On 24.12.2023 23:05, Sonic via samba wrote:> Finally biting the bullet and upgrading some old Samba servers. > This particular server is running 4.10.16 and as a first step I'm > attempting to upgrade it to 4.12.15 (I think I remember something > about 4.11.x not handling the upgrade properly). > > Samba seems to run OK but bind9 will crash when loading the dns with dlopen: > =================> named[25566]: sizing zone task pool based on 0 zones > named[25566]: Loading 'AD DNS Zone' using driver dlopen > bind9.service: Main process exited, code=killed, status=11/SEGV > kwsrvr01 rndc[25581]: rndc: connect failed: 127.0.0.1#953: connection refused > systemd[1]: bind9.service: Control process exited, code=exited status=1 > systemd[1]: bind9.service: Unit entered failed state > systemd[1]: bind9.service: Failed with result 'signal'. > =================> Bind will start fine if I disable referencing Samba's named.conf file > (and I am using the proper version), but of course it's practically > useless without the database. > > Any assistance is appreciated. > Thank you, > Chris >Hi Chris, Couldn't you setup a completely new Debian VM with the latest Samba from backports, sync with the old one, transfer the FSMO roles, and then demote the old one? Updating an old DC always seems to be a serious PITA. Best regards and Merry Christmas, Peter
On Mon, Dec 25, 2023 at 1:20?PM Peter Milesson via samba <samba at lists.samba.org> wrote:> Couldn't you setup a completely new Debian VM with the latest Samba from > backports, sync with the old one, transfer the FSMO roles, and then > demote the old one?Wasn't sure I could do that with such a big jump. But it's worth a try. I always have my original as I'm working with lxc containers and can easily make copies. Thanks and Merry Christmas, Chris
I did a test with a new Bookworm container and Debian's packaged Samba - v4.17 (I believe Debian's packages are now considered OK for production - please correct me if I'm wrong). The DC join of the new 4.17 to the old 4.10 did appear successful - the typical "Joined domain <snip> as a DC" was produced. However I did revert back as I ran out of time (and energy) to do all the remaining housekeeping tasks. Plus I didn't specify the dns-backend or use-rfc2307. Some things that are not clear to me regarding the DC join of a much newer version to an older one: If dns-backend is not specified does it default to SAMBA_INTERNAL? Can the new DC use SAMBA_INTERNAL while the old uses BIND9_DLZ? Does the new joined DC use its native updated schema or is the schema identical to the old DC? Is the "hot-backup of the /usr/local/samba/private/idmap.ldb" necessary if one is planning on removing the old DC as soon as the roles are transferred and it is demoted? Thank you, Chris