Bug 11818 - Demote a working DC fails with uncaught exception
Summary: Demote a working DC fails with uncaught exception
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.4.0
Hardware: All Linux
: P5 minor (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on: 11882
Blocks:
  Show dependency treegraph
 
Reported: 2016-03-31 11:15 UTC by Roy Eastwood
Modified: 2016-07-29 03:28 UTC (History)
3 users (show)

See Also:

Attachments
Adds missing word (1.11 KB, patch)
2016-03-31 12:41 UTC, Rowland Penny 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Roy Eastwood 2016-03-31 11:15:37 UTC 
Overview:  Attempt to demote a DC using: samba-tool domain demote -Uadministrator command.   Two DCs in the domain - DC1 holding all FSMO roles, replication working, SysVol replication working and samba-tool ntacl sysvolcheck produced no errors.

Steps to Reproduce: Can be easily reproduced by joining another server as DC.   After configuring SysVol replication and checking all is working, attempt another demote.

Result of entering the samba-tool domain demote command:
root@dc2:~# samba-tool domain demote -Uadministrator
Using dc1.microlynx.com as partner server for the demotion
Password for [MICROLYNX\administrator]:
Deactivating inbound replication
Asking partner server dc1.microlynx.com to synchronize from us
Changing userControl and container
ERROR(<type 'exceptions.TypeError'>): uncaught exception - remove_sysvol_references() takes exactly 3 arguments (2 given)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py", line 175, in _run
    return self.run(*args, **kwargs)
  File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py", line 943, in run
    remove_dc.remove_sysvol_references(remote_samdb, dc_name)
root@dc2:~#

Expected result: Graceful demotion of the DC with the remaining DC correctly removing all entries to the demoted DC in Active Directory and DNS.

Build and hardware: Samba was compiled from source (version 4.4.0) using just the following configure options: --sysconfdir=/etc/samba and --disable-cups
Platform was new installs of Debian v8.3 (jessie) on i686 processor-based hardware for both DCs.   Domain was provisioned using --use-rfc2307 and --dns-backend=SAMBA_INTERNAL.

(Have tested another DC, this time on a 64-bit machine with same result).
Comment 1 Rowland Penny 2016-03-31 12:41:40 UTC 
Created attachment 11953 [details]
Adds missing word

This patch should fix the problem, I have also sent the patch to samba-technical for consideration.
Comment 2 Andrew Bartlett 2016-03-31 18:47:19 UTC 
Comment on attachment 11953 [details]
Adds missing word

The more concerning issue is why this wasn't a tested codepath.  Can you look at our tests and see what we need to add?

Thanks,
Comment 3 Andrew Bartlett 2016-04-29 22:37:45 UTC 
(In reply to Andrew Bartlett from comment #2)
The online samba-tool demote case is listed as a flapping test, which is why this code is essentially untested.

Fixing bug 11882 (and perhaps some other replication bugs) will allow the existing test to be used again.
Comment 4 Miguel Medalha 2016-05-07 17:25:21 UTC 
After applying both this patch and the one related to bug 11882 to samba 4.4.2 I was able to successfully demote an AD DC. Before the patch all demotion attempts failed.
Comment 5 Miguel Medalha 2016-05-07 17:29:43 UTC 
I applied this patch together with the one related to bug 11818.
Comment 6 Andrew Bartlett 2016-07-29 03:28:38 UTC 
Fixed in Samba 4.5.0rc1 by f777ca33c677cc6a7f4e52606b83c5002e3e6b71