On 19/06/2011 01:33, Alan Morais wrote:
2011/6/18 Matthieu Patou<[email protected]>
Better try this:
./bin/samba-tool fsmo show --url=ldap://127.0.0.1 -U administrator
Nice :-)
root@samba4lab:~# /usr/local/samba/bin/samba-tool fsmo show --url=ldap://
127.0.0.1 -U administrator
Password for [SAMBA4\administrator]:
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
SchemaMasterRole owner: CN=NTDS
Settings,CN=SAMBA4LAB,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=samba4,DC=casa
So all roles have transferred to your samba DC
You say windows 2003 is it 2003 or 2003r2 ? We mostly test Windows 2003r2,
Windows 2008 and Windows 2008r2. So we might have some corner cases still
with Windows 2003 (we had last year with samba joining a Windows 2003 DC
domain).
Once I have your answer I'll try to setup a domain join samba, seize roles
and try to dcpromo /remove on Windows. It might not be the best idea when
the other DCs is saying that it wants to leave the domain to try to keep it
informed about changes ...
If you are in hurry and you transferred all the roles to samba you can
safely remove the DC by removing the entry in Domain controllers + the
Server entries in the Configuration naming context, but there isn't much
interests do it as it will still leave some attributes. This issue should be
solved soon as we have a couple of patchs waiting in the queue for this but
for the moment they are not there ...
Matthieu
I'm using win 2003, so R2 is more recommended to work with Samba4? ( makes
sense, compatibility issues, even M$ products have this :P )
It's not recommended it's just that we mostly use this version and
Windows 2008R2 really so most of the tests and some real life usage are
done with those version. It didn't means that we won't support others
but they are more likely to have bugs, knowing also your exact version
of windows helps us to reproduce.
i will setup a 2003r2 Box to continue running tests( another DC), and wait
for those patchs ( no hurry for that )
Note that if it's a test environment you can send us traces, see
https://wiki.samba.org/index.php/Capture_Packets.
With this trace and an extract of your domain keytabs we can do great
things.
Be sure not to have any sensitive information in the test domains (ie.
no real production data that you would like to see on internet and no
real production passwords).
If it is so (so no sensitive information) then please export your keytab
like this:
samba-tool export keytab my.keytab.
Domain keytab will be stored in the file my.keytab.
Matthieu
--
Matthieu Patou
Samba Team http://samba.org
Private repo http://git.samba.org/?p=mat/samba.git;a=summary
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
