Dear Mr. Kania,
setting up a DC with Samba 4 and OpenLDAP I am still going exactly by the rules in your book. I got to the point where I would switch, just testing, roles from DC1 to DC2 and vice versa. Switching all roles from DC1 to DC 2 was a piece of cake, reswitching "domaindns" and "forestdns" to DC1 wasn't, though:
samba-tool fsmo transfer --role=domaindns -k yes Password for [MY_DOMAIN\root]: Failed to bind - LDAP client internal error: NT_STATUS_LOGON_FAILURE Failed to connect to 'ldap://1b3fd128-1bd3-40fb-bc6c-9f943cac6e9e._msdcs.MY_DOMAIN.NEW' with backend 'ldap': LDAP client internal error: NT_STATUS_LOGON_FAILURE ERROR(ldb): uncaught exception - LDAP client internal error: NT_STATUS_LOGON_FAILURE File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 528, in run transfer_dns_role(self.outf, sambaopts, credopts, role, samdb) File "/usr/lib/python2.7/dist-packages/samba/netcmd/fsmo.py", line 104, in transfer_dns_role credentials=creds, lp=lp) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 64, in __init__ options=options) File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in __init__ self.connect(url, flags, options) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 79, in connect options=options)
Any ideas?
Thank you
Lothar Schilling