John Lewis
2015-Jun-10 23:20 UTC
[Samba] Need another workaround for FSMO transfer problem
On 05/28/2015 04:18 AM, Rowland Penny wrote:> On 28/05/15 01:33, John Lewis wrote: >> On 05/26/2015 07:34 AM, Rowland Penny wrote: >>> On 26/05/15 03:05, John Lewis wrote: >>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role >>>> >>>> >>>> >>>> I ran into that while trying to rebuild my LXC's as Debian 8. The >>>> proposed work arrounds assume you have access to a Windows Domain >>>> controller in your domain, and I don't. Is there anything else I >>>> can do >>>> to get all 7 Roles moved to my other domain controller so I can >>>> rebuild it? >>> Funny you should say that, I have a patch pending to show all 7 modes >>> and to seize them, I am also working on the transfer, but this seems >>> to be a lot more complex and is proving troublesome. >>> >>> Rowland >>> >> Can you link me to your patches so that I may rebuild my samba packages >> with them applied or learn what the seizing process is so I can complete >> it by editing the ldap tree with ldbedit? Perhaps I should check the >> development mailing list. > > Yes, it is on the technical list, starting here: > https://lists.samba.org/archive/samba-technical/2015-May/107448.html > > The patch has morphed into just showing & siezing the 7 roles, > transferring the two dns roles is much more complex than what I > originally thought. The problem is that Microsoft (in their wisdom) > provides a mechanism to transfer the 5 roles that everybody knows > about, but not for the two dns roles. You need to delete the role on > the DC that holds it, then recreate it, but this time pointing at the > new role owner, this all needs to be done from the new role owner, you > then need to kickstart replication of the role. I have got everything > working apart from the replication (I think) > > Rowland >I don't know if this has got too advanced for the user list, but I tried applying your patch to the source package in Debian and here is my result.> john at thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$ > quilt push fsmo.patch > Applying patch ../patches/05_share_ldb_module > can't find file to patch at input line 4 > Perhaps you used the wrong -p or --strip option? > The text leading up to this was: > -------------------------- > |=== modified file 'source4/param/wscript_build' > |--- a/source4/param/wscript_build > |+++ b/source4/param/wscript_build > -------------------------- > No file to patch. Skipping patch. > 2 out of 2 hunks ignored > Patch ../patches/05_share_ldb_module does not apply (enforce with -f)I would like to get this built in so I can migrate my Domain Controller so I can finally finish my OS upgrade s so I can work on my front end stuff.
Rowland Penny
2015-Jun-11 08:33 UTC
[Samba] Need another workaround for FSMO transfer problem
On 11/06/15 00:20, John Lewis wrote:> On 05/28/2015 04:18 AM, Rowland Penny wrote: >> On 28/05/15 01:33, John Lewis wrote: >>> On 05/26/2015 07:34 AM, Rowland Penny wrote: >>>> On 26/05/15 03:05, John Lewis wrote: >>>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role >>>>> >>>>> >>>>> >>>>> I ran into that while trying to rebuild my LXC's as Debian 8. The >>>>> proposed work arrounds assume you have access to a Windows Domain >>>>> controller in your domain, and I don't. Is there anything else I >>>>> can do >>>>> to get all 7 Roles moved to my other domain controller so I can >>>>> rebuild it? >>>> Funny you should say that, I have a patch pending to show all 7 modes >>>> and to seize them, I am also working on the transfer, but this seems >>>> to be a lot more complex and is proving troublesome. >>>> >>>> Rowland >>>> >>> Can you link me to your patches so that I may rebuild my samba packages >>> with them applied or learn what the seizing process is so I can complete >>> it by editing the ldap tree with ldbedit? Perhaps I should check the >>> development mailing list. >> Yes, it is on the technical list, starting here: >> https://lists.samba.org/archive/samba-technical/2015-May/107448.html >> >> The patch has morphed into just showing & siezing the 7 roles, >> transferring the two dns roles is much more complex than what I >> originally thought. The problem is that Microsoft (in their wisdom) >> provides a mechanism to transfer the 5 roles that everybody knows >> about, but not for the two dns roles. You need to delete the role on >> the DC that holds it, then recreate it, but this time pointing at the >> new role owner, this all needs to be done from the new role owner, you >> then need to kickstart replication of the role. I have got everything >> working apart from the replication (I think) >> >> Rowland >> > I don't know if this has got too advanced for the user list, but I tried > applying your patch to the source package in Debian and here is my result. > >> john at thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$ >> quilt push fsmo.patch >> Applying patch ../patches/05_share_ldb_module >> can't find file to patch at input line 4 >> Perhaps you used the wrong -p or --strip option? >> The text leading up to this was: >> -------------------------- >> |=== modified file 'source4/param/wscript_build' >> |--- a/source4/param/wscript_build >> |+++ b/source4/param/wscript_build >> -------------------------- >> No file to patch. Skipping patch. >> 2 out of 2 hunks ignored >> Patch ../patches/05_share_ldb_module does not apply (enforce with -f) > > I would like to get this built in so I can migrate my Domain Controller > so I can finally finish my OS upgrade s so I can work on my front end stuff. > >The patch has changed quite a lot and is supposed to apply to samba-master from samba git. If it would help, I could probably send you a fully patched fsmo.py to test. Rowland
Harry Jede
2015-Jun-11 08:53 UTC
[Samba] Need another workaround for FSMO transfer problem
On 10:38:21 wrote John Lewis:> On 05/28/2015 04:18 AM, Rowland Penny wrote: > > On 28/05/15 01:33, John Lewis wrote: > >> On 05/26/2015 07:34 AM, Rowland Penny wrote: > >>> On 26/05/15 03:05, John Lewis wrote: > >>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operatio > >>>> ns_%28FSMO%29_roles#Transfering_a_FSMO_role > >>>> > >>>> > >>>> > >>>> I ran into that while trying to rebuild my LXC's as Debian 8. > >>>> The proposed work arrounds assume you have access to a Windows > >>>> Domain controller in your domain, and I don't. Is there > >>>> anything else I can do > >>>> to get all 7 Roles moved to my other domain controller so I can > >>>> rebuild it? > >>> > >>> Funny you should say that, I have a patch pending to show all 7 > >>> modes and to seize them, I am also working on the transfer, but > >>> this seems to be a lot more complex and is proving troublesome. > >>> > >>> Rowland > >> > >> Can you link me to your patches so that I may rebuild my samba > >> packages with them applied or learn what the seizing process is > >> so I can complete it by editing the ldap tree with ldbedit? > >> Perhaps I should check the development mailing list. > > > > Yes, it is on the technical list, starting here: > > https://lists.samba.org/archive/samba-technical/2015-May/107448.htm > > l > > > > The patch has morphed into just showing & siezing the 7 roles, > > transferring the two dns roles is much more complex than what I > > originally thought. The problem is that Microsoft (in their wisdom) > > provides a mechanism to transfer the 5 roles that everybody knows > > about, but not for the two dns roles. You need to delete the role > > on the DC that holds it, then recreate it, but this time pointing > > at the new role owner, this all needs to be done from the new role > > owner, you then need to kickstart replication of the role. I have > > got everything working apart from the replication (I think) > > > > Rowland > > I don't know if this has got too advanced for the user list, but I > tried applying your patch to the source package in Debian and here > is my result. > > > john at thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/p > > atches$ quilt push fsmo.patch > > Applying patch ../patches/05_share_ldb_module > > can't find file to patch at input line 4 > > Perhaps you used the wrong -p or --strip option? > > The text leading up to this was: > > -------------------------- > > > > |=== modified file 'source4/param/wscript_build' > > |--- a/source4/param/wscript_build > > |+++ b/source4/param/wscript_build > > > > -------------------------- > > No file to patch. Skipping patch. > > 2 out of 2 hunks ignored > > Patch ../patches/05_share_ldb_module does not apply (enforce with > > -f) > > I would like to get this built in so I can migrate my Domain > Controller so I can finally finish my OS upgrade s so I can work on > my front end stuff.You do it the wrong way. As common, the patch is written for the vendors source. But you are in debians source tree, so you should modify the header of the patch, use "dpkg-buildpackage -us -uc" to create the binary package, test it, modify the changelog to document your changes and to end up with a package version string that works with apt-get/aptitude and build the package again. Here an example header from "samba-4.0.10/debian/patches/bug_221618_precise-64bit-prototype.patch" Description: 64 bit fix for libsmbclient Author: Christian Perrier <bubulle at debian.org> Bug-Debian: http://bugs.debian.org/221618 Forwarded: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221618#27 Index: samba/source3/include/libsmbclient.h ==================================================================--- samba.orig/source3/include/libsmbclient.h +++ samba/source3/include/libsmbclient.h good luck -- Regars Harry Jede
John Lewis
2015-Jun-11 10:51 UTC
[Samba] Need another workaround for FSMO transfer problem
On 06/11/2015 04:33 AM, Rowland Penny wrote:> On 11/06/15 00:20, John Lewis wrote: >> On 05/28/2015 04:18 AM, Rowland Penny wrote: >>> On 28/05/15 01:33, John Lewis wrote: >>>> On 05/26/2015 07:34 AM, Rowland Penny wrote: >>>>> On 26/05/15 03:05, John Lewis wrote: >>>>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> I ran into that while trying to rebuild my LXC's as Debian 8. The >>>>>> proposed work arrounds assume you have access to a Windows Domain >>>>>> controller in your domain, and I don't. Is there anything else I >>>>>> can do >>>>>> to get all 7 Roles moved to my other domain controller so I can >>>>>> rebuild it? >>>>> Funny you should say that, I have a patch pending to show all 7 modes >>>>> and to seize them, I am also working on the transfer, but this seems >>>>> to be a lot more complex and is proving troublesome. >>>>> >>>>> Rowland >>>>> >>>> Can you link me to your patches so that I may rebuild my samba >>>> packages >>>> with them applied or learn what the seizing process is so I can >>>> complete >>>> it by editing the ldap tree with ldbedit? Perhaps I should check the >>>> development mailing list. >>> Yes, it is on the technical list, starting here: >>> https://lists.samba.org/archive/samba-technical/2015-May/107448.html >>> >>> The patch has morphed into just showing & siezing the 7 roles, >>> transferring the two dns roles is much more complex than what I >>> originally thought. The problem is that Microsoft (in their wisdom) >>> provides a mechanism to transfer the 5 roles that everybody knows >>> about, but not for the two dns roles. You need to delete the role on >>> the DC that holds it, then recreate it, but this time pointing at the >>> new role owner, this all needs to be done from the new role owner, you >>> then need to kickstart replication of the role. I have got everything >>> working apart from the replication (I think) >>> >>> Rowland >>> >> I don't know if this has got too advanced for the user list, but I tried >> applying your patch to the source package in Debian and here is my >> result. >> >>> john at thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$ >>> >>> quilt push fsmo.patch >>> Applying patch ../patches/05_share_ldb_module >>> can't find file to patch at input line 4 >>> Perhaps you used the wrong -p or --strip option? >>> The text leading up to this was: >>> -------------------------- >>> |=== modified file 'source4/param/wscript_build' >>> |--- a/source4/param/wscript_build >>> |+++ b/source4/param/wscript_build >>> -------------------------- >>> No file to patch. Skipping patch. >>> 2 out of 2 hunks ignored >>> Patch ../patches/05_share_ldb_module does not apply (enforce with -f) >> >> I would like to get this built in so I can migrate my Domain Controller >> so I can finally finish my OS upgrade s so I can work on my front end >> stuff. >> >> > > The patch has changed quite a lot and is supposed to apply to > samba-master from samba git. > If it would help, I could probably send you a fully patched fsmo.py to > test. > > RowlandI think it would help. I would probably talk to a package maintainer about adding an out of of tree patch or building a new package from git source.
