Bug 13760 - Update from 4.7 (or earlier) to 4.9 fails
Summary: Update from 4.7 (or earlier) to 4.9 fails
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.9.3
Hardware: All All
: P5 regression (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-23 13:39 UTC by Björn Jacke
Modified: 2019-03-31 13:04 UTC (History)
6 users (show)

See Also:


Attachments
Patch describing work-around for v4.10 WHATSNEW (2.00 KB, patch)
2019-03-05 02:18 UTC, Tim Beale
no flags Details
patch to work around the issue for Samba 4.9 and 4.10 (3.50 KB, patch)
2019-03-07 07:51 UTC, Andrew Bartlett
gary: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Björn Jacke 2019-01-23 13:39:37 UTC
I've seen mulitiple setups which fail to update to 4.9 when the step via update to 4.8 was skipped. Typical log output:

[2019/01/23 09:16:10.394276,  0] ../source4/dsdb/common/util.c:1815(samdb_reference_dn_is_our_ntdsa)
  Failed to find object DC=example,DC=com for attribute fsmoRoleOwner - Cannot find DN DC=example,DC=com to get attribute fsmoRoleOwner for reference dn: No such Base DN: DC=example,DC=com
[2019/01/23 09:16:10.394451,  1] ../source4/dsdb/common/util.c:2003(samdb_is_pdc)
  Failed to find if we are the PDC for this ldb: Searching for fSMORoleOwner in DC=example,DC=com failed: Cannot find DN DC=example,DC=com to get attribute fsmoRoleOwner for reference dn: No such Base DN: DC=example,DC=com

Updating to 4.8 first, run Samba once, then update to 4.9 works around the problem.
Comment 1 Andrew Bartlett 2019-02-20 04:41:22 UTC
Running:

sudo /usr/local/samba/bin/ldbedit -H /usr/local/samba/private/sam.ldb

Fixes it.

The issue is that Samba 4.9 no longer does the reindex on first open, but one the first transaction start.

However something clearly thinks we are in GUID index mode already.
Comment 2 Andrew Bartlett 2019-03-04 06:15:51 UTC
A bisect appears to show this as the problem commit:

commit 040a526a3bbcafeeebb6dd50a563a4635dd79fea
Author: Gary Lockyer <gary@catalyst.net.nz>
Date:   Tue Mar 13 16:43:54 2018 +1300

    ldb-samba: require pid match for cached ldb
    
    Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet@samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Comment 3 Andrew Bartlett 2019-03-05 01:13:39 UTC
Additionally, other failures (a failure to find the domain in the SAMR server) happen starting here:

commit 6c9e658ec1bb959e20aaab6244daf27dd6232fe2
Author: Andrew Bartlett <abartlet@samba.org>
Date:   Wed Apr 11 11:58:22 2018 +1200

    dsdb: Load schema during the read_lock() hook, not the search
    
    This should trigger slightly less often and is the more correct place, as
    we only load it during the first lock when not in a transaction.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13379
    
    Signed-off-by: Andrew Bartlett <abartlet@samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

[2019/03/05 01:06:39.654065,  1] ../source4/rpc_server/samr/dcesrv_samr.c:421(dcesrv_samr_OpenDomain)
  Failed to open domain S-1-5-21-4173033282-2408694793-2842603467: No such Base DN: DC=samba,DC=org
Comment 4 Andrew Bartlett 2019-03-05 01:21:30 UTC
(In reply to Andrew Bartlett from comment #1)
sudo /usr/local/samba/bin/samba-tool dbcheck --reindex

Will also fix it (with less risks).
Comment 5 Andrew Bartlett 2019-03-05 01:52:40 UTC
Another possible fix/workaround is at 

https://gitlab.com/samba-team/samba/merge_requests/274

This essentially automates the good work done by 'samba-tool dbcheck --reindex' before every startup, but only if needed.
Comment 6 Tim Beale 2019-03-05 02:18:12 UTC
Created attachment 14900 [details]
Patch describing work-around for v4.10 WHATSNEW

If we don't come up with a satisfactory fix in time for the 4.10 release, we should at least warn users about it in the 4.10 WHATSNEW, so they know how to avoid this problem. Attached is a patch that updates the 4.10 WHATSNEW Upgrading/Known Issues sections and describes a work-around.
Comment 7 Andrew Bartlett 2019-03-07 07:51:36 UTC
Created attachment 14907 [details]
patch to work around the issue for Samba 4.9 and 4.10

This patch for the next 4.9.x and 4.10.x release.

If we are too close to 4.10.0 then please take the WHATSNEW instead.

Thanks!
Comment 8 Karolin Seeger 2019-03-11 07:44:18 UTC
(In reply to Andrew Bartlett from comment #7)
Pushed to autobuild-v4-{9,10}-test although v4-9-test is frozen.
Comment 9 Karolin Seeger 2019-03-12 09:28:31 UTC
(In reply to Karolin Seeger from comment #8)
Pushed to both branches.
Closing out bug report.

Thanks!
Comment 10 vt 2019-03-31 13:04:17 UTC
I originally brought this issue to the attention of the list. I tried to do an upgrade from 4.7.4 to 4.9.4 in December and eventually had to revert back. 

After reading the comments here, I tried the update one more time, followed by the commands mentioned (ldbedit and dbcheck). This still did not work for me.

# journalctl -xe

Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: /usr/sbin/samba_dnsupdate: ERROR(runtime): uncaught exception - (9711, 'WERR_DNS_ERROR_RECORD_ALREADY_EXISTS')
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31 11:43:52.021002,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]:
/usr/sbin/samba_dnsupdate:   File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 177, in _run
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31
11:43:52.021202,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]:
/usr/sbin/samba_dnsupdate:     return self.run(*args, **kwargs)
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31
11:43:52.021375,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]:
/usr/sbin/samba_dnsupdate:   File "/usr/lib/python2.7/dist-packages/samba/netcmd/dns.py", line 945, in run
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31
11:43:52.021539,  0] ../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]:
/usr/sbin/samba_dnsupdate:     raise e
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]: [2019/03/31
11:43:52.047043,  0] ../source4/dsdb/dns/dns_update.c:330(dnsupdate_nameupdate_done)
Mar 31 11:43:52 dc1 samba[224]: task[dnsupdate][224]:
../source4/dsdb/dns/dns_update.c:330: Failed DNS update - with error code 26

I'm currently waiting for LvB to make packages available for Ubuntu and will then test an upgrade to 4.10. 

Reference: https://lists.samba.org/archive/samba/2019-March/222099.html