Displaying 20 results from an estimated 2000 matches similar to: "LDAP_INSUFFICIENT_ACCESS_RIGHTS error stops FSMO transfer"
2017 Jan 27
0
LDAP_INSUFFICIENT_ACCESS_RIGHTS error stops FSMO transfer
Quoting Adam Tauno Williams via samba <samba at lists.samba.org>:
> Attempting to move FSMO roles from one SerNET Samba 4.5.4 DC to
> another, all roles transfered except the DNS related ones - those
> fail with an LDAP_INSUFFICIENT_ACCESS_RIGHTS
> [root at larkin28 ~]# samba-tool fsmo transfer --role=forestdns
> ERROR: Failed to delete role 'forestdns': LDAP error
2019 Mar 25
3
FSMO transfer problems
Hello all,
Have joined a new DC to an existing active directory consisting of a
sole DC. So, we now have two domain controllers, the original being
ad.DOMAIN.intranet (192.168.0.17), and the new one being
DOMAIN-ad.DOMAIN.intranet (192.168.0.11). I want the new DC to become
the FSMO role owner, so I followed the instructions here -
2016 Dec 13
1
Doubt about Global Catalog on Samba 4
> > Initially, it appears to have worked. ...
> > It shows the same on one of the S4 DCs, but the
> > DomainDnsZonesMasterRole still shows as "no current owner" on the
> > third S4 DC [all Sernet 4.5.2]. Argh.
> You could try checking the database on the third DC, 'samba-tool
> dbcheck --help' for more info.
> You could also try forcing
2016 Jul 07
4
FSMO Transfer fail
Fail! :-(
root at gteste2:~# samba-tool fsmo transfer --role=all -UAdministrador
FSMO transfer of 'rid' role successful
FSMO transfer of 'pdc' role successful
FSMO transfer of 'naming' role successful
FSMO transfer of 'infrastructure' role successful
FSMO transfer of 'schema' role successful
ERROR(<type 'exceptions.UnboundLocalError'>):
2017 Dec 12
3
Errors transferring forestdns and domaindns FSMO roles
I am attempting to transfer the all FSMO roles from an old DC to our new DC.
Both DCs are running Samba 4.7.3. I have transferred the Schma,
Infrastructure, RID, PDC and Naming roles without issue.
unfortunately, the forestdns and domaindns roles are giving me grief.
Here is the output of the commands
root at dc1:~# samba-tool fsmo transfer --role=forestdns
ldb_wrap open of secrets.ldb
2016 Dec 13
2
Doubt about Global Catalog on Samba 4
On Mon, 2016-12-12 at 19:45 +0000, Rowland Penny via samba wrote:
> You seem to be missing two FSMO roles:
> > > DomainDnsZonesMasterRole
> > > ForestDnsZonesMasterRole
> > > Just what version of Samba are you using ?
> > My Samba 4.5.2 domain also appears to be missing these roles.
> > Can I simply seize these roles?
> > [root at larkin27 ~]#
2016 Sep 19
4
Error "Failed extended allocation RID pool operation..."
On Mon, 19 Sep 2016 11:57:38 -0400
Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote:
> > On Mon, 19 Sep 2016 10:42:34 -0400
> > Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
>
> > > On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:
> >
2016 Sep 19
2
Error "Failed extended allocation RID pool operation..."
Am 19.09.2016 um 19:08 schrieb Achim Gottinger via samba:
>
>
> Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba:
>> On Mon, 19 Sep 2016 11:57:38 -0400
>> Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
>>
>>> On Mon, 2016-09-19 at 16:15 +0100, Rowland Penny via samba wrote:
>>>> On Mon, 19 Sep 2016 10:42:34 -0400
2016 Sep 19
2
Error "Failed extended allocation RID pool operation..."
On 9/19/2016 1:37 PM, Rowland Penny via samba wrote:
> On Mon, 19 Sep 2016 19:19:08 +0200
> Achim Gottinger via samba <samba at lists.samba.org> wrote:
>
>>
>> Am 19.09.2016 um 19:08 schrieb Achim Gottinger via samba:
>>>
>>> Am 19.09.2016 um 18:21 schrieb Rowland Penny via samba:
>>>> On Mon, 19 Sep 2016 11:57:38 -0400
>>>> Adam
2017 Feb 14
2
ldapcmp finds differences of "DC" vs "dc"???
Attempting to debug issues with replication I ldapcmd finds
differences with the case of the "DC" attribute?
Is this normal?
LARKIN28 is Samba4 4.5.4, while WINDC1 is Windows 2008R2.
[root at larkin28 samba]# samba-tool ldapcmp ldap://larkin28.micore.us
ldap://windc1.micore.us -Uadministrator dnsdomain
Password for [BACKBONE\administrator]:
* Comparing [DNSDOMAIN] context...
