH> I recently migrated our samba 3 domain to an AD domain using Samba 4 > DH> classic upgrade tool. > DH> DNS is provided by the internal dns server of Samba 4. > > DH> I promoted a Windows 2k8 box as a new DC of this domain and I transfer > DH> all the 5 FSMO roles to this windows box. > > DH> Now I would like to demote the Samba4 DC but when I tried I got this > DH> message : > > DH> # samba-tool domain demote > DH> ERROR: Current DC is still the owner of 2 role(s), use the role command > DH> to transfer roles to another DC > > DH> When check the fsmo roles status via "samba-tool fsmo show" on linux or > DH> with ntdsutil on windows it confirms that the Samba 4 DC doesn't own > DH> anything. > > DH> Then, I tried to just stop samba4 and follow the microsoft procedure to > DH> remove a failed DC. But when I do that the domain fails, i've got an > DH> error message when i try to open any AD tool (ADUC for example) saying > DH> that the "domain cannot be found". > > DH> It seems that something is handled by Samba only but I can't figure out > DH> what. > > DH> Is this a DNS problem ? Should I use Bind ? > > DH> Well, it's not urgent... wait a minute, my boss has a chainsaw, maybe I > DH> should hurry :D . > >
Hi everybody,
I still have this problem.
I am using Samba 4.0.6 is there a known issue for my particular problem ?
Here is my smb.conf :
# Global parameters
[global]
workgroup = UM3
realm = my.realm.fqdn
netbios name = SAMBAPDC
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
dns forwarder = x.x.x.x
dsdb:schema update allowed = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/my.realm.fqdn/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
Davy HUBERT
DSI/SMI - Unit? Syst?mes
Universit? Paul-Val?ry, Montpellier 3
davy.hubert at univ-montp3.fr
Le 24/09/2013 13:36, Davy HUBERT a ?crit :> Hello,
>
>
> I recently migrated our samba 3 domain to an AD domain using Samba 4
> classic upgrade tool.
> DNS is provided by the internal dns server of Samba 4.
>
> I promoted a Windows 2k8 box as a new DC of this domain and I transfer
> all the 5 FSMO roles to this windows box.
>
> Now I would like to demote the Samba4 DC but when I tried I got this
> message :
>
> # samba-tool domain demote
> ERROR: Current DC is still the owner of 2 role(s), use the role
> command to transfer roles to another DC
>
> When check the fsmo roles status via "samba-tool fsmo show" on
linux
> or with ntdsutil on windows it confirms that the Samba 4 DC doesn't
> own anything.
>
> Then, I tried to just stop samba4 and follow the microsoft procedure
> to remove a failed DC. But when I do that the domain fails, i've got
> an error message when i try to open any AD tool (ADUC for example)
> saying that the "domain cannot be found".
>
> It seems that something is handled by Samba only but I can't figure
> out what.
>
> Is this a DNS problem ? Should I use Bind ?
>
> Well, it's not urgent... wait a minute, my boss has a chainsaw, maybe
> I should hurry :D .
>
>
>
> Best regards,
>