Hi everyone!
I hope this message finds you well. I am reaching out to seek
assistance regarding an issue I am experiencing while transferring
domain roles in my Samba setup.
In a previous email thread that I no longer have access to, I
encountered a similar problem, which I would like to reference: Samba
Mailing List Archive.
Currently, I am attempting to transfer the 'forestdns' role using the
following command:
root at dc02:~# samba-tool fsmo transfer --role=forestdns -UAdministrator
However, I am receiving the following error:
ERROR: Failed to add role 'forestdns': LDAP error 53
LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-031535B9, problem
5003 (WILL_NOT_PERFORM), data 0
I have inherited an old Active Directory server running Windows Server
2012, which I am in the process of migrating to Samba. The domain I am
working with ends in .local, which I understand does not comply with
RFC standards for domain names.
I suspect that the error I am encountering may be related to the
domain name. I have thoroughly checked the server configuration and
have not found any other reasons for this issue.
Do you believe that the problem could be associated with the domain
name? Is there a possibility that Samba has introduced new validations
that were not present in previous versions?
For your reference, here are some details about my setup:
root at dc02:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 24.04.1 LTS
Release: 24.04
Codename: noble
root at dc02:~# smbd --version
Version 4.19.5-Ubuntu
root at dc02:~# cat /etc/samba/smb.conf
# Global parameters
[global]
netbios name = DC02
realm = Example.LOCAL
server role = active directory domain controller
workgroup = Example
dns forwarder = 1.1.1.3
idmap_ldb:use rfc2307 = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[netlogon]
path = /var/lib/samba/sysvol/example.local/scripts
read only = No
If the domain name is indeed the issue, what options do you recommend
for changing the domain name? I hope the problem is not related to the
domain itself and that I might be overlooking something else.
I appreciate any insights or guidance you can provide regarding this
matter. Thank you for your time and assistance.
Best regards,
On Tue, 21 Jan 2025 20:31:11 -0300 Epsilon Minus via samba <samba at lists.samba.org> wrote:> Hi everyone! > > I hope this message finds you well. I am reaching out to seek > assistance regarding an issue I am experiencing while transferring > domain roles in my Samba setup. > > In a previous email thread that I no longer have access to, I > encountered a similar problem, which I would like to reference: Samba > Mailing List Archive. > > Currently, I am attempting to transfer the 'forestdns' role using the > following command: > > > root at dc02:~# samba-tool fsmo transfer --role=forestdns -UAdministrator > > However, I am receiving the following error: > > ERROR: Failed to add role 'forestdns': LDAP error 53 > LDAP_UNWILLING_TO_PERFORM - <000020AE: SvcErr: DSID-031535B9, problem > 5003 (WILL_NOT_PERFORM), data 0 > > I have inherited an old Active Directory server running Windows Server > 2012, which I am in the process of migrating to Samba. The domain I am > working with ends in .local, which I understand does not comply with > RFC standards for domain names. > > I suspect that the error I am encountering may be related to the > domain name. I have thoroughly checked the server configuration and > have not found any other reasons for this issue.No, I doubt it is anything to do with '.local', that would affect dns rather than transferring an FSMO role. I fear it may be something worse, you say it is an old AD, could it be that old that it started off as either a 2K or 2003 domain ? If it did then you may still be using the older dns system that doesn't have the _msdcs subdomain. Try reading this: https://ftp.zx.net.nz/pub/archive/ftp.microsoft.com/MISC/KB/en-us/817/470.HTM Rowland