I've seen mulitiple setups which fail to update to 4.9 when the step via update to 4.8 was skipped. Typical log output: [2019/01/23 09:16:10.394276, 0] ../source4/dsdb/common/util.c:1815(samdb_reference_dn_is_our_ntdsa) Failed to find object DC=example,DC=com for attribute fsmoRoleOwner - Cannot find DN DC=example,DC=com to get attribute fsmoRoleOwner for reference dn: No such Base DN: DC=example,DC=com [2019/01/23 09:16:10.394451, 1] ../source4/dsdb/common/util.c:2003(samdb_is_pdc) Failed to find if we are the PDC for this ldb: Searching for fSMORoleOwner in DC=example,DC=com failed: Cannot find DN DC=example,DC=com to get attribute fsmoRoleOwner for reference dn: No such Base DN: DC=example,DC=com Updating to 4.8 first, run Samba once, then update to 4.9 works around the problem.
Running: sudo /usr/local/samba/bin/ldbedit -H /usr/local/samba/private/sam.ldb Fixes it. The issue is that Samba 4.9 no longer does the reindex on first open, but one the first transaction start. However something clearly thinks we are in GUID index mode already.
A bisect appears to show this as the problem commit: commit 040a526a3bbcafeeebb6dd50a563a4635dd79fea Author: Gary Lockyer <gary@catalyst.net.nz> Date: Tue Mar 13 16:43:54 2018 +1300 ldb-samba: require pid match for cached ldb Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Additionally, other failures (a failure to find the domain in the SAMR server) happen starting here: commit 6c9e658ec1bb959e20aaab6244daf27dd6232fe2 Author: Andrew Bartlett <abartlet@samba.org> Date: Wed Apr 11 11:58:22 2018 +1200 dsdb: Load schema during the read_lock() hook, not the search This should trigger slightly less often and is the more correct place, as we only load it during the first lock when not in a transaction. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> [2019/03/05 01:06:39.654065, 1] ../source4/rpc_server/samr/dcesrv_samr.c:421(dcesrv_samr_OpenDomain) Failed to open domain S-1-5-21-4173033282-2408694793-2842603467: No such Base DN: DC=samba,DC=org
(In reply to Andrew Bartlett from comment #1) sudo /usr/local/samba/bin/samba-tool dbcheck --reindex Will also fix it (with less risks).
Another possible fix/workaround is at https://gitlab.com/samba-team/samba/merge_requests/274 This essentially automates the good work done by 'samba-tool dbcheck --reindex' before every startup, but only if needed.
Created attachment 14900 [details] Patch describing work-around for v4.10 WHATSNEW If we don't come up with a satisfactory fix in time for the 4.10 release, we should at least warn users about it in the 4.10 WHATSNEW, so they know how to avoid this problem. Attached is a patch that updates the 4.10 WHATSNEW Upgrading/Known Issues sections and describes a work-around.
Created attachment 14907 [details] patch to work around the issue for Samba 4.9 and 4.10 This patch for the next 4.9.x and 4.10.x release. If we are too close to 4.10.0 then please take the WHATSNEW instead. Thanks!
(In reply to Andrew Bartlett from comment #7) Pushed to autobuild-v4-{9,10}-test although v4-9-test is frozen.
(In reply to Karolin Seeger from comment #8) Pushed to both branches. Closing out bug report. Thanks!
I originally brought this issue to the attention of the list. I tried to do an upgrade from 4.7.4 to 4.9.4 in December and eventually had to revert back. After reading the comments here, I tried the update one more time, followed by the commands mentioned (ldbedit and dbcheck). This still did not work for me. # journalctl -xe Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS') Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31 11:43:52.021002, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: /usr/sbin/samba_dnsupdate: File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31 11:43:52.021202, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: /usr/sbin/samba_dnsupdate: return self.run(*args, **kwargs) Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31 11:43:52.021375, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: /usr/sbin/samba_dnsupdate: File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 945, in run Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31 11:43:52.021539, 0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler) Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: /usr/sbin/samba_dnsupdate: raise e Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31 11:43:52.047043, 0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done) Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: ../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 26 I'm currently waiting for LvB to make packages available for Ubuntu and will then test an upgrade to 4.10. Reference: https://lists.samba.org/archive/samba/2019-March/222099.html