*
2023 Jan 12
1
problems with sysvol after fsmo transfer
Am 12.01.23 um 12:25 schrieb Rowland Penny via samba:
>
> On 12/01/2023 10:53, Thorsten Marquardt via samba wrote:
>> Thank you so far. But unfortunately I could not fix the problems. So I
>> decided to start over again at a situation where all the fsmo roles
>> resides on the old controller.
>>
>> Here is a transcript of what I did and the errors reported:
2017 Oct 05
2
Magically disappearing errors during FSMO transfer
Recently tried transferring roles from Samba 4.3.11 to Samba 4.7.0. Ultimately,
both dcs agreed that the 4.7.0 dc (dc3) had all the roles and replication and
the databases were in good shape. However, during the process, I got a lot of
errors that seemed to magically disappear.
Should I be worried?
root at dc3:~# samba-tool fsmo show SchemaMasterRole owner: CN=NTDS
2017 Jan 16
2
Initial replication halts with "The handle is invalid." (msDS-NC-Replica-Locations corrupted?)
On Sun, 15 Jan 2017 20:14:12 -0500
Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> On Sun, 2017-01-15 at 14:39 -0500, Adam Tauno Williams via samba
> wrote:
> > Adding a Windows2008RC to an SerNET S4 4.5.3 (forest level 2008R2)
> > domain hangs at replication CN=Configuration received 1630 out of
> > approximately 1663 objects.
> > Only
2023 Jan 12
1
problems with sysvol after fsmo transfer
On 12/01/2023 10:53, Thorsten Marquardt via samba wrote:
> Thank you so far. But unfortunately I could not fix the problems. So I
> decided to start over again at a situation where all the fsmo roles
> resides on the old controller.
>
> Here is a transcript of what I did and the errors reported:
>
> The inititial position
>
> srv-kb-dc1:~ # samba-tool fsmo show
>
2016 Sep 19
2
Error "Failed extended allocation RID pool operation..."
On Mon, 19 Sep 2016 10:42:34 -0400
Adam Tauno Williams via samba <samba at lists.samba.org> wrote:
> On Mon, 2016-09-19 at 15:15 +0100, Rowland Penny via samba wrote:
> > No it shouldn't be replicated, the big hint is
> > 'FLAG_ATTR_NOT_REPLICATED', it should only be on the DC that holds
> > the
> > RID master FSMO role, so I supposed the question is,
2015 Apr 15
1
wbinfo -u/-g/-n works, but not 'wbinfo -i' or 'id'
Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>>>> It should work, it sounds like a mis-configuration somewhere, can you
>>>> post the smb.conf, /etc/nsswitch.conf, /etc/resolv.conf and
>>>> /etc/krb5.conf from the member server.
>>> "wbinfo -u" lists 415 lines
>>> "getent passwd" returns 93 lines
2017 Aug 04
2
Error while transferring fsmo-roles
Hello,
I transfered all fsmo-roles from a DC (4.3.11-SerNet, SLES 11 SP3) to another DC (4.6.6-SerNet, SLES 12 SP2).
I had to try a couple of times because of an error "Failed FSMO transfer: NT_STATUS_IO_TIMEOUT"
But then following error happened:
samba-tool fsmo transfer --role=all
This DC already has the 'rid' FSMO role
This DC already has the 'pdc' FSMO role
2016 Jul 07
2
FSMO Transfer fail
Hi for All!
I am using a Windows Server 2008R2 as primary DC and a Ubuntu Server 16.04
as secundary DC with Samba 4.3.9 (from repository/apt-get).
During a migration test of FSMO roles I received an error from Samba:
root at gteste2:~# samba-tool fsmo transfer --role=all
ERROR: Failed to delete role 'domaindns': LDAP error 50
LDAP_INSUFFICIENT_ACCESS_RIGHTS - <00002098: SecErr:
2017 Jan 16
4
Initial replication halts with "The handle is invalid." (msDS-NC-Replica-Locations corrupted?)
Quoting Adam Tauno Williams via samba <samba at lists.samba.org>:
> Quoting Rowland Penny via samba <samba at lists.samba.org>:
>>> samba-tool's dbcheck finds only two errors in cn=Configuration, but it
>>> does not repair them. These appear to be references to an original,
>>> long since demoted, DC. But these values appear in neither the
2017 Jan 15
2
Initial replication halts with "The handle is invalid."
Adding a Windows2008RC to an SerNET S4 4.5.3 (forest level 2008R2)
domain hangs at replication CN=Configuration received 1630 out of
approximately 1663 objects.
Only message I can find in the event log on the 2008R2 server is -
Internal event: The local directory service received an exception from
a remote procedure call (RPC) connection. Extended error information is
not available.
directory