samba - Jan 2019 - AD bind DNS broken after 4.7.3 -> 4.9.2 upgrade

> On 2 Jan 2019, at 22:43, Rowland Penny via samba <samba at
lists.samba.org> wrote:
> 
> On Wed, 2 Jan 2019 19:35:04 +0000
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
>> On Wed, 02 Jan 2019 20:09:44 +0100
>> Král Gergely via samba <samba at lists.samba.org> wrote:
>> 
>>> 2018-12-31 20:50 időpontban L.P.H. van Belle via samba ezt írta:
>>>> Can you try to upgrade to any 4.8 version then to 4.9.4?
>>>> might work, atleast my guess this will have a better chance get
>>>> passed this bug.
>>>> 
>>> 
>>> I can confirm that an upgrade to 4.7.3 to 4.8.5 works. But!
>>> 
>>> 
>>> After upgrading the dnsupdate did not work, giving these log
>>> messages:
>>> 
>>> [2019/01/02 19:18:42.908955,  0] 
>>> ../source4/smbd/server.c:466(binary_smbd_main)
>>>   samba version 4.8.5-Debian started.
>>>   Copyright Andrew Tridgell and the Samba Team 1992-2018
>>> [2019/01/02 19:18:56.468276,  0] 
>>> ../source4/smbd/server.c:638(binary_smbd_main)
>>>   binary_smbd_main: samba: using 'standard' process model
>>> [2019/01/02 19:19:00.030904,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception -
>>> (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>> [2019/01/02 19:19:00.031193,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:   File 
>>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>>> 176, in _run
>>> [2019/01/02 19:19:00.031286,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:     return self.run(*args, **kwargs)
>>> [2019/01/02 19:19:00.031360,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:   File 
>>> "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py",
line 940, in
>>> run [2019/01/02 19:19:00.031595,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:     raise e
>>> [2019/01/02 19:19:00.471859,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception -
>>> (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
>>> [2019/01/02 19:19:00.472011,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:   File 
>>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>>> 176, in _run
>>> [2019/01/02 19:19:00.472084,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:     return self.run(*args, **kwargs)
>>> [2019/01/02 19:19:00.472238,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:   File 
>>> "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py",
line 940, in
>>> run [2019/01/02 19:19:00.472301,  0] 
>>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
>>>   /usr/sbin/samba_dnsupdate:     raise e
>>> 
>>> and so on...
>>> 
>>> After downgrading from 4.9.2 back to 4.7.3 I experienced the same,
>>> and I could fix it by running "samba_upgradedns
>>> --dns-backend=BIND9_DLZ" (at least I guess this fixed it). The
>>> results of this command were basically the same as on the wiki
page.
>>> But this time the result was exactly the same as with 4.9.2:
>>> 
>>> isa:~/# samba_upgradedns --dns-backend=BIND9_DLZ
>>> Reading domain information
>>> DNS accounts already exist
>>> No zone file /var/lib/samba/bind-dns/dns/MYAD.DOMAIN.EU.zone
>>> DNS records will be automatically created
>>> DNS partitions already exist
>>> dns-isa account already exists
>>> Failed to create link /var/lib/samba/private/dns.keytab -> 
>>> /var/lib/samba/bind-dns/dns.keytab: No such file or directory
>>> Failed to chown /var/lib/samba/bind-dns to bind gid 107
>>> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid 107
>>> Traceback (most recent call last):
>>>   File "/usr/sbin/samba_upgradedns", line 533, in
<module>
>>>     create_dns_dir(logger, paths)
>>>   File
>>>
"/usr/lib/python2.7/dist-packages/samba/provision/sambadns.py", line
>>> 697, in create_dns_dir os.mkdir(dns_dir, 0770)
>>> OSError: [Errno 2] No such file or directory: 
>>> '/var/lib/samba/bind-dns/dns'
>>> 
>>> 
>>> I started to panic, but since I ran this with samba stopped, I
>>> restarted samba and the error messages are gone! The names are
>>> resolved and the clients are happily updating the records.
>>> 
>>> 
>>> So to summarize, I do not know how it got fixed and why upgradedns
>>> does not work, but I believe the bug is already included somewhere
>>> in the 4.8 branch. Even if it works.
>>> 
>>> 
>> 
>> OK, this is what I am going to do, I will provision 4.7.12 again,
>> upgrade it to 4.8.8 and if this works, then upgrade it to 4.9.4,
>> expecting this to fail, this will then give us a search vector.
>> 
>> Rowland
>> 
> 
> This is weird, provisioned 4.7.12 without problem
> upgraded to 4.8.8, again without problem
> Upgraded to 4.9.4, again without problem
> 
> Yet if you upgrade from 4.7.12 directly to 4.9.4 it errors.
> 
> I wonder if the new sam.ldb GUID mode introduced at 4.8.0 is the
> culprit ?
> 
> 
Hi Rowland,

As I mentioned in my own thread, I have another, almost identical system with
4.9.4 running without issues. The only difference: I upgraded to 4.8.x before
upgrading to 4.9.4. So, I can confirm your findings.

Viktor

This bug affects only upgrade via source or via packages (louis's apt) too?

