On Sun, 10 May 2015, Rowland Penny wrote:> You definitely seem to have problems there.Indeed I do :-(> You do know that there are 7 (yes seven) fsmoroles ?Oh crap. I checked on the original DC before I demoted it, and there were only 5 displayed, so I thought that was all I should have. At least, I transferred -all roles, and only those 5 made it. This is going to be a pain to fix. Steve -- ---------------------------------------------------------------------------- Steve Thompson E-mail: smt AT vgersoft DOT com Voyager Software LLC Web: http://www DOT vgersoft DOT com 39 Smugglers Path VSW Support: support AT vgersoft DOT com Ithaca, NY 14850 "186,282 miles per second: it's not just a good idea, it's the law" ----------------------------------------------------------------------------
On 10/05/15 17:25, Steve Thompson wrote:> On Sun, 10 May 2015, Rowland Penny wrote: > >> You definitely seem to have problems there. > > Indeed I do :-( > >> You do know that there are 7 (yes seven) fsmoroles ? > > Oh crap. I checked on the original DC before I demoted it, and there > were only 5 displayed, so I thought that was all I should have. At > least, I transferred -all roles, and only those 5 made it. This is > going to be a pain to fix. > > SteveIt might not be as bad as what you think, do you have the two DNs ? ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b "CN=Infrastructure,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu" (the above should all on one line) If the above command (possibly changed for your sam.ldb location) produces a result, check if there is a 'fSMORoleOwner' attribute and if there is, does it point to your first DC (or wherever the other fsmo roles point to) ? If it is there and does point to the correct place, then OK. If it is there and points to the wrong DC, then edit it to point at the right DC. If it isn't there, then it will have to be created, based on another of your DCs. Repeat for the other DN. Rowland
On Sun, 10 May 2015, Rowland Penny wrote:> It might not be as bad as what you think, do you have the two DNs ? > > ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b > "CN=Infrastructure,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu"Yes, I have both of the dn's. However, neither of them have an fSMORoleOwner attribute. That I will fix and report back. Steve
On Sun, 10 May 2015, Rowland Penny wrote:> ldbedit -e nano -H /var/lib/samba/private/sam.ldb -b > "CN=Infrastructure,DC=DomainDnsZones,DC=europa,DC=icse,DC=cornell,DC=edu"I successfully fixed up the role owner in DomainDnsZones and ForestDnsZones. It turned out that ldbedit couldn't do it, as there was already an fSMORoleOwner, albeit blank (which ldbsearch did not show). I used ldbmodify instead to replace the role owner, and now all the role ownerships are correct. However, it did not make any difference to my inability to restart BIND; this still fails if I include the samba named.conf. Steve