El 29 de octubre de 2021 13:09:29 GMT-04:00, Rowland Penny via samba <samba
at lists.samba.org> escribi?:>On Fri, 2021-10-29 at 12:36 -0400, Rommel Rodriguez Toirac via samba
>wrote:
>> Hello all;
>>
>> I have join a new domain controller [gtmad2](Ubuntu with samba4
>> version 4.14.8) to a Samba4 Domain (main DC version 4.14.3 in
>> CentOS8)[gtmad1].
>> I want to replace the samba-4.14.3 (CentOS8)[host name gtmad1] and I
>> have transferered the FSMO roles to the new one samba-4.14.8 (Ubuntu
>> 20.04)[hostname gtmad2]
>>
>> Here the transfer commands:
>>
>> root at gtmad2:~# samba-tool fsmo transfer --role=rid
>> FSMO transfer of 'rid' role successful
>> root at gtmad2:~# samba-tool fsmo transfer --role=pdc
>> FSMO transfer of 'pdc' role successful
>> root at gtmad2:~# samba-tool fsmo transfer --role=infrastructure
>> FSMO transfer of 'infrastructure' role successful
>> root at gtmad2:~# samba-tool fsmo transfer --role=schema
>> FSMO transfer of 'schema' role successful
>> root at gtmad2:~# samba-tool fsmo transfer --role=naming
>> FSMO transfer of 'naming' role successful
>> root at gtmad2:~# samba-tool fsmo transfer --role=domaindns
>> -UAdministrator
>> Password for [ATGTM00\Administrator]:
>> FSMO transfer of 'domaindns' role successful
>> root at gtmad2:~# samba-tool fsmo transfer --role=forestdns
>> -UAdministrator
>> Password for [ATGTM00\Administrator]:
>> FSMO transfer of 'forestdns' role successful
>>
>> All transfer were successful, but when I check I have a problem.
>> From the new DC [gtmad2] still look the other DC [gtmad1] as owner
>> of the FSMO roles and from gtmad1 it look to gtmad2 like the FSMO
>> roles owner.
>>
>> root at gtmad2:~# samba-tool fsmo
>> show
>> SchemaMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> InfrastructureMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> RidAllocationMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> PdcEmulationMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> DomainNamingMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> DomainDnsZonesMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> ForestDnsZonesMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> root at gtmad2:~#
>>
>> [root at gtmad1 samba]# samba-tool fsmo show
>> ldb_wrap open of secrets.ldb
>> SchemaMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> InfrastructureMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> RidAllocationMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> PdcEmulationMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> DomainNamingMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> DomainDnsZonesMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> ForestDnsZonesMasterRole owner: CN=NTDS
>> Settings,CN=GTMAD2,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
>> [root at gtmad1 samba]#
>>
>>
>> What could be possible to to be wrong?
>> Any ideas?
>
>Well, that is weird, first thought was faulty replication, but it has
>replicated to the old DC and isn't showing on the new DC.
>
>I have checked on my DC's and the rid FSMO transferred OK. I would
>check if the FSMO roles are still showing as being on two DC's (if you
>have more than two DC's, check those as well). If they are, try
>transferring them back and see what happens. If they do transfer back,
>you need to examine gtmad2 to see if there is anything wrong with that.
>
>Rowland
>
>
>
Thanks Rowland to write me back.
The third DC [hostname gtmad] also sees gtmad1 as the owner of the FSMO roles.
[root at gtmad ~]# samba-tool fsmo show
ldb_wrap open of secrets.ldb
SchemaMasterRole has no current owner
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=GTMAD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=gtm,DC=onat,DC=gob,DC=cu
DomainDnsZonesMasterRole has no current owner
ForestDnsZonesMasterRole has no current owner
[root at gtmad ~]#
I have to check gtmad2 (the new Domain Controller added to domain). For
Eixample? what to check?
--
Rommel Rodriguez Toirac
rommelrt at nauta.cu