The upgrade shouldn't have touched the Samba database, just the
binaries etc, so check the smb.conf file and recreate it if you cannot
find it, or if it is incorrect.
The smb.conf still exists
[global]
workgroup = IUMNET
realm = IUMNET.EDU.NA
netbios name = IUMDCDP01
server role = active directory domain controller
dns forwarder = 172.16.10.254
domain master = yes
preferred master = yes
# server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
password server = 172.16.10.5
allow dns updates = nonsecure and secure
# lanman auth = Yes
# client lanman auth = Yes
ntlm auth = yes
client use spnego = no
client ldap sasl wrapping = sign
# ldap ssl ads = yes
# ldap ssl = start tls
ldap server require strong auth = no
# wins server = iumnet.edu.na
# wins support = Yes
time server = Yes
template shell = /bin/bash
template homedir = /home/%U
# idmap config * : backend = tdb
# idmap config *:range = 50000-1000000
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = connect disconnect
seize the FSMO roles to another DC, forcibly demote the dead DC
Please help with the commands to seize the FSMO roles to another DC and
forcibly demote the dead DC.
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Thu, Nov 16, 2017 at 11:35 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 16 Nov 2017 23:13:27 +0200
> "Kukreja H.Kukreja via samba" <samba at lists.samba.org>
wrote:
>
> > Hi I upgraded my samba 4 DC running on Ubuntu 12.04 from 4.6.7 to
> > 4.6.10 sernet samba package.
> >
> > apt-get update
> > apt-get upgrade sernet-samba
> > While downloading the new package the internet went down and it
> > stopped so later when the connection was restored I started it again
> > with ap-get upgrade sernet-samba and it started again.
> > Now after rebooting the server the sernet-samba-ad service is not
> > running and failing with error SAMBA NOT CONFIGURED AS DC. The
> > testparm command is giving an error /var/run/samba pid missing so I
> > have copied the folder from another running DC running 4.7.1.
> >
> > Please help to resolve the problem. This is a main DC and I have
> > still not transferred the FSMO rules to the new 4.7.1 server.
> >
> > Thanks n Regards
> >
> > Harsh
> >
> > Sent from my iPhone
>
> The upgrade shouldn't have touched the Samba database, just the
> binaries etc, so check the smb.conf file and recreate it if you cannot
> find it, or if it is incorrect.
>
> If all else fails and because you seem to have other DCs, turn off the
> DC, seize the FSMO roles to another DC, forcibly demote the dead DC.
>
> Re-install the OS on the old DC, do not use the old DCs ipaddress
> or hostname. Now install Samba and join it to the domain as another DC
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
On Fri, 17 Nov 2017 11:38:22 +0200 Harsh Kukreja <h.kukreja at ium.edu.na> wrote:> The upgrade shouldn't have touched the Samba database, just the > binaries etc, so check the smb.conf file and recreate it if you cannot > find it, or if it is incorrect. > The smb.conf still exists > [global] > workgroup = IUMNET > realm = IUMNET.EDU.NA > netbios name = IUMDCDP01 > server role = active directory domain controller > dns forwarder = 172.16.10.254 > domain master = yes > preferred master = yes > # server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap > password server = 172.16.10.5 > allow dns updates = nonsecure and secure > # lanman auth = Yes > # client lanman auth = Yes > ntlm auth = yes > client use spnego = no > client ldap sasl wrapping = sign > # ldap ssl ads = yes > # ldap ssl = start tls > ldap server require strong auth = no > # wins server = iumnet.edu.na > # wins support = Yes > time server = Yes > template shell = /bin/bash > template homedir = /home/%U > # idmap config * : backend = tdb > # idmap config *:range = 50000-1000000 > full_audit:prefix = %u|%I|%m|%S > full_audit:failure = connect > full_audit:success = connect disconnect > > seize the FSMO roles to another DC, forcibly demote the dead DC > Please help with the commands to seize the FSMO roles to another DC > and forcibly demote the dead DC.OK, open a terminal on the DC you want to seize the FSMO roles to. Type 'samba-tool --help' This will show you the sub-commands available, the first one you want is 'fsmo', so enter 'samba-tool fsmo --help' This will display: Usage: samba-tool fsmo <subcommand> Flexible Single Master Operations (FSMO) roles management. Options: -h, --help show this help message and exit Available subcommands: seize - Seize the role. show - Show the roles. transfer - Transfer the role. For more help on a specific subcommand, please type: samba-tool fsmo <subcommand> (-h|--help) Now enter 'samba-tool fsmo seize --help' From the output of the above command, you should be able to work out the command to seize the FSMO roles to this DC is: samba-tool fsmo seize --role=all --force -UAdministrator You will be prompted for a password The roles should be now be 'seized' to this DC. You can use another user instead of 'Administrator', but the user must have the required permissions. you use '--force' to stop the command trying to transfer the roles, this will fail because the old DC is offline, so why bother ;-) I will leave you to work out how to remove the other dead server, but as a hint, it is under 'samba-tool domain' Rowland
Hi Rowland
The samba-tool command is not working please see the error below:
root at iumdcdp01:/home/administrator# samba-tool
ERROR(<type 'exceptions.ValueError'>): uncaught exception - bad
marshal
data (unknown type code)
File "/usr/bin/samba-tool", line 46, in <module>
retval = cmd._run("samba-tool", subcommand, *args)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
line
210, in _run
cmd = self.subcommands[cmd_name]
File "/usr/lib/python2.7/dist-packages/samba/netcmd/main.py", line
35, in
__getitem__
fromlist=['cmd_%s' % attr]),
Please help to fix it.
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Fri, Nov 17, 2017 at 12:06 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Fri, 17 Nov 2017 11:38:22 +0200
> Harsh Kukreja <h.kukreja at ium.edu.na> wrote:
>
> > The upgrade shouldn't have touched the Samba database, just the
> > binaries etc, so check the smb.conf file and recreate it if you cannot
> > find it, or if it is incorrect.
> > The smb.conf still exists
> > [global]
> > workgroup = IUMNET
> > realm = IUMNET.EDU.NA
> > netbios name = IUMDCDP01
> > server role = active directory domain controller
> > dns forwarder = 172.16.10.254
> > domain master = yes
> > preferred master = yes
> > # server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
> > password server = 172.16.10.5
> > allow dns updates = nonsecure and secure
> > # lanman auth = Yes
> > # client lanman auth = Yes
> > ntlm auth = yes
> > client use spnego = no
> > client ldap sasl wrapping = sign
> > # ldap ssl ads = yes
> > # ldap ssl = start tls
> > ldap server require strong auth = no
> > # wins server = iumnet.edu.na
> > # wins support = Yes
> > time server = Yes
> > template shell = /bin/bash
> > template homedir = /home/%U
> > # idmap config * : backend = tdb
> > # idmap config *:range = 50000-1000000
> > full_audit:prefix = %u|%I|%m|%S
> > full_audit:failure = connect
> > full_audit:success = connect disconnect
> >
> > seize the FSMO roles to another DC, forcibly demote the dead DC
> > Please help with the commands to seize the FSMO roles to another DC
> > and forcibly demote the dead DC.
>
> OK, open a terminal on the DC you want to seize the FSMO roles to.
> Type 'samba-tool --help'
> This will show you the sub-commands available, the first one you want
> is 'fsmo', so enter 'samba-tool fsmo --help'
>
> This will display:
>
> Usage: samba-tool fsmo <subcommand>
>
> Flexible Single Master Operations (FSMO) roles management.
>
>
> Options:
> -h, --help show this help message and exit
>
>
> Available subcommands:
> seize - Seize the role.
> show - Show the roles.
> transfer - Transfer the role.
> For more help on a specific subcommand, please type: samba-tool fsmo
> <subcommand> (-h|--help)
>
> Now enter 'samba-tool fsmo seize --help'
>
> From the output of the above command, you should be able to work out
> the command to seize the FSMO roles to this DC is:
>
> samba-tool fsmo seize --role=all --force -UAdministrator
>
> You will be prompted for a password
>
> The roles should be now be 'seized' to this DC.
>
> You can use another user instead of 'Administrator', but the user
must
> have the required permissions.
>
> you use '--force' to stop the command trying to transfer the roles,
> this will fail because the old DC is offline, so why bother ;-)
>
> I will leave you to work out how to remove the other dead server, but
> as a hint, it is under 'samba-tool domain'
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>