samba - Jun 2015 - Need another workaround for FSMO transfer problem

On 06/11/2015 04:33 AM, Rowland Penny wrote:
> On 11/06/15 00:20, John Lewis wrote:
>> On 05/28/2015 04:18 AM, Rowland Penny wrote:
>>> On 28/05/15 01:33, John Lewis wrote:
>>>> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>>>>> On 26/05/15 03:05, John Lewis wrote:
>>>>>>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> I ran into that while trying to rebuild my LXC's as
Debian 8. The
>>>>>> proposed work arrounds assume you have access to a
Windows Domain
>>>>>> controller in your domain, and I don't. Is there
anything else I
>>>>>> can do
>>>>>> to get all 7 Roles moved to my other domain controller
so I can
>>>>>> rebuild it?
>>>>> Funny you should say that, I have a patch pending to show
all 7 modes
>>>>> and to seize them, I am also working on the transfer, but
this seems
>>>>> to be a lot more complex and is proving troublesome.
>>>>>
>>>>> Rowland
>>>>>
>>>> Can you link me to your patches so that I may rebuild my samba
>>>> packages
>>>> with them applied or learn what the seizing process is so I can
>>>> complete
>>>> it by editing the ldap tree with ldbedit? Perhaps I should
check the
>>>> development mailing list.
>>> Yes, it is on the technical list, starting here:
>>>
https://lists.samba.org/archive/samba-technical/2015-May/107448.html
>>>
>>> The patch has morphed into just showing & siezing the 7 roles,
>>> transferring the two dns roles is much more complex than what I
>>> originally thought. The problem is that Microsoft (in their wisdom)
>>> provides a mechanism to transfer the 5 roles that everybody knows
>>> about, but not for the two dns roles. You need to delete the role
on
>>> the DC that holds it, then recreate it, but this time pointing at
the
>>> new role owner, this all needs to be done from the new role owner,
you
>>> then need to kickstart replication of the role. I have got
everything
>>> working apart from the replication (I think)
>>>
>>> Rowland
>>>
>> I don't know if this has got too advanced for the user list, but I
tried
>> applying your patch to the source package in Debian and here is my
>> result.
>>
>>> john at
thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$
>>>
>>> quilt push fsmo.patch
>>> Applying patch ../patches/05_share_ldb_module
>>> can't find file to patch at input line 4
>>> Perhaps you used the wrong -p or --strip option?
>>> The text leading up to this was:
>>> --------------------------
>>> |=== modified file 'source4/param/wscript_build'
>>> |--- a/source4/param/wscript_build
>>> |+++ b/source4/param/wscript_build
>>> --------------------------
>>> No file to patch.  Skipping patch.
>>> 2 out of 2 hunks ignored
>>> Patch ../patches/05_share_ldb_module does not apply (enforce with
-f)
>>
>> I would like to get this built in so I can migrate my Domain Controller
>> so I can finally finish my OS upgrade s so I can work on my front end
>> stuff.
>>
>>
>
> The patch has changed quite a lot and is supposed to apply to
> samba-master from samba git.
> If it would help, I could probably send you a fully patched fsmo.py to
> test.
>
> Rowland
I think it would help. I would probably talk to a package maintainer
about adding an out of of tree patch or building a new package from git
source.

On 11/06/15 11:51, John Lewis wrote:
> On 06/11/2015 04:33 AM, Rowland Penny wrote:
>> On 11/06/15 00:20, John Lewis wrote:
>>> On 05/28/2015 04:18 AM, Rowland Penny wrote:
>>>> On 28/05/15 01:33, John Lewis wrote:
>>>>> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>>>>>> On 26/05/15 03:05, John Lewis wrote:
>>>>>>>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> I ran into that while trying to rebuild my
LXC's as Debian 8. The
>>>>>>> proposed work arrounds assume you have access to a
Windows Domain
>>>>>>> controller in your domain, and I don't. Is
there anything else I
>>>>>>> can do
>>>>>>> to get all 7 Roles moved to my other domain
controller so I can
>>>>>>> rebuild it?
>>>>>> Funny you should say that, I have a patch pending to
show all 7 modes
>>>>>> and to seize them, I am also working on the transfer,
but this seems
>>>>>> to be a lot more complex and is proving troublesome.
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>> Can you link me to your patches so that I may rebuild my
samba
>>>>> packages
>>>>> with them applied or learn what the seizing process is so I
can
>>>>> complete
>>>>> it by editing the ldap tree with ldbedit? Perhaps I should
check the
>>>>> development mailing list.
>>>> Yes, it is on the technical list, starting here:
>>>>
https://lists.samba.org/archive/samba-technical/2015-May/107448.html
>>>>
>>>> The patch has morphed into just showing & siezing the 7
roles,
>>>> transferring the two dns roles is much more complex than what I
>>>> originally thought. The problem is that Microsoft (in their
wisdom)
>>>> provides a mechanism to transfer the 5 roles that everybody
knows
>>>> about, but not for the two dns roles. You need to delete the
role on
>>>> the DC that holds it, then recreate it, but this time pointing
at the
>>>> new role owner, this all needs to be done from the new role
owner, you
>>>> then need to kickstart replication of the role. I have got
everything
>>>> working apart from the replication (I think)
>>>>
>>>> Rowland
>>>>
>>> I don't know if this has got too advanced for the user list,
but I tried
>>> applying your patch to the source package in Debian and here is my
>>> result.
>>>
>>>> john at
thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$
>>>>
>>>> quilt push fsmo.patch
>>>> Applying patch ../patches/05_share_ldb_module
>>>> can't find file to patch at input line 4
>>>> Perhaps you used the wrong -p or --strip option?
>>>> The text leading up to this was:
>>>> --------------------------
>>>> |=== modified file 'source4/param/wscript_build'
>>>> |--- a/source4/param/wscript_build
>>>> |+++ b/source4/param/wscript_build
>>>> --------------------------
>>>> No file to patch.  Skipping patch.
>>>> 2 out of 2 hunks ignored
>>>> Patch ../patches/05_share_ldb_module does not apply (enforce
with -f)
>>> I would like to get this built in so I can migrate my Domain
Controller
>>> so I can finally finish my OS upgrade s so I can work on my front
end
>>> stuff.
>>>
>>>
>> The patch has changed quite a lot and is supposed to apply to
>> samba-master from samba git.
>> If it would help, I could probably send you a fully patched fsmo.py to
>> test.
>>
>> Rowland
> I think it would help. I would probably talk to a package maintainer
> about adding an out of of tree patch or building a new package from git
> source.
Ah, no, it either goes into samba or it goes nowhere, if you are 
prepared to use it to just get you out of your problem, I will supply 
you with a copy. You must not pass it to any package maintainer.
I will give samba-technical a prod, the latest version is deemed usable 
by Jelmer, it just needs another dev to OK it and push it.

Rowland

On 06/11/2015 07:10 AM, Rowland Penny wrote:
> On 11/06/15 11:51, John Lewis wrote:
>> On 06/11/2015 04:33 AM, Rowland Penny wrote:
>>> On 11/06/15 00:20, John Lewis wrote:
>>>> On 05/28/2015 04:18 AM, Rowland Penny wrote:
>>>>> On 28/05/15 01:33, John Lewis wrote:
>>>>>> On 05/26/2015 07:34 AM, Rowland Penny wrote:
>>>>>>> On 26/05/15 03:05, John Lewis wrote:
>>>>>>>>
https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_%28FSMO%29_roles#Transfering_a_FSMO_role
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> I ran into that while trying to rebuild my
LXC's as Debian 8. The
>>>>>>>> proposed work arrounds assume you have access
to a Windows Domain
>>>>>>>> controller in your domain, and I don't. Is
there anything else I
>>>>>>>> can do
>>>>>>>> to get all 7 Roles moved to my other domain
controller so I can
>>>>>>>> rebuild it?
>>>>>>> Funny you should say that, I have a patch pending
to show all 7
>>>>>>> modes
>>>>>>> and to seize them, I am also working on the
transfer, but this
>>>>>>> seems
>>>>>>> to be a lot more complex and is proving
troublesome.
>>>>>>>
>>>>>>> Rowland
>>>>>>>
>>>>>> Can you link me to your patches so that I may rebuild
my samba
>>>>>> packages
>>>>>> with them applied or learn what the seizing process is
so I can
>>>>>> complete
>>>>>> it by editing the ldap tree with ldbedit? Perhaps I
should check the
>>>>>> development mailing list.
>>>>> Yes, it is on the technical list, starting here:
>>>>>
https://lists.samba.org/archive/samba-technical/2015-May/107448.html
>>>>>
>>>>> The patch has morphed into just showing & siezing the 7
roles,
>>>>> transferring the two dns roles is much more complex than
what I
>>>>> originally thought. The problem is that Microsoft (in their
wisdom)
>>>>> provides a mechanism to transfer the 5 roles that everybody
knows
>>>>> about, but not for the two dns roles. You need to delete
the role on
>>>>> the DC that holds it, then recreate it, but this time
pointing at the
>>>>> new role owner, this all needs to be done from the new role
owner,
>>>>> you
>>>>> then need to kickstart replication of the role. I have got
everything
>>>>> working apart from the replication (I think)
>>>>>
>>>>> Rowland
>>>>>
>>>> I don't know if this has got too advanced for the user
list, but I
>>>> tried
>>>> applying your patch to the source package in Debian and here is
my
>>>> result.
>>>>
>>>>> john at
thunderguard:~/Programming/not-mine/samba-4.1.17+dfsg/debian/patches$
>>>>>
>>>>>
>>>>> quilt push fsmo.patch
>>>>> Applying patch ../patches/05_share_ldb_module
>>>>> can't find file to patch at input line 4
>>>>> Perhaps you used the wrong -p or --strip option?
>>>>> The text leading up to this was:
>>>>> --------------------------
>>>>> |=== modified file 'source4/param/wscript_build'
>>>>> |--- a/source4/param/wscript_build
>>>>> |+++ b/source4/param/wscript_build
>>>>> --------------------------
>>>>> No file to patch.  Skipping patch.
>>>>> 2 out of 2 hunks ignored
>>>>> Patch ../patches/05_share_ldb_module does not apply
(enforce with -f)
>>>> I would like to get this built in so I can migrate my Domain
>>>> Controller
>>>> so I can finally finish my OS upgrade s so I can work on my
front end
>>>> stuff.
>>>>
>>>>
>>> The patch has changed quite a lot and is supposed to apply to
>>> samba-master from samba git.
>>> If it would help, I could probably send you a fully patched fsmo.py
to
>>> test.
>>>
>>> Rowland
>> I think it would help. I would probably talk to a package maintainer
>> about adding an out of of tree patch or building a new package from git
>> source.
>
> Ah, no, it either goes into samba or it goes nowhere, if you are
> prepared to use it to just get you out of your problem, I will supply
> you with a copy. You must not pass it to any package maintainer.
> I will give samba-technical a prod, the latest version is deemed
> usable by Jelmer, it just needs another dev to OK it and push it.
>
> Rowland
>
I have no plans on passing it to a package maintainer . I just need a
local version so I can get rid of my old Domain Controller and make a
new Domain Controller without losing my whole domain because of a stuck
FSMO role.

I would only need a maintainer to advise me on what way is the best way
to approach it.