Andrew Bartlett
2018-Mar-15 19:03 UTC
[Samba] Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC
On Thu, 2018-03-15 at 14:34 -0400, Justin Foreman wrote:> The problem does not happen if I recreate the domain from scratch. I’m able to successfully join 4.8.0 to a 4.6.7 domain built from scratch (just tried it). One thing that I will note is that I also saw SPN creation failures when attempting to join Windows 2008 R2. So it’s not a Samba 4.8.0 problem. It’s a problem with my database (help!).Just to connect the dots, this bug has been filed for the same issue: https://bugzilla.samba.org/show_bug.cgi?id=13336 This commit in master might be a fix: commit 5c1504b94d1417894176811f18c5d450de22cfd2 Author: Gary Lockyer <gary at catalyst.net.nz> Date: Wed Feb 28 11:47:22 2018 +1300 ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute It is not the job of the index code to enforce this, but do give a a warning given it has been detected. However, now that we do allow it, we must never return the same object twice to the caller, so filter for it in ltdb_index_filter(). The GUID list is sorted, which makes this cheap to handle, thankfully. Signed-off-by: Gary Lockyer <gary at catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet at samba.org> Can you re-try with git master to help us isolate this? Andrew Bartlett> As for an in-place upgrade, I’m struggling a bit with that, as 4.6.7 is Ubuntu packaged and the folder layout is much different than the vanilla source. (i.e. /var/lib/samba vs /usr/local/samba/{var,private,etc}. Is there an easy way to map the folders (env variables?)? I tried to do a find for each tdb and place it correctly in the /usr/local/samba directory structure but it failed miserably when I started the source-built 4.8.0 (essentially ended up with an empty database). > > Justin > > > On Mar 15, 2018, at 2:09 PM, Andrew Bartlett <abartlet at samba.org> wrote: > > > > On Thu, 2018-03-15 at 10:36 -0400, Justin Foreman wrote: > > > After deleting the entire OU the failure happens on a different computer account in a different OU and so on. I don't think that there's anything unusual about my computer accounts. > > > > Does it happen when you re-create the domain from scratch with 4.6 or > > 4.7 and join to 4.8? What about a join of 4.8? What if the source is > > upgraded in place first? > > > > Can you pin anything down in particular about it? > > > > I would be very surprised if a 4.8 -> 4.8 join fails, as that is > > extensively tested in the selftest, but the more clues we get and the > > shorter the steps to reproduce the easier it will be to work this out. > > > > Thanks, > > > > Andrew Bartlett > > > > -- > > Andrew Bartlett http://samba.org/~abartlet/ > > Authentication Developer, Samba Team http://samba.org > > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba > > > >-- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Justin Foreman
2018-Mar-15 20:10 UTC
[Samba] Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC
Okay. The master build worked on the join. Excellent. So it was 4.8.0 having a problem. I’ve attempted to join 2008 R2 now to 4.8.0 but it still blue screens. Should I start a new thread for clarity’s sake? Justin> On Mar 15, 2018, at 3:03 PM, Andrew Bartlett <abartlet at samba.org> wrote: > > On Thu, 2018-03-15 at 14:34 -0400, Justin Foreman wrote: >> The problem does not happen if I recreate the domain from scratch. I’m able to successfully join 4.8.0 to a 4.6.7 domain built from scratch (just tried it). One thing that I will note is that I also saw SPN creation failures when attempting to join Windows 2008 R2. So it’s not a Samba 4.8.0 problem. It’s a problem with my database (help!). > > Just to connect the dots, this bug has been filed for the same issue: > > https://bugzilla.samba.org/show_bug.cgi?id=13336 > > This commit in master might be a fix: > > commit 5c1504b94d1417894176811f18c5d450de22cfd2 > Author: Gary Lockyer <gary at catalyst.net.nz> > Date: Wed Feb 28 11:47:22 2018 +1300 > > ldb_tdb: Do not fail in GUID index mode if there is a duplicate > attribute > > It is not the job of the index code to enforce this, but do give a > a warning given it has been detected. > > However, now that we do allow it, we must never return the same > object