On Wed, Jan 2, 2019 at 8:38 PM Viktor Trojanovic via samba <
samba at lists.samba.org> wrote:
>
>
> > On 2 Jan 2019, at 22:43, Rowland Penny via samba <samba at
lists.samba.org>
> wrote:
> >
> > On Wed, 2 Jan 2019 19:35:04 +0000
> > Rowland Penny via samba <samba at lists.samba.org> wrote:
> >
> >> On Wed, 02 Jan 2019 20:09:44 +0100
> >> Král Gergely via samba <samba at lists.samba.org> wrote:
> >>
> >>> 2018-12-31 20:50 időpontban L.P.H. van Belle via samba ezt
írta:
> >>>> Can you try to upgrade to any 4.8 version then to 4.9.4?
> >>>> might work, atleast my guess this will have a better
chance get
> >>>> passed this bug.
> >>>>
> >>>
> >>> I can confirm that an upgrade to 4.7.3 to 4.8.5 works. But!
> >>>
> >>>
> >>> After upgrading the dnsupdate did not work, giving these log
> >>> messages:
> >>>
> >>> [2019/01/02 19:18:42.908955,  0]
> >>> ../source4/smbd/server.c:466(binary_smbd_main)
> >>>   samba version 4.8.5-Debian started.
> >>>   Copyright Andrew Tridgell and the Samba Team 1992-2018
> >>> [2019/01/02 19:18:56.468276,  0]
> >>> ../source4/smbd/server.c:638(binary_smbd_main)
> >>>   binary_smbd_main: samba: using 'standard' process
model
> >>> [2019/01/02 19:19:00.030904,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught
exception -
> >>> (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> >>> [2019/01/02 19:19:00.031193,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:   File
> >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> >>> 176, in _run
> >>> [2019/01/02 19:19:00.031286,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:     return self.run(*args,
**kwargs)
> >>> [2019/01/02 19:19:00.031360,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:   File
> >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 940, in
> >>> run [2019/01/02 19:19:00.031595,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:     raise e
> >>> [2019/01/02 19:19:00.471859,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught
exception -
> >>> (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
> >>> [2019/01/02 19:19:00.472011,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:   File
> >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
> >>> 176, in _run
> >>> [2019/01/02 19:19:00.472084,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:     return self.run(*args,
**kwargs)
> >>> [2019/01/02 19:19:00.472238,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:   File
> >>>
"/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 940, in
> >>> run [2019/01/02 19:19:00.472301,  0]
> >>> ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
> >>>   /usr/sbin/samba_dnsupdate:     raise e
> >>>
> >>> and so on...
> >>>
> >>> After downgrading from 4.9.2 back to 4.7.3 I experienced the
same,
> >>> and I could fix it by running "samba_upgradedns
> >>> --dns-backend=BIND9_DLZ" (at least I guess this fixed
it). The
> >>> results of this command were basically the same as on the wiki
page.
> >>> But this time the result was exactly the same as with 4.9.2:
> >>>
> >>> isa:~/# samba_upgradedns --dns-backend=BIND9_DLZ
> >>> Reading domain information
> >>> DNS accounts already exist
> >>> No zone file /var/lib/samba/bind-dns/dns/MYAD.DOMAIN.EU.zone
> >>> DNS records will be automatically created
> >>> DNS partitions already exist
> >>> dns-isa account already exists
> >>> Failed to create link /var/lib/samba/private/dns.keytab ->
> >>> /var/lib/samba/bind-dns/dns.keytab: No such file or directory
> >>> Failed to chown /var/lib/samba/bind-dns to bind gid 107
> >>> Failed to chown /var/lib/samba/bind-dns/dns.keytab to bind gid
107
> >>> Traceback (most recent call last):
> >>>   File "/usr/sbin/samba_upgradedns", line 533, in
<module>
> >>>     create_dns_dir(logger, paths)
> >>>   File
> >>>
"/usr/lib/python2.7/dist-packages/samba/provision/sambadns.py", line
> >>> 697, in create_dns_dir os.mkdir(dns_dir, 0770)
> >>> OSError: [Errno 2] No such file or directory:
> >>> '/var/lib/samba/bind-dns/dns'
> >>>
> >>>
> >>> I started to panic, but since I ran this with samba stopped, I
> >>> restarted samba and the error messages are gone! The names are
> >>> resolved and the clients are happily updating the records.
> >>>
> >>>
> >>> So to summarize, I do not know how it got fixed and why
upgradedns
> >>> does not work, but I believe the bug is already included
somewhere
> >>> in the 4.8 branch. Even if it works.
> >>>
> >>>
> >>
> >> OK, this is what I am going to do, I will provision 4.7.12 again,
> >> upgrade it to 4.8.8 and if this works, then upgrade it to 4.9.4,
> >> expecting this to fail, this will then give us a search vector.
> >>
> >> Rowland
> >>
> >
> > This is weird, provisioned 4.7.12 without problem
> > upgraded to 4.8.8, again without problem
> > Upgraded to 4.9.4, again without problem
> >
> > Yet if you upgrade from 4.7.12 directly to 4.9.4 it errors.
> >
> > I wonder if the new sam.ldb GUID mode introduced at 4.8.0 is the
> > culprit ?
> >
> >
>
> Hi Rowland,
>
> As I mentioned in my own thread, I have another, almost identical system
> with 4.9.4 running without issues. The only difference: I upgraded to 4.8.x
> before upgrading to 4.9.4. So, I can confirm your findings.
>
> Viktor
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


-- 
Elias Pereira

On Wed, 2 Jan 2019 21:18:48 -0200
Elias Pereira via samba <samba at lists.samba.org> wrote:
> This bug affects only upgrade via source or via packages (louis's
> apt) too?
> 
I was using Louis's packages, so I am unsure about self compiled Samba,
but I think the same problem will apply.

I think the workaround is fairly obvious, do not upgrade directly from
4.7.x to 4.9.x, go via 4.8.x

Rowland