samba - Dec 2023 - bind crashes after samba upgrade

On Wed, Dec 27, 2023 at 12:25?PM Rowland Penny via samba
<samba at lists.samba.org> wrote:
<>

I attacked this in another way. Decided to take bind out of the
equation if possible and changed the dns backend of the running 4.10
to the samba internal one. No issues there and I didn't really need
the complexity of bind anyway. DNS and user auth worked just fine.
I then tried the in-place upgrade and same issue - DNS worked fine but
no users could authenticate.

So it looks like trying to make the jump by doing a DC join to the
latest bookworm-backport is on the agenda.

Would like to clarify a few items that will hopefully smooth the way:
When the wiki states "Create a hot-backup of the
/usr/local/samba/private/idmap.ldb file on the existing DC" does that
mean do the backup while Samba is running?
And what about the restore on the new DC? Is that a hot-restore, or
should Samba be shut down?
And in regards to the Sysvol sync - is that done with the command
shown - "samba-tool ntacl sysvolreset" or do I need to manually copy
the sysvol folder from the old DC to the new one first (or after)? If
manual copy, what's the recommended procedure?

Thank you,
Chris

On Fri, 29 Dec 2023 14:04:13 -0500
Sonic via samba <samba at lists.samba.org> wrote:
> On Wed, Dec 27, 2023 at 12:25?PM Rowland Penny via samba
> <samba at lists.samba.org> wrote:
> <>
> 
> I attacked this in another way. Decided to take bind out of the
> equation if possible and changed the dns backend of the running 4.10
> to the samba internal one. No issues there and I didn't really need
> the complexity of bind anyway. DNS and user auth worked just fine.
> I then tried the in-place upgrade and same issue - DNS worked fine but
> no users could authenticate.
> 
> So it looks like trying to make the jump by doing a DC join to the
> latest bookworm-backport is on the agenda.
> 
> Would like to clarify a few items that will hopefully smooth the way:
> When the wiki states "Create a hot-backup of the
> /usr/local/samba/private/idmap.ldb file on the existing DC" does that
> mean do the backup while Samba is running?
Yes
> And what about the restore on the new DC? Is that a hot-restore, or
> should Samba be shut down?
There is no need to stop Samba, by removing '.bak' from the backup, it
will replace the existing file.
> And in regards to the Sysvol sync - is that done with the command
> shown - "samba-tool ntacl sysvolreset" 
That isn't the sync command, that is the command to reset the
permissions once you have synced sysvol from one DC to another. To find
how to sync sysvol look a few lines op on the wiki page where you found
the sysvolreset command.

Rowland