Re: [Samba] [PATCH] Re: fsmo _role_seize _issue
On Thursday, May 09, 2013 09:24:52 PM Andrew Bartlett wrote: > > What me confuses a bit on the 'fsmo seize' output was, that it first > > says, 'transferd successfull' and in the next line 'FSMO seize was not > > required, as transfer of 'infrastructure' role was successful'. What > > does it mean? > > I am happy to improve the wording, suggestions would be most > appreciated. See python/samba/netcmd/fsmo.py How about: FSMO transfer of 'infrastructure' role suceeded. (FSMO seize was not required.) and FSMO transfer of 'infrastructure' role FAILED. (You must use --force to seize it.) And for pedantic thoroughness: FSMO seizure of 'infrastructure' role succeeded. FSMO seizure of 'infrastructure' role FAILED. Those four messages would clearly communicate what transpired; the latter two imply that a normal transfer failed. N -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Re: fsmo _role_seize _issue
On Thu, 2013-05-09 at 12:13 +0200, Marc Muehlfeld wrote: > Hello Andrew, > > Am 09.05.2013 05:26, schrieb Andrew Bartlett: > > The attached patch should fix this for you. As you might notice, the > > FSMO role transfer is successful, but we then error out. > > > > If I can get an ack from you that this solves your problem, and an ack > > from a team member on the patch, I can get this fixed in master and > > eventually into 4.0.6. > > > Thanks for the patch. I applied it to 4.0.5. Now errors are shown any > more on transfers: > > > > # samba-tool fsmo seize --role=rid > Attempting transfer... > FSMO transfer of 'rid' role successful > FSMO seize was not required, as transfer of 'rid' role was successful > > > # samba-tool fsmo seize --role=schema > Attempting transfer... > FSMO transfer of 'schema' role successful > FSMO seize was not required, as transfer of 'schema' role was successful > > > # samba-tool fsmo seize --role=naming > Attempting transfer... > FSMO transfer of 'naming' role successful > FSMO seize was not required, as transfer of 'naming' role was successful > > > # samba-tool fsmo seize --role=pdc > Attempting transfer... > FSMO transfer of 'pdc' role successful > FSMO seize was not required, as transfer of 'pdc' role was successful > > > # samba-tool fsmo seize --role=infrastructure > Attempting transfer... > FSMO transfer of 'infrastructure' role successful > FSMO seize was not required, as transfer of 'infrastructure' role was > successful > > > [root@Test_DC2 local]# samba-tool fsmo show > InfrastructureMasterRole owner: CN=NTDS > Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de > RidAllocationMasterRole owner: CN=NTDS > Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de > PdcEmulationMasterRole owner: CN=NTDS > Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de > DomainNamingMasterRole owner: CN=NTDS > Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de > SchemaMasterRole owner: CN=NTDS > Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de > > > > Is there a way I can validate, that really everything is 100% fine, so I > won't run into trouble after some days, when the old DC is away and > caches/whatever on windows renews, etc? > > > What me confuses a bit on the 'fsmo seize' output was, that it first > says, 'transferd successfull' and in the next line 'FSMO seize was not > required, as transfer of 'infrastructure' role was successful'. What > does it mean? I am happy to improve the wording, suggestions would be most appreciated. See python/samba/netcmd/fsmo.py What is going on is that unless you --force it, we first try to ask the other server to transfer the role to us, rather than seize it, as that way it knows it lost the role, and can stop acting in parallel. If that succeeds, then we don't seize, which is what I was trying to indicate. It might be best just to drop the second message. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] [PATCH] Re: fsmo _role_seize _issue
Hello Andrew, Am 09.05.2013 05:26, schrieb Andrew Bartlett: The attached patch should fix this for you. As you might notice, the FSMO role transfer is successful, but we then error out. If I can get an ack from you that this solves your problem, and an ack from a team member on the patch, I can get this fixed in master and eventually into 4.0.6. Thanks for the patch. I applied it to 4.0.5. Now errors are shown any more on transfers: # samba-tool fsmo seize --role=rid Attempting transfer... FSMO transfer of 'rid' role successful FSMO seize was not required, as transfer of 'rid' role was successful # samba-tool fsmo seize --role=schema Attempting transfer... FSMO transfer of 'schema' role successful FSMO seize was not required, as transfer of 'schema' role was successful # samba-tool fsmo seize --role=naming Attempting transfer... FSMO transfer of 'naming' role successful FSMO seize was not required, as transfer of 'naming' role was successful # samba-tool fsmo seize --role=pdc Attempting transfer... FSMO transfer of 'pdc' role successful FSMO seize was not required, as transfer of 'pdc' role was successful # samba-tool fsmo seize --role=infrastructure Attempting transfer... FSMO transfer of 'infrastructure' role successful FSMO seize was not required, as transfer of 'infrastructure' role was successful [root@Test_DC2 local]# samba-tool fsmo show InfrastructureMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de RidAllocationMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de PdcEmulationMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de DomainNamingMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de SchemaMasterRole owner: CN=NTDS Settings,CN=TEST_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=muc,DC=medizinische-genetik,DC=de Is there a way I can validate, that really everything is 100% fine, so I won't run into trouble after some days, when the old DC is away and caches/whatever on windows renews, etc? What me confuses a bit on the 'fsmo seize' output was, that it first says, 'transferd successfull' and in the next line 'FSMO seize was not required, as transfer of 'infrastructure' role was successful'. What does it mean? Regards, Marc -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
[Samba] [PATCH] Re: fsmo _role_seize _issue
On Mon, 2013-05-06 at 10:29 +0530, mur...@nbtechnology.in wrote: > Hi > > I have been trying to replace my win 2003 DC with samba4 ADC , but i am > getting the following error when i run > samba-tool fsmo seize --role=all for all the 5 roles. I found that it > is listed in Samba-Bugzilla – Bug 9461 > as on 28/1/2013.Is there any patch been released after that or is there > any patch which is planned for release.Any workaround to overcome this > > > [root@server1# samba-tool fsmo seize --role=schema > Attempting transfer... > FSMO transfer of 'schema' role successful > ERROR: Failed to initiate role seize of 'schema' role: objectclass: > modify > message must have elements/attributes! G'Day Murali, The attached patch should fix this for you. As you might notice, the FSMO role transfer is successful, but we then error out. If I can get an ack from you that this solves your problem, and an ack from a team member on the patch, I can get this fixed in master and eventually into 4.0.6. Thanks! Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org >From acad20714833c22efbd4f0ae6d6bb3ea449bc314 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 9 May 2013 15:16:55 +1200 Subject: [PATCH] python-samba-tool fsmo: Do not give an error on a successful role transfer --- python/samba/netcmd/fsmo.py | 14 +++--- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/python/samba/netcmd/fsmo.py b/python/samba/netcmd/fsmo.py index c938c91..02721f9 100644 --- a/python/samba/netcmd/fsmo.py +++ b/python/samba/netcmd/fsmo.py @@ -124,22 +124,22 @@ all=all of the above"""), self.message("Attempting transfer...") try: transfer_role(self.outf, role, samdb) +self.outf.write("FSMO seize was not required, as transfer of '%s' role was successful\n" % role) +return except CommandError: #transfer failed, use the big axe... self.message("Transfer unsuccessful, seizing...") -m["fSMORoleOwner"]= ldb.MessageElement( -serviceName, ldb.FLAG_MOD_REPLACE, -"fSMORoleOwner") else: self.message("Will not attempt transfer, seizing...") -m["fSMORoleOwner"]= ldb.MessageElement( -serviceName, ldb.FLAG_MOD_REPLACE, -"fSMORoleOwner") + +m["fSMORoleOwner"]= ldb.MessageElement( +serviceName, ldb.FLAG_MOD_REPLACE, +"fSMORoleOwner") try: samdb.modify(m) except LdbError, (num, msg): raise CommandError("Failed to initiate role seize of '%s' role: %s" % (role, msg)) -self.outf.write("FSMO transfer of '%s' role successful\n" % role) +self.outf.write("FSMO seize of '%s' role successful\n" % role) def run(self, force=None, H=None, role=None, credopts=None, sambaopts=None, versionopts=None): -- 1.7.11.7 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba