On 12/01/2023 12:51, Rowland Penny via samba wrote:> > > On 12/01/2023 12:28, Thorsten Marquardt via samba wrote: >> >> Okay back to the start an I try again. This time role by role. Here I >> don't get timeouts (why do they come up with role=all ?) and I'm not >> prompted for password of DOMAIN\root > > You should never get prompted for the password for 'DOMAIN\root', if you > do, then you doing something wrong or something has gone wrong. > >> (what happens when transferring the *dns roles): > >> >> srv-kb-dc1:~ # klist >> Ticket cache: DIR::/run/user/0/krb5cc/tkt > > What OS is this ? > >> Default principal: administrator at MY.LOCAL.DOM >> >> Valid starting?????? Expires????????????? Service principal >> 12.01.2023 12:57:56? 12.01.2023 22:57:56 krbtgt/MY.LOCAL.DOM at MY.LOCAL.DOM >> ???????? renew until 13.01.2023 12:57:54 >> srv-kb-dc1:~ # samba-tool fsmo transfer --role=rid -k yes >> FSMO transfer of 'rid' role successful >> srv-kb-dc1:~ # samba-tool fsmo transfer --role=pdc -k yes >> FSMO transfer of 'pdc' role successful >> srv-kb-dc1:~ # samba-tool fsmo transfer --role=naming -k yes >> FSMO transfer of 'naming' role successful >> srv-kb-dc1:~ # samba-tool fsmo transfer --role=infrastructure -k yes >> FSMO transfer of 'infrastructure' role successful >> srv-kb-dc1:~ # samba-tool fsmo transfer --role=schema -k yes >> FSMO transfer of 'schema' role successful >> srv-kb-dc1:~ # samba-tool fsmo transfer --role=domaindns -k yes >> ERROR(<type 'exceptions.AttributeError'>): uncaught exception - >> 'module' object has no attribute 'drs_utils' > > That is something different, you appear to be missing a python module > and I haven't seen that for a few years, what version of Samba is this? > >> ?? File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", >And then after my last post I noticed something I missed before. Whatever version of Samba is in use, it is that old it is still using python 2 Okay, find a file called 'fsmo.py' and open it in your favourite editor. Scroll down to the line 'from samba.auth import system_session', beneath that line, add a new line: import samba.drs_utils Close and save the file. Your error should now go away. Rowland
Am 12.01.23 um 14:03 schrieb Rowland Penny via samba:> On 12/01/2023 12:51, Rowland Penny via samba wrote: >> On 12/01/2023 12:28, Thorsten Marquardt via samba wrote: >>> srv-kb-dc1:~ # klist >>> Ticket cache: DIR::/run/user/0/krb5cc/tkt >> What OS is this ?the old host: srv-kb-primdc:~ # cat /etc/os-release NAME="openSUSE Leap" VERSION="42.3" ID=opensuse ID_LIKE="suse" VERSION_ID="42.3" PRETTY_NAME="openSUSE Leap 42.3" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:42.3" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" srv-kb-primdc:~ # uname -a Linux srv-kb-primdc 4.4.76-1-default #1 SMP Fri Jul 14 08:48:13 UTC 2017 (9a2885c) x86_64 x86_64 x86_64 GNU/Linux srv-kb-primdc:~ # smbd -V Version 4.7.4 # (build from sources years ago) and the new one: srv-kb-dc1:~ # cat /etc/os-release NAME="openSUSE Leap" VERSION="15.0" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.0" PRETTY_NAME="openSUSE Leap 15.0" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:leap:15.0" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" srv-kb-dc1:~ # uname -a Linux srv-kb-dc1 4.12.14-lp150.12.82-default #1 SMP Tue Nov 12 16:32:38 UTC 2019 (c939e24) x86_64 x86_64 x86_64 GNU/Linux srv-kb-dc1:~ # smbd -V Version 4.7.11-git.186.d75219614c3lp150.3.18.2-SUSE-oS15.0-x86_64 I know these os's are realy outdated and want to lift them up to the current versions. But I fear to make to big leaps with samba. That's why I set up the new host with the old release. I was afraid that something is breaking my domain if I use the latest openSUSE Leap 15.4 (I don't know what samba is packed along with it but it's 4.15.x afair) on the new host and have both samba versions mixed in the same domain as domain controllers.>>> Default principal:administrator at MY.LOCAL.DOM >>> >>> Valid starting?????? Expires????????????? Service principal >>> 12.01.2023 12:57:56? 12.01.2023 22:57:56krbtgt/MY.LOCAL.DOM at MY.LOCAL.DOM >>> ???????? renew until 13.01.2023 12:57:54 >>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=rid -k yes >>> FSMO transfer of 'rid' role successful >>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=pdc -k yes >>> FSMO transfer of 'pdc' role successful >>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=naming -k yes >>> FSMO transfer of 'naming' role successful >>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=infrastructure -k yes >>> FSMO transfer of 'infrastructure' role successful >>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=schema -k yes >>> FSMO transfer of 'schema' role successful >>> srv-kb-dc1:~ # samba-tool fsmo transfer --role=domaindns -k yes >>> ERROR(<type 'exceptions.AttributeError'>): uncaught exception - >>> 'module' object has no attribute 'drs_utils' >> That is something different, you appear to be missing a python module >> and I haven't seen that for a few years, what version of Samba is this? >> >>> ?? File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", > And then after my last post I noticed something I missed before. > Whatever version of Samba is in use, it is that old it is still using > python 2 > > Okay, find a file called 'fsmo.py' and open it in your favourite editor. > Scroll down to the line 'from samba.auth import system_session', beneath > that line, add a new line: > > import samba.drs_utils > > Close and save the file. > > Your error should now go away. > > RowlandThings work very much better now. Transfering the roles step by step ( --role=[rid|pdc|infrastructure|schema|naming|domaindns|forestdns] ) works fine. I didn't try to use --role=all --- gebranntes Kind scheut's Feuer - as we say in german ;-). And finally I got it (hopefully). I stopped the firewall on the new host and my problems seem to vanish.... I will stop samba on the old host tomorrow and see whether problems pop up. If not, I'll demote the old host and upgrade the new one step by step. Or are there objections? Thank you very much for all your efforts.