John Lewis
2015-Jun-11 10:53 UTC
[Samba] Need another workaround for FSMO transfer problem
On 06/11/2015 04:53 AM, Harry Jede wrote:> > On 10:38:21 wrote John Lewis: > > > On 05/28/2015 04:18 AM, Rowland Penny wrote: > > > > On 28/05/15 01:33, John Lewis wrote: > > > >> On 05/26/2015 07:34 AM, Rowland Penny wrote: > > > >>> On 26/05/15 03:05, John Lewis wrote: > > > >>>> https://wiki.samba.org/index.php/Flexible_Single-Master_Operatio > > > >>>> ns_%28FSMO%29_roles#Transfering_a_FSMO_role > > > >>>> > > > >>>> > > > >>>> > > > >>>> I ran into that while trying to rebuild my LXC's as Debian 8. > > > >>>> The proposed work arrounds assume you have access to a Windows > > > >>>> Domain controller in your domain, and I don't. Is there > > > >>>> anything else I can do > > > >>>> to get all 7 Roles moved to my other domain controller so I can > > > >>>> rebuild it? > > > >>> > > > >>> Funny you should say that, I have a patch pending to show all 7 > > > >>> modes and to seize them, I am also working on the transfer, but > > > >>> this seems to be a lot more complex and is proving troublesome. > > > >>> > > > >>> Rowland > > > >> > > > >> Can you link me to your patches so that I may rebuild my samba > > > >> packages with them applied or learn what the seizing process is > > > >> so I can complete it by editing the ldap tree with ldbedit? > > > >> Perhaps I should check the development mailing list. > > > > > > > > Yes, it is on the technical list, starting here: > > > > https://lists.samba.org/archive/samba-technical/2015-May/107448.htm > > > > l > > > > > > > > The patch has morphed into just showing & siezing the 7 roles, > > > > transferring the two dns roles is much more complex than what I > > > > originally thought. The problem is that Microsoft (in their wisdom) > > > > provides a mechanism to transfer the 5 roles that everybody knows > > > > about, but not for the two dns roles. You need to delete the role > > > > on the DC that holds it, then recreate it, but this time pointing > > > > at the new role owner, this all needs to be done from the new role > > > > owner, you then need to kickstart replication of the role. I have > > > > got everything working apart from the replication (I think) > > > > > > > > Rowland > > > > > > I don't know if this has got too advanced for the user list, but I > > > tried applying your patch to the source package in Debian and here > > > is my result. > > > > > > > john at thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/p > > > > atches$ quilt push fsmo.patch > > > > Applying patch ../patches/05_share_ldb_module > > > > can't find file to patch at input line 4 > > > > Perhaps you used the wrong -p or --strip option? > > > > The text leading up to this was: > > > > -------------------------- > > > > > > > > |=== modified file 'source4/param/wscript_build' > > > > |--- a/source4/param/wscript_build > > > > |+++ b/source4/param/wscript_build > > > > > > > > -------------------------- > > > > No file to patch. Skipping patch. > > > > 2 out of 2 hunks ignored > > > > Patch ../patches/05_share_ldb_module does not apply (enforce with > > > > -f) > > > > > > I would like to get this built in so I can migrate my Domain > > > Controller so I can finally finish my OS upgrade s so I can work on > > > my front end stuff. > > You do it the wrong way. > > As common, the patch is written for the vendors source. But you are in > debians source tree, so you should modify the header of the patch, use > "dpkg-buildpackage -us -uc" to create the binary package, test it, > modify the changelog to document your changes and to end up with a > package version string that works with apt-get/aptitude and build the > package again. > > > > Here an example header from > > "samba-4.0.10/debian/patches/bug_221618_precise-64bit-prototype.patch" > > > > Description: 64 bit fix for libsmbclient > > Author: Christian Perrier <bubulle at debian.org> > > Bug-Debian: http://bugs.debian.org/221618 > > Forwarded: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221618#27 > > > > Index: samba/source3/include/libsmbclient.h > > ==================================================================> > --- samba.orig/source3/include/libsmbclient.h > > +++ samba/source3/include/libsmbclient.h > > > > good luck > > > > -- > > > > Regars > > Harry Jede >I'll try this.