Andrew Bartlett
2022-Oct-04 20:15 UTC
[Samba] Repacking database from v1 to v2 / Samba failed to prime database, error code 22
On Tue, 2022-10-04 at 14:53 +0200, Arnaud FLORENT via samba wrote:> Hi Andrew and thanks for your support. > > Le 03/10/2022 ? 21:55, Andrew Bartlett via samba a ?crit : > > On Mon, 2022-10-03 at 15:23 +0100, Rowland Penny via samba wrote: > > > On 03/10/2022 13:26, Arnaud FLORENT via samba wrote: > > > > Hi, > > > > > > > > i have an issue direct with in place upgrade from samba 4.3 to > > > > 4.13 > > > > running single AD DC on ubuntu based installation > > > > > > I think you may live to regret doing that :-( > > > > > > > samba failed to start after upgrade with this log > > > > > > We have a bug that may be relevant: > > > > > > https://bugzilla.samba.org/show_bug.cgi?id=15189 > > > > > > > This is actually the reverse, this is hope :-) > > > > If the server is still working on Samba 4.3 after the failed > > upgrade > > attempt, this is a way forward to upgrade over DRS instead. > > to be exactly clear, we returned to server state before upgradeGreat.> > Arnaud, I would be very interested if you could attempt to instead > > upgrade using a replication based approach, and if that fails, to > > try > > the patch at: > > https://gitlab.com/samba-team/samba/-/merge_requests/2728.patch > > > > i have to patch samba 4.13 source and rebuild? > > It would be very valuable to me to get real-world feedback. > > > > To test in a 'no changes' approach, you can attempt replication > > without > > changing the domain by running 'samba-tool drs clone-dc-database -- > > server $SERVER --targetdir=$SOMEWHERE_SECURE -Uadministrator' > > > so i have to run this command on a new server running 4.13 with > $SERVER > pointing to my samba 4.3 running server > > is this correct? >Yes. First try with unpatched Samba 4.13 (or much better a supported version please!), but if that fails then grab Samba 'git master' and build that for testing, as my patch is now merged there. Backported patches will appear at https://bugzilla.samba.org/show_bug.cgi?id=15189> > We can also look into why the in-place upgrade fails. > > > > Running 'samba-tool dbcheck --reindex' using the modern version > > should > > allow the error to be seen in a more controlled circumstance, and > > allow > > raising the debug level etc. > > samba-tool dbcheck (without --reindex) on 4.13 returns > > Checked 4287 objects (6449 errors) > > mainly > > ERROR: incorrect attributeID values in replPropertyMetaData on ... > ERROR: unsorted attributeID values in replPropertyMetaData on ... > ERROR: unsorted attributeID values in replPropertyMetaData on ... > > > but may be it is because db repacking failed?No, this is a different thing. These are real bugs at a higher layer, and while the unsorted attributeIDs are harmless (to samba, will break windows), the incorrect attributeID may impact on the attempted replication. What happens with the --reindex? (This opens a transaction, which triggers the re-index, otherwise we just read the old format).> directory is 4 years old and was build with classic upgrade from > older > samba3 + openldap > > > i will do more test on db and keep the list informed.Thanks, Andrew Bartlett>=-- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
Arnaud FLORENT
2022-Oct-05 08:21 UTC
[Samba] Repacking database from v1 to v2 / Samba failed to prime database, error code 22
Hi Le 04/10/2022 ? 22:15, Andrew Bartlett a ?crit?:> On Tue, 2022-10-04 at 14:53 +0200, Arnaud FLORENT via samba wrote: >> Hi Andrew and thanks for your support. >> >> Le 03/10/2022 ? 21:55, Andrew Bartlett via samba a ?crit : >>> On Mon, 2022-10-03 at 15:23 +0100, Rowland Penny via samba wrote: >>>> On 03/10/2022 13:26, Arnaud FLORENT via samba wrote: >>>>> Hi, >>>>> >>>>> i have an issue direct with in place upgrade from samba 4.3 to >>>>> 4.13 >>>>> running single AD DC on ubuntu based installation >>>> I think you may live to regret doing that :-( >>>> >>>>> samba failed to start after upgrade with this log >>>> We have a bug that may be relevant: >>>> >>>> https://bugzilla.samba.org/show_bug.cgi?id=15189 >>>> >>> This is actually the reverse, this is hope :-) >>> >>> If the server is still working on Samba 4.3 after the failed >>> upgrade >>> attempt, this is a way forward to upgrade over DRS instead. >> to be exactly clear, we returned to server state before upgrade > Great. > >>> Arnaud, I would be very interested if you could attempt to instead >>> upgrade using a replication based approach, and if that fails, to >>> try >>> the patch at: >>> https://gitlab.com/samba-team/samba/-/merge_requests/2728.patch >>> >> i have to patch samba 4.13 source and rebuild? >>> It would be very valuable to me to get real-world feedback. >>> >>> To test in a 'no changes' approach, you can attempt replication >>> without >>> changing the domain by running 'samba-tool drs clone-dc-database -- >>> server $SERVER --targetdir=$SOMEWHERE_SECURE -Uadministrator' >> >> so i have to run this command on a new server running 4.13 with >> $SERVER >> pointing to my samba 4.3 running server >> >> is this correct? >> > > Yes. First try with unpatched Samba 4.13 (or much better a supported > version please!), but if that fails then grab Samba 'git master' and > build that for testing, as my patch is now merged there. > > Backported patches will appear at > https://bugzilla.samba.org/show_bug.cgi?id=15189so i ran? samba-tool drs clone-dc-database with debug level 3 it helped me to find 3 entries with weird (bad encoding?) values on attribute (defined in updated LDAP schema) after fixing those values on samba 4.3 AD, samba-tool drs clone-dc-database run successfully and samba-tool dbcheck on targetdir report only 1 error with? SID conflicts with our current RID set in CN=RID Set,> >>> We can also look into why the in-place upgrade fails. >>> >>> Running 'samba-tool dbcheck --reindex' using the modern version >>> should >>> allow the error to be seen in a more controlled circumstance, and >>> allow >>> raising the debug level etc. >> samba-tool dbcheck (without --reindex) on 4.13 returns >> >> Checked 4287 objects (6449 errors) >> >> mainly >> >> ERROR: incorrect attributeID values in replPropertyMetaData on ... >> ERROR: unsorted attributeID values in replPropertyMetaData on ... >> ERROR: unsorted attributeID values in replPropertyMetaData on ... >> >> >> but may be it is because db repacking failed? > No, this is a different thing. These are real bugs at a higher layer, > and while the unsorted attributeIDs are harmless (to samba, will break > windows), the incorrect attributeID may impact on the attempted > replication. > > What happens with the --reindex? (This opens a transaction, which > triggers the re-index, otherwise we just read the old format).reindex failed on same attribute as samba-tool drs clone-dc-database re-indexed database : (1, "reindexing failed: ../../ldb_key_value/ldb_kv_index.c:3048: Failed to re-index kwartzExtID in CN=someuser,CN=Users,DC=my,DC=domaine - Failed to create index key for attribute 'kwartzExtID':Unknown error:Entry @ATTRIBUTES already exists") so i did this: - fixed this attribute values values on samba 4.3 server - copy private dir backup to samba 4.13 test server - samba 4.13 then starts successfully with 5 "ldb: Repacking database from v1 to v2 " message in log.samba - directory returns all users and groups (via wbinfo or ldap) BUT samba-tool dbcheck still reports Checked 4204 objects (6365 errors) with in log 3 types of errors: ERROR: incorrect attributeID values in replPropertyMetaData ERROR: unsorted attributeID values in replPropertyMetaData ERROR: linked attribute 'member' is present on deleted object but samba-tool dbcheck --reindex runs successfully [completed re-index OK] do you think AD will be fully functionnal with this copied data (as for in place upgrade)?> >> directory is 4 years old and was build with classic upgrade from >> older >> samba3 + openldap >> >> >> i will do more test on db and keep the list informed. > Thanks, > > Andrew Bartlett > > =-- > Andrew Bartlett (he/him) https://samba.org/~abartlet/ > Samba Team Member (since 2001) https://samba.org > Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba > > Samba Development and Support, Catalyst IT - Expert Open Source > Solutions >-- Arnaud FLORENT IRIS Technologies