samba - Nov 2022 - accidentally upgraded DC to 4.17.3 ... didn't work

Am 23.11.22 um 16:57 schrieb Michael Tokarev:
> 23.11.2022 11:59, Stefan G. Weichinger via samba wrote:
> ..
>> Ad my "reinstall approach": I tend to be rather defensive on
a
>> productive DC like this one. So deleting samba-related files etc is 
>> something I avoid ... -> I would need a definitive howto for this, 
>> because I know too little about the details. I don't want to
corrupt
>> any AD-related information etc
>>
>> Maybe the change from the Louis-packages to the backports-packages 
>> and/or 4.16 -> 4.17 left some wrong packages behind or so.
> 
> A package manager (dpkg in this case) ensures all the installed binaries
> (and other files) are exactly the same whenever you install fresh or
> upgrade or even downgrade. Louis repository is based on Debian packages,
> it is not different from regular debian samba packages. Even if it did,
> it doesn't really matter.
> 
> What *does* matter is the content of /var/lib/samba/.? *This* is where
> all the issues happens, *especially* issues due to incompatibilities
> or past wrong settings or whatnot.
> 
> And this is the place which is not covered by the package manager,
> because it is local state data, it is not a package manager business
> to mess with these.
> 
> So it doesn't matter how you ended up with a given set of binaries, -
> it should be the same set, belonging to this version of the packages
> you installed, nothing else.? But it does matter which state data
> do you have.
> 
> It is the upgrade of the state data (mostly in /var/lib/samba/) which
> breaks stuff at upgrades (when it breaks).? And it is the reason why
> people demote a DC, remove a server from domain, and re-join it -
> to get fresh /var/lib/samba/* without prior (mis)configurations,
> failures during upgrades, or whatever else. It is the only thing
> which actually matters, - the local state.
> 
> You don't need to reinstall binary packages, - you'll end up with
> exactly the same files from exactly the same packages. But you
> can't have the same freshly created correct state data unless you
> remove the old, non-working, data and generate the right one.
> This can't be done without removing old data first.
> 
> That's basically it.
> 
>> I still have 2 servers to upgrade there, so I am open to suggestions 
>> (and thankful if they work ;-) ).
> 
> FWIW, I don't see anything between 4.16 and 4.17 which can break
> in this context. Re-joining is actually a simple and stright-forward
> procedure, so for a quick fix it is always available.
> 
> I can't say more at this time, unfortunately, - today was a very
> busy day for me too.
Thanks for the detailled reply, even after a busy day.

So you basically say, I should/could "rm -fr /var/lib/samba" while 
upgrading?

I currently try upgrading the second dc and I see the same issue with 
winbind. No, I haven't yet tried that rejoin step.

Am 24.11.22 um 08:10 schrieb Stefan G. Weichinger via samba:
> I currently try upgrading the second dc and I see the same issue with 
> winbind. No, I haven't yet tried that rejoin step.
Trying that demote and rejoin now.

It didn't fix the winbind-issue on adc1, very likely because I didn't 
fully rm adc1:/var/lib/samba in the process (too scared!)

Right now demoting fails, so I consider following the howto "demoting an 
offline DC" to rm adc1 ... then do that scary rm-ing and retry joining.

24.11.2022 10:10, Stefan G. Weichinger via samba wrote:
..
> So you basically say, I should/could "rm -fr /var/lib/samba"
while upgrading?
No.  I'm saying that - in case of a failed upgrade - reinstalling the
binaries
should not help, as you're installing the same binaries which were before
anyway,
but removing state data and reconfiguring usually helps.
> I currently try upgrading the second dc and I see the same issue with
winbind. No, I haven't yet tried that rejoin step.
Which issue is that? I just re-read whole thread, I see you had
several issues with winbindd.

What's wrong with winbindd now, exactly?

/mjt