Hi When I work with RSAT on Samba4 appear the following message: "A global catalog (GC) cannot be contacted. A GC is needed to list the objects group memberships. ..." Occur, for example, when I access properties about an user or computer, as member of or Unix Attribute tab I have executed some tests, and for me looks like is healthy my DC. Is there another test to verify the health of the my DC/Domain ? samba-tool fsmo show InfrastructureMasterRole owner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br RidAllocationMasterRole owner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br PdcEmulationMasterRole owner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br DomainNamingMasterRole owner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br SchemaMasterRole owner: CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br samba-tool domain level show Domain and forest function level for domain 'DC=empresa,DC=com,DC=br' Forest function level: (Windows) 2008 R2 Domain function level: (Windows) 2008 R2 Lowest function level of a DC: (Windows) 2008 R2 samba-tool domain info 192.168.200.25 Forest : empresa.com.br Domain : empresa.com.br Netbios domain : empresa DC name : dc1.empresa.com.br DC netbios name : DC1 Server site : Default-First-Site-Name Client site : Default-First-Site-Name netstat -taunp | egrep 3268 tcp 0 0 0.0.0.0:3268 0.0.0.0:* LISTEN 2572/samba tcp 0 0 192.168.200.25:3268 192.168.200.236:46732 ESTABLISHED 2572/samba tcp6 0 0 :::3268 :::* LISTEN 2572/samba Regards, Márcio
On Tue, 15 Nov 2016 20:19:23 -0200 Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:> Hi > > When I work with RSAT on Samba4 appear the following message: "A > global catalog (GC) cannot be contacted. A GC is needed to list the > objects group memberships. ..." > Occur, for example, when I access properties about an user or > computer, as member of or Unix Attribute tab > > I have executed some tests, and for me looks like is healthy my DC. > > Is there another test to verify the health of the my DC/Domain ? > > samba-tool fsmo show > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > SchemaMasterRole owner: CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > >You seem to be missing two FSMO roles: DomainDnsZonesMasterRole ForestDnsZonesMasterRole Just what version of Samba are you using ? Rowland
Hi Rowland I'm using Samba 4.2.1 on Debian 7 Regards, Márcio 2016-11-15 20:30 GMT-02:00 Rowland Penny via samba <samba at lists.samba.org>:> On Tue, 15 Nov 2016 20:19:23 -0200 > Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote: > > > Hi > > > > When I work with RSAT on Samba4 appear the following message: "A > > global catalog (GC) cannot be contacted. A GC is needed to list the > > objects group memberships. ..." > > Occur, for example, when I access properties about an user or > > computer, as member of or Unix Attribute tab > > > > I have executed some tests, and for me looks like is healthy my DC. > > > > Is there another test to verify the health of the my DC/Domain ? > > > > samba-tool fsmo show > > InfrastructureMasterRole owner: CN=NTDS > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN> Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > RidAllocationMasterRole owner: CN=NTDS > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN> Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > PdcEmulationMasterRole owner: CN=NTDS > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN> Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > DomainNamingMasterRole owner: CN=NTDS > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN> Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > SchemaMasterRole owner: CN=NTDS > > Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN> Sites,CN=Configuration,DC=empresa,DC=com,DC=br > > > > > > > > You seem to be missing two FSMO roles: > > DomainDnsZonesMasterRole > ForestDnsZonesMasterRole > > Just what version of Samba are you using ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
> You seem to be missing two FSMO roles: > DomainDnsZonesMasterRole > ForestDnsZonesMasterRole > Just what version of Samba are you using ?My Samba 4.5.2 domain also appears to be missing these roles. Can I simply seize these roles? [root at larkin27 ~]# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS Settings,CN=TEMP2008R2DC,CN=Servers,.. InfrastructureMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... RidAllocationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... PdcEmulationMasterRole owner: CN=NTDS Settings,CN=LARKIN27,,... DomainNamingMasterRole owner: CN=NTDS Settings,CN=LARKIN27,... DomainDnsZonesMasterRole has no current owner ForestDnsZonesMasterRole has no current owner -- Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383 Systems Administrator, Python Developer, LPI / NCLA