samba - Nov 2022 - accidentally upgraded DC to 4.17.3 ... didn't work

Am 23.11.22 um 06:39 schrieb Michael Tokarev:
> 22.11.2022 18:58, Stefan G. Weichinger via samba wrote:
>> apt-get install? -t bullseye-backports? acl attr samba 
>> samba-dsdb-modules samba-vfs-modules winbind libpam-winbind 
>> libnss-winbind krb5-config krb5-user dnsutils
> 
> Um.? Usually you don't have to go that far route.? And more to the 
> point, when you just
> remove ("uninstall") a package, its data and configuration is not
> removed, - unless
> you do "purge" instead of "remove"; even with purge,
some packages do
> not perform
> a cleanup.
> 
> With samba, - unless you installed package from scholelinux or something 
> like that,
> which is just an awful abuse of package system, - upgrading software 
> from previous
> version makes the same set of binaries as installing anew, - the 
> binaries are the
> same thanks to the package management.? But with samba, when something 
> is left in
> the data (/var/lib/samba or /var/cache/samba/ or /run/samba) from 
> previous attempt,
> *that* one might stay on the way.
> 
> When I want to try something else with samba "anew", I just
remove whole
> thing
> (after stopping samba-related processes) -
>  ?rm -rf /var/lib/samba/* /var/cache/samba/* /run/samba /etc/samba/smb.conf
>  ?mkdir /var/lib/samba/private # samba is unable to create this dir 
> automatically
> 
> and this gives me clean/fresh state.
At first, thanks for your response, I appreciate it.

Ad my "reinstall approach": I tend to be rather defensive on a 
productive DC like this one. So deleting samba-related files etc is 
something I avoid ... -> I would need a definitive howto for this, 
because I know too little about the details. I don't want to corrupt any 
AD-related information etc

-

Maybe the change from the Louis-packages to the backports-packages 
and/or 4.16 -> 4.17 left some wrong packages behind or so.

I still have 2 servers to upgrade there, so I am open to suggestions 
(and thankful if they work ;-) ).

> I haven't watched this thread closely (had my own pile of issues to
deal
> with),
> it'd be interesting to find out what exactly didn't work.  
> Unfortunately, as
> many times before, most of the time we don't know what actually happens
> "when
> it doesn't work", because people are advised to 
> reinstall/rejoin/reconfigure
> from scratch, which "fixes the problem" (so it isn't even
remotely
> understood
> what the original problem was).
I'd be glad to be able to spot this. Posting my steps was a try to 
actually find something.

Over the day pressure built up so I decided to do the mentioned 
"reinstallation". That was simply one of my last ideas (and I wanted
to
go for 4.17 as sooner or later that step will be necessary anyway).
>> Seems to work now.
>> phew
>>
>> side note:
>>
>> # host -t A? adc2.arbeitsgruppe.my.tld
>>
>> host: error while loading shared libraries: libdns-9.16.33-Debian.so: 
>> cannot open shared object file: No such file or directory
> 
> There's a bug in bind9/host packaging somewhere, and there was a
bugreport
> about libdns-9 missing, with a long discussion in there.
> 
> Many years ago I was scared about huge size of NAMED and its tools and
> clumsy user interfaces of the tools, and wrote small dns library named
> udns, with its simple-to-use dns query tool, dnsget.? It works quite
> well still..? JFYI ;)
ah, ok.

I just mentioned it because it might have been related. "dig" works ok
on that machine ... I don't need the "host" command, it was just
used in
some example command on the Samba Wiki or so.

thanks all, Stefan

23.11.2022 11:59, Stefan G. Weichinger via samba wrote:
..
> Ad my "reinstall approach": I tend to be rather defensive on a
productive DC like this one. So deleting samba-related files etc is something I
avoid
> ... -> I would need a definitive howto for this, because I know too
little about the details. I don't want to corrupt any AD-related information
etc
> 
> Maybe the change from the Louis-packages to the backports-packages and/or
4.16 -> 4.17 left some wrong packages behind or so.
A package manager (dpkg in this case) ensures all the installed binaries
(and other files) are exactly the same whenever you install fresh or
upgrade or even downgrade. Louis repository is based on Debian packages,
it is not different from regular debian samba packages. Even if it did,
it doesn't really matter.

What *does* matter is the content of /var/lib/samba/.  *This* is where
all the issues happens, *especially* issues due to incompatibilities
or past wrong settings or whatnot.

And this is the place which is not covered by the package manager,
because it is local state data, it is not a package manager business
to mess with these.

So it doesn't matter how you ended up with a given set of binaries, -
it should be the same set, belonging to this version of the packages
you installed, nothing else.  But it does matter which state data
do you have.

It is the upgrade of the state data (mostly in /var/lib/samba/) which
breaks stuff at upgrades (when it breaks).  And it is the reason why
people demote a DC, remove a server from domain, and re-join it -
to get fresh /var/lib/samba/* without prior (mis)configurations,
failures during upgrades, or whatever else. It is the only thing
which actually matters, - the local state.

You don't need to reinstall binary packages, - you'll end up with
exactly the same files from exactly the same packages. But you
can't have the same freshly created correct state data unless you
remove the old, non-working, data and generate the right one.
This can't be done without removing old data first.

That's basically it.
> I still have 2 servers to upgrade there, so I am open to suggestions (and
thankful if they work ;-) ).
FWIW, I don't see anything between 4.16 and 4.17 which can break
in this context. Re-joining is actually a simple and stright-forward
procedure, so for a quick fix it is always available.

I can't say more at this time, unfortunately, - today was a very
busy day for me too.

Thanks,

/mjt