twice to the caller, so filter for it in > ltdb_index_filter(). > > The GUID list is sorted, which makes this cheap to handle, > thankfully. > > Signed-off-by: Gary Lockyer <gary at catalyst.net.nz> > Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> > Reviewed-by: Andrew Bartlett <abartlet at samba.org> > > Can you re-try with git master to help us isolate this? > > Andrew Bartlett > >> As for an in-place upgrade, I’m struggling a bit with that, as 4.6.7 is Ubuntu packaged and the folder layout is much different than the vanilla source. (i.e. /var/lib/samba vs /usr/local/samba/{var,private,etc}. Is there an easy way to map the folders (env variables?)? I tried to do a find for each tdb and place it correctly in the /usr/local/samba directory structure but it failed miserably when I started the source-built 4.8.0 (essentially ended up with an empty database). >> >> Justin >> >>> On Mar 15, 2018, at 2:09 PM, Andrew Bartlett <abartlet at samba.org> wrote: >>> >>> On Thu, 2018-03-15 at 10:36 -0400, Justin Foreman wrote: >>>> After deleting the entire OU the failure happens on a different computer account in a different OU and so on. I don't think that there's anything unusual about my computer accounts. >>> >>> Does it happen when you re-create the domain from scratch with 4.6 or >>> 4.7 and join to 4.8? What about a join of 4.8? What if the source is >>> upgraded in place first? >>> >>> Can you pin anything down in particular about it? >>> >>> I would be very surprised if a 4.8 -> 4.8 join fails, as that is >>> extensively tested in the selftest, but the more clues we get and the >>> shorter the steps to reproduce the easier it will be to work this out. >>> >>> Thanks, >>> >>> Andrew Bartlett >>> >>> -- >>> Andrew Bartlett http://samba.org/~abartlet/ >>> Authentication Developer, Samba Team http://samba.org >>> Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba >>> >> >> > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba >
Andrew Bartlett
2018-Mar-16 18:34 UTC
[Samba] Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC, unable to upgrade in-place
On Thu, 2018-03-15 at 16:10 -0400, Justin Foreman wrote:> Okay. The master build worked on the join. Excellent. So it was 4.8.0 having a problem. > > I’ve attempted to join 2008 R2 now to 4.8.0 but it still blue screens. Should I start a new thread for clarity’s sake?So, I think this, the upgrade issues and even the old servicePrincipalName handling bug is all the same thing. What happened is that in the past we did not reject: servicePrincipalName: HOST/foo servicePrincipalName: host/foo Then with 4.8 the index code rejected this. With master for 4.9 we decided it wasn't the index code's job to do this, so fixed that (it helped another use case). Add to this the upgrade code for GUID indexes didn't assert that if the re-index failed that we must abort the transaction, so the partial upgrade case gets committed and it all dies on the next DB open. At least that is the theory I'll be working to prove or disprove on Monday. I think the core short-term fix is in: commit 5c1504b94d1417894176811f18c5d450de22cfd2 Author: Gary Lockyer <gary at catalyst.net.nz> Date: Wed Feb 28 11:47:22 2018 +1300 ldb_tdb: Do not fail in GUID index mode if there is a duplicate attribute It is not the job of the index code to enforce this, but do give a a warning given it has been detected. However, now that we do allow it, we must never return the same object twice to the caller, so filter for it in ltdb_index_filter(). The GUID list is sorted, which makes this cheap to handle, thankfully. Signed-off-by: Gary Lockyer <gary at catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet at samba.org> The replication to windows may be failing because of the duplicate value, eventually we will need to write a dbcheck rule to fix that. Thanks all for your patience! Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Seemingly Similar Threads
- Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC, unable to upgrade in-place
- Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC
- Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC, unable to upgrade in-place
- Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC
- Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC