Hello,
Today I tried to upgrade to samba 4.8.0, the upgrade seems to have failed,
and I can't seem to fix it or back out. The issue seems to be I've lost
the some KRB tickets. Here's and example of the errors i get:
samba-tool domain exportkeytab /tmp/test2
samba_kdc_fetch: could not find own KRBTGT in DB: dsdb_search at
../source4/dsdb/common/util.c:4641
ERROR(runtime): uncaught exception - }
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
line 176, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
line 143, in run
net.export_keytab(keytab=keytab, principal=principal)
this missing KRBTGT also means that my kdc is not listening on port 88
netstat -tlpn |grep samba
tcp 0 0 192.168.1.10:636 0.0.0.0:* LISTEN
17772/samba: task[l
tcp 0 0 192.168.1.10:49152 0.0.0.0:* LISTEN
17767/samba: task[d
tcp 0 0 192.168.1.10:49153 0.0.0.0:* LISTEN
17767/samba: task[d
tcp 0 0 192.168.1.10:49154 0.0.0.0:* LISTEN
17767/samba: task[d
tcp 0 0 192.168.1.10:3268 0.0.0.0:* LISTEN
17772/samba: task[l
tcp 0 0 192.168.1.10:3269 0.0.0.0:* LISTEN
17772/samba: task[l
tcp 0 0 192.168.1.10:389 0.0.0.0:* LISTEN
17772/samba: task[l
tcp 0 0 192.168.1.10:135 0.0.0.0:* LISTEN
17767/samba: task[d
I suspect this has something to do with my domain being very old (I created
it while samba 4 was still in beta). I was upgrading from samba-4.7.5 so
it wasn't a huge version jump.
I am also unable to downgrade, the source4/scripting/bin/sambaundoguididx
script core dumps without producing any messages so I can't downgrade
either (serves me right for not taking a backup first).
On Thu, 2018-04-12 at 13:02 -0400, Andrew Dumaresq via samba wrote:> Hello, > > Today I tried to upgrade to samba 4.8.0, the upgrade seems to have failed, > and I can't seem to fix it or back out. The issue seems to be I've lost > the some KRB tickets. Here's and example of the errors i get: > > samba-tool domain exportkeytab /tmp/test2 > samba_kdc_fetch: could not find own KRBTGT in DB: dsdb_search at > ../source4/dsdb/common/util.c:4641 > ERROR(runtime): uncaught exception - } > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", > line 176, in _run > return self.run(*args, **kwargs) > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", > line 143, in run > net.export_keytab(keytab=keytab, principal=principal) > > this missing KRBTGT also means that my kdc is not listening on port 88 > netstat -tlpn |grep samba > tcp 0 0 192.168.1.10:636 0.0.0.0:* LISTEN > 17772/samba: task[l > tcp 0 0 192.168.1.10:49152 0.0.0.0:* LISTEN > 17767/samba: task[d > tcp 0 0 192.168.1.10:49153 0.0.0.0:* LISTEN > 17767/samba: task[d > tcp 0 0 192.168.1.10:49154 0.0.0.0:* LISTEN > 17767/samba: task[d > tcp 0 0 192.168.1.10:3268 0.0.0.0:* LISTEN > 17772/samba: task[l > tcp 0 0 192.168.1.10:3269 0.0.0.0:* LISTEN > 17772/samba: task[l > tcp 0 0 192.168.1.10:389 0.0.0.0:* LISTEN > 17772/samba: task[l > tcp 0 0 192.168.1.10:135 0.0.0.0:* LISTEN > 17767/samba: task[d > > > > I suspect this has something to do with my domain being very old (I created > it while samba 4 was still in beta). I was upgrading from samba-4.7.5 so > it wasn't a huge version jump. > > I am also unable to downgrade, the source4/scripting/bin/sambaundoguididx > script core dumps without producing any messages so I can't downgrade > either (serves me right for not taking a backup first).This is unfortunate. My suggestion is that you use ldbdump and then ldbadd to re-build the backend databases (the things in sam.ldb.d/ that we generally say not to touch) and then try the script again. You may with to manually avoid adding the index controls (@INDEXLIST) and let Samba re-add them once you get back to 4.7. This is the bug for a fixed Samba 4.8 upgrade: https://bugzilla.samba.org/show_bug.cgi?id=13335 Anyway, the data should still be in there, it just might be a little harder to find. I'm very sorry for this situation, and if you can report the backtrace from the script as a bug it would be helpful in fixing that too. Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Thanks for getting back to me. I managed to restore my domain from a backup that I forgot I had. Glad you know about the bug! On Fri, Apr 13, 2018 at 4:04 AM, Andrew Bartlett <abartlet at samba.org> wrote:> On Thu, 2018-04-12 at 13:02 -0400, Andrew Dumaresq via samba wrote: > > Hello, > > > > Today I tried to upgrade to samba 4.8.0, the upgrade seems to have > failed, > > and I can't seem to fix it or back out. The issue seems to be I've lost > > the some KRB tickets. Here's and example of the errors i get: > > > > samba-tool domain exportkeytab /tmp/test2 > > samba_kdc_fetch: could not find own KRBTGT in DB: dsdb_search at > > ../source4/dsdb/common/util.c:4641 > > ERROR(runtime): uncaught exception - } > > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/_ > _init__.py", > > line 176, in _run > > return self.run(*args, **kwargs) > > File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/ > domain.py", > > line 143, in run > > net.export_keytab(keytab=keytab, principal=principal) > > > > this missing KRBTGT also means that my kdc is not listening on port 88 > > netstat -tlpn |grep samba > > tcp 0 0 192.168.1.10:636 0.0.0.0:* > LISTEN > > 17772/samba: task[l > > tcp 0 0 192.168.1.10:49152 0.0.0.0:* > LISTEN > > 17767/samba: task[d > > tcp 0 0 192.168.1.10:49153 0.0.0.0:* > LISTEN > > 17767/samba: task[d > > tcp 0 0 192.168.1.10:49154 0.0.0.0:* > LISTEN > > 17767/samba: task[d > > tcp 0 0 192.168.1.10:3268 0.0.0.0:* > LISTEN > > 17772/samba: task[l > > tcp 0 0 192.168.1.10:3269 0.0.0.0:* > LISTEN > > 17772/samba: task[l > > tcp 0 0 192.168.1.10:389 0.0.0.0:* > LISTEN > > 17772/samba: task[l > > tcp 0 0 192.168.1.10:135 0.0.0.0:* > LISTEN > > 17767/samba: task[d > > > > > > > > I suspect this has something to do with my domain being very old (I > created > > it while samba 4 was still in beta). I was upgrading from samba-4.7.5 so > > it wasn't a huge version jump. > > > > I am also unable to downgrade, the source4/scripting/bin/ > sambaundoguididx > > script core dumps without producing any messages so I can't downgrade > > either (serves me right for not taking a backup first). > > This is unfortunate. My suggestion is that you use ldbdump and then > ldbadd to re-build the backend databases (the things in sam.ldb.d/ that > we generally say not to touch) and then try the script again. You may > with to manually avoid adding the index controls (@INDEXLIST) and let > Samba re-add them once you get back to 4.7. > > This is the bug for a fixed Samba 4.8 upgrade: > > https://bugzilla.samba.org/show_bug.cgi?id=13335 > > Anyway, the data should still be in there, it just might be a little > harder to find. > > I'm very sorry for this situation, and if you can report the backtrace > from the script as a bug it would be helpful in fixing that too. > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >