The upgrade shouldn't have touched the Samba database, just the binaries etc, so check the smb.conf file and recreate it if you cannot find it, or if it is incorrect. The smb.conf still exists [global] workgroup = IUMNET realm = IUMNET.EDU.NA netbios name = IUMDCDP01 server role = active directory domain controller dns forwarder = 172.16.10.254 domain master = yes preferred master = yes # server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap password server = 172.16.10.5 allow dns updates = nonsecure and secure # lanman auth = Yes # client lanman auth = Yes ntlm auth = yes client use spnego = no client ldap sasl wrapping = sign # ldap ssl ads = yes # ldap ssl = start tls ldap server require strong auth = no # wins server = iumnet.edu.na # wins support = Yes time server = Yes template shell = /bin/bash template homedir = /home/%U # idmap config * : backend = tdb # idmap config *:range = 50000-1000000 full_audit:prefix = %u|%I|%m|%S full_audit:failure = connect full_audit:success = connect disconnect seize the FSMO roles to another DC, forcibly demote the dead DC Please help with the commands to seize the FSMO roles to another DC and forcibly demote the dead DC. *Harsh Kukreja *Systems Administrator *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja @ium.edu.na - Web: *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA On Thu, Nov 16, 2017 at 11:35 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 16 Nov 2017 23:13:27 +0200 > "Kukreja H.Kukreja via samba" <samba at lists.samba.org> wrote: > > > Hi I upgraded my samba 4 DC running on Ubuntu 12.04 from 4.6.7 to > > 4.6.10 sernet samba package. > > > > apt-get update > > apt-get upgrade sernet-samba > > While downloading the new package the internet went down and it > > stopped so later when the connection was restored I started it again > > with ap-get upgrade sernet-samba and it started again. > > Now after rebooting the server the sernet-samba-ad service is not > > running and failing with error SAMBA NOT CONFIGURED AS DC. The > > testparm command is giving an error /var/run/samba pid missing so I > > have copied the folder from another running DC running 4.7.1. > > > > Please help to resolve the problem. This is a main DC and I have > > still not transferred the FSMO rules to the new 4.7.1 server. > > > > Thanks n Regards > > > > Harsh > > > > Sent from my iPhone > > The upgrade shouldn't have touched the Samba database, just the > binaries etc, so check the smb.conf file and recreate it if you cannot > find it, or if it is incorrect. > > If all else fails and because you seem to have other DCs, turn off the > DC, seize the FSMO roles to another DC, forcibly demote the dead DC. > > Re-install the OS on the old DC, do not use the old DCs ipaddress > or hostname. Now install Samba and join it to the domain as another DC > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Fri, 17 Nov 2017 11:38:22 +0200 Harsh Kukreja <h.kukreja at ium.edu.na> wrote:> The upgrade shouldn't have touched the Samba database, just the > binaries etc, so check the smb.conf file and recreate it if you cannot > find it, or if it is incorrect. > The smb.conf still exists > [global] > workgroup = IUMNET > realm = IUMNET.EDU.NA > netbios name = IUMDCDP01 > server role = active directory domain controller > dns forwarder = 172.16.10.254 > domain master = yes > preferred master = yes > # server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap > password server = 172.16.10.5 > allow dns updates = nonsecure and secure > # lanman auth = Yes > # client lanman auth = Yes > ntlm auth = yes > client use spnego = no > client ldap sasl wrapping = sign > # ldap ssl ads = yes > # ldap ssl = start tls > ldap server require strong auth = no > # wins server = iumnet.edu.na > # wins support = Yes > time server = Yes > template shell = /bin/bash > template homedir = /home/%U > # idmap config * : backend = tdb > # idmap config *:range = 50000-1000000 > full_audit:prefix = %u|%I|%m|%S > full_audit:failure = connect > full_audit:success = connect disconnect > > seize the FSMO roles to another DC, forcibly demote the dead DC > Please help with the commands to seize the FSMO roles to another DC > and forcibly demote the dead DC.OK, open a terminal on the DC you want to seize the FSMO roles to. Type 'samba-tool --help' This will show you the sub-commands available, the first one you want is 'fsmo', so enter 'samba-tool fsmo --help' This will display: Usage: samba-tool fsmo <subcommand> Flexible Single Master Operations (FSMO) roles management. Options: -h, --help show this help message and exit Available subcommands: seize - Seize the role. show - Show the roles. transfer - Transfer the role. For more help on a specific subcommand, please type: samba-tool fsmo <subcommand> (-h|--help) Now enter 'samba-tool fsmo seize --help' From the output of the above command, you should be able to work out the command to seize the FSMO roles to this DC is: samba-tool fsmo seize --role=all --force -UAdministrator You will be prompted for a password The roles should be now be 'seized' to this DC. You can use another user instead of 'Administrator', but the user must have the required permissions. you use '--force' to stop the command trying to transfer the roles, this will fail because the old DC is offline, so why bother ;-) I will leave you to work out how to remove the other dead server, but as a hint, it is under 'samba-tool domain' Rowland
Hi Rowland The samba-tool command is not working please see the error below: root at iumdcdp01:/home/administrator# samba-tool ERROR(<type 'exceptions.ValueError'>): uncaught exception - bad marshal data (unknown type code) File "/usr/bin/samba-tool", line 46, in <module> retval = cmd._run("samba-tool", subcommand, *args) File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 210, in _run cmd = self.subcommands[cmd_name] File "/usr/lib/python2.7/dist-packages/samba/netcmd/main.py", line 35, in __getitem__ fromlist=['cmd_%s' % attr]), Please help to fix it. *Harsh Kukreja *Systems Administrator *International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja @ium.edu.na - Web: *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA On Fri, Nov 17, 2017 at 12:06 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Fri, 17 Nov 2017 11:38:22 +0200 > Harsh Kukreja <h.kukreja at ium.edu.na> wrote: > > > The upgrade shouldn't have touched the Samba database, just the > > binaries etc, so check the smb.conf file and recreate it if you cannot > > find it, or if it is incorrect. > > The smb.conf still exists > > [global] > > workgroup = IUMNET > > realm = IUMNET.EDU.NA > > netbios name = IUMDCDP01 > > server role = active directory domain controller > > dns forwarder = 172.16.10.254 > > domain master = yes > > preferred master = yes > > # server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap > > password server = 172.16.10.5 > > allow dns updates = nonsecure and secure > > # lanman auth = Yes > > # client lanman auth = Yes > > ntlm auth = yes > > client use spnego = no > > client ldap sasl wrapping = sign > > # ldap ssl ads = yes > > # ldap ssl = start tls > > ldap server require strong auth = no > > # wins server = iumnet.edu.na > > # wins support = Yes > > time server = Yes > > template shell = /bin/bash > > template homedir = /home/%U > > # idmap config * : backend = tdb > > # idmap config *:range = 50000-1000000 > > full_audit:prefix = %u|%I|%m|%S > > full_audit:failure = connect > > full_audit:success = connect disconnect > > > > seize the FSMO roles to another DC, forcibly demote the dead DC > > Please help with the commands to seize the FSMO roles to another DC > > and forcibly demote the dead DC. > > OK, open a terminal on the DC you want to seize the FSMO roles to. > Type 'samba-tool --help' > This will show you the sub-commands available, the first one you want > is 'fsmo', so enter 'samba-tool fsmo --help' > > This will display: > > Usage: samba-tool fsmo <subcommand> > > Flexible Single Master Operations (FSMO) roles management. > > > Options: > -h, --help show this help message and exit > > > Available subcommands: > seize - Seize the role. > show - Show the roles. > transfer - Transfer the role. > For more help on a specific subcommand, please type: samba-tool fsmo > <subcommand> (-h|--help) > > Now enter 'samba-tool fsmo seize --help' > > From the output of the above command, you should be able to work out > the command to seize the FSMO roles to this DC is: > > samba-tool fsmo seize --role=all --force -UAdministrator > > You will be prompted for a password > > The roles should be now be 'seized' to this DC. > > You can use another user instead of 'Administrator', but the user must > have the required permissions. > > you use '--force' to stop the command trying to transfer the roles, > this will fail because the old DC is offline, so why bother ;-) > > I will leave you to work out how to remove the other dead server, but > as a hint, it is under 'samba-tool domain' > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >