Bug 13251 - Downgrade from 4.8.0rc2 fails
Summary: Downgrade from 4.8.0rc2 fails
Status: RESOLVED INVALID
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.8.0rc2
Hardware: All Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-07 17:18 UTC by Roy Eastwood
Modified: 2018-02-15 01:13 UTC (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Roy Eastwood 2018-02-07 17:18:03 UTC
I had a test environment which had two samba DCs (running v 4.8.0rc2) and 1 Windows Server 2008R2 DC.    The samba DCs had been upgraded from v 4.6x and the secrets database was not encrypted (as far as I know).    I decided to downgrade one of the samba DCs to v 4.7.4. 

On re-starting samba after the downgrade the log shows:

ldb: unable to dlopen /usr/local/samba/lib/ldb/encrypted_secrets.so : /usr/local/samba/lib/private/libdsdb-module-samba4.so: version `SAMBA_4.8.0RC2' not found (required by /usr/local/samba/lib/ldb/encrypted_secrets.so)

and the samba daemons are left in a failed state.

Recovery was to remove this failed DC (dc1) from the domain, after seizing the FSMO roles and using the remove-other-dead-server option on the remaining (4.8.0rc2) DC.   

On the original machine, I removed all traces of the existing samba installation and then installed a freshly compiled copy of v. 4.7.5 and re-joined the domain (though wasn't able to specify the --plaintext-secrets option).   All was working, including replication (as far as I know).

I then demoted the other 4.8.0rc2 samba machine (dc2), with the same result, so had to repeat the seizing of roles and removal then install 4.7.5 and re-join.
Comment 1 Ralph Böhme 2018-02-07 17:49:26 UTC
This may be totally dumb, but have you tried:
# /usr/local/samba/lib/ldb/encrypted_secrets.so

Afaict encrypted_secrets.so is part of 4.7 so shouldn't be present in a 4.7 install. So  if it's left over in the ldb module directory from the 4.8 install, 4.7 will try to load it (as it's in the ldb module dir) and that fails.
Comment 2 Ralph Böhme 2018-02-07 17:50:16 UTC
(In reply to Ralph Böhme from comment #1)
Ups, somehow an important part was stripped, I meant:
# rm /usr/local/samba/lib/ldb/encrypted_secrets.so
Comment 3 Roy Eastwood 2018-02-07 22:27:04 UTC
(In reply to Ralph Böhme from comment #2)
No, sadly I didn't try that - too late now as I've blown it away!   Thanks,
Roy
Comment 4 Andrew Bartlett 2018-02-15 01:13:57 UTC
Closing as invalid per the discussion.