samba - Jan 2023 - problems with sysvol after fsmo transfer

On 12/01/2023 12:28, Thorsten Marquardt via samba wrote:
> 
> Okay back to the start an I try again. This time role by role. Here I 
> don't get timeouts (why do they come up with role=all ?) and I'm
not
> prompted for password of DOMAIN\root
You should never get prompted for the password for 'DOMAIN\root', if you
do, then you doing something wrong or something has gone wrong.
> (what happens when transferring the 
> *dns roles):
> 
> srv-kb-dc1:~ # klist
> Ticket cache: DIR::/run/user/0/krb5cc/tkt
What OS is this ?
> Default principal: administrator at MY.LOCAL.DOM
> 
> Valid starting?????? Expires????????????? Service principal
> 12.01.2023 12:57:56? 12.01.2023 22:57:56 krbtgt/MY.LOCAL.DOM at
MY.LOCAL.DOM
>  ??????? renew until 13.01.2023 12:57:54
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=rid -k yes
> FSMO transfer of 'rid' role successful
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=pdc -k yes
> FSMO transfer of 'pdc' role successful
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=naming -k yes
> FSMO transfer of 'naming' role successful
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=infrastructure -k yes
> FSMO transfer of 'infrastructure' role successful
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=schema -k yes
> FSMO transfer of 'schema' role successful
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=domaindns -k yes
> ERROR(<type 'exceptions.AttributeError'>): uncaught exception
- 'module'
> object has no attribute 'drs_utils'
That is something different, you appear to be missing a python module 
and I haven't seen that for a few years, what version of Samba is this?
>  ? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>  ??? return self.run(*args, **kwargs)
>  ? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line
> 520, in run
>  ??? transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
>  ? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line
> 129, in transfer_dns_role
>  ??? except samba.drs_utils.drsException, e:
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=domaindns -k yes
> This DC already has the 'domaindns' FSMO role
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=forestdns -k yes
> ERROR(<type 'exceptions.AttributeError'>): uncaught exception
- 'module'
> object has no attribute 'drs_utils'
>  ? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>  ??? return self.run(*args, **kwargs)
>  ? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line
> 520, in run
>  ??? transfer_dns_role(self.outf, sambaopts, credopts, role, samdb)
>  ? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/fsmo.py", line
> 129, in transfer_dns_role
>  ??? except samba.drs_utils.drsException, e:
> 
> srv-kb-dc1:~ # samba-tool fsmo transfer --role=forestdns -k yes
> This DC already has the 'forestdns' FSMO role
> srv-kb-dc1:~ # nslookup -querytype=srv _ldap._tcp.pdc._msdcs.my.local.dom
> Server:???????? 192.168.1.243
> Address:??????? 192.168.1.243#53
> 
> _ldap._tcp.pdc._msdcs.my.local.dom? service = 0 100 389 
> srv-kb-primdc.my.local.dom.
> 
> Now I get only one host as _ldap._tcp.pdc._msdcs.my.local.dom but it's 
> the wrong one. It should be srv-kb-dc1.my.local.dom. instead of 
> srv-kb-primdc.my.local.dom.
Wait a short while, it should appear.

Rowland

On 12/01/2023 12:51, Rowland Penny via samba wrote:
> 
> 
> On 12/01/2023 12:28, Thorsten Marquardt via samba wrote:
>>
>> Okay back to the start an I try again. This time role by role. Here I 
>> don't get timeouts (why do they come up with role=all ?) and
I'm not
>> prompted for password of DOMAIN\root
> 
> You should never get prompted for the password for 'DOMAIN\root',
if you
> do, then you doing something wrong or something has gone wrong.
> 
>> (what happens when transferring the *dns roles):
> 
>>
>> srv-kb-dc1:~ # klist
>> Ticket cache: DIR::/run/user/0/krb5cc/tkt
> 
> What OS is this ?
> 
>> Default principal: administrator at MY.LOCAL.DOM
>>
>> Valid starting?????? Expires????????????? Service principal
>> 12.01.2023 12:57:56? 12.01.2023 22:57:56 krbtgt/MY.LOCAL.DOM at
MY.LOCAL.DOM
>> ???????? renew until 13.01.2023 12:57:54
>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=rid -k yes
>> FSMO transfer of 'rid' role successful
>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=pdc -k yes
>> FSMO transfer of 'pdc' role successful
>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=naming -k yes
>> FSMO transfer of 'naming' role successful
>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=infrastructure -k yes
>> FSMO transfer of 'infrastructure' role successful
>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=schema -k yes
>> FSMO transfer of 'schema' role successful
>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=domaindns -k yes
>> ERROR(<type 'exceptions.AttributeError'>): uncaught
exception -
>> 'module' object has no attribute 'drs_utils'
> 
> That is something different, you appear to be missing a python module 
> and I haven't seen that for a few years, what version of Samba is this?
> 
>> ?? File
"/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py",
>
And then after my last post I noticed something I missed before. 
Whatever version of Samba is in use, it is that old it is still using 
python 2

Okay, find a file called 'fsmo.py' and open it in your favourite editor.
Scroll down to the line 'from samba.auth import system_session', beneath
that line, add a new line:

import samba.drs_utils

Close and save the file.

Your error should now go away.

Rowland