samba - Nov 2022 - accidentally upgraded DC to 4.17.3 ... didn't work

24.11.2022 10:10, Stefan G. Weichinger via samba wrote:
..
> So you basically say, I should/could "rm -fr /var/lib/samba"
while upgrading?
No.  I'm saying that - in case of a failed upgrade - reinstalling the
binaries
should not help, as you're installing the same binaries which were before
anyway,
but removing state data and reconfiguring usually helps.
> I currently try upgrading the second dc and I see the same issue with
winbind. No, I haven't yet tried that rejoin step.
Which issue is that? I just re-read whole thread, I see you had
several issues with winbindd.

What's wrong with winbindd now, exactly?

/mjt

Am 24.11.22 um 08:58 schrieb Michael Tokarev:
> 24.11.2022 10:10, Stefan G. Weichinger via samba wrote:
> ..
>> So you basically say, I should/could "rm -fr /var/lib/samba"
while
>> upgrading?
> 
> No.? I'm saying that - in case of a failed upgrade - reinstalling the 
> binaries
> should not help, as you're installing the same binaries which were 
> before anyway,
> but removing state data and reconfiguring usually helps.
> 
>> I currently try upgrading the second dc and I see the same issue with 
>> winbind. No, I haven't yet tried that rejoin step.
> 
> Which issue is that? I just re-read whole thread, I see you had
> several issues with winbindd.
> 
> What's wrong with winbindd now, exactly?
for example:

# wbinfo -t
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the trust secret for domain (null) via RPC calls failed
failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not check secret

# wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users

-

currently it seems I have broken things even more

samba-tool drs showrepl ... looks ok on adc1, but shows failures on adc2 
...

-

Should I demote adc1 again?

The procedure with "samba-tool domain demote" failed before .. maybe I
have to demote it from adc2 again.

# samba-tool domain demote -U Administrator
Using adc2.arbeitsgruppe.my.tld as partner server for the demotion
Password for [ARBEITSGRUPPE\Administrator]:
Deactivating inbound replication
Asking partner server adc2.arbeitsgruppe.my.tld to synchronize from us
Error while replicating out last local changes from 
'CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at' for
demotion, re-enabling inbound replication
ERROR(<class 'samba.WERRORError'>): Error while sending a
DsReplicaSync
for partition 
'CN=Schema,CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at' - 
(31, 'WERR_GEN_FAILURE')
   File "/usr/lib/python3/dist-packages/samba/netcmd/domain.py", line 
860, in run
     drsuapiBind.DsReplicaSync(drsuapi_handle, 1, req1)



rm-ing /var/lib/samba: wouldn't I have to take care of SYSVOL etc ?

rsyncing an empty dir to the productive DC wouldn't be nice ...

thanks