Bug 15701 - More possible replication loops against Azure AD
Summary: More possible replication loops against Azure AD
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: 4.20.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Samba QA Contact
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-28 04:14 UTC by Douglas Bagnall
Modified: 2024-08-28 05:40 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Douglas Bagnall 2024-08-28 04:14:57 UTC
During replication cycles the client and server exchange highwatermark objects, one member of which is reserved_usn, which the Samba server uses as a sort of auxiliary cookie to ensure each highwatermark is unique. It expects the client (normally another DC) to use a request highwatermark with the reserved_usn unchanged.

Unfortunately what Entra ID Connect does is set reserved_usn to zero, which Samba sometimes interprets as a request to start again from the beginning, causing an eternal loop. It used to be much easier to get into this loop, prior to the fixes for fixes for https://bugzilla.samba.org/show_bug.cgi?id=15401 (in particular 79ca6ef2).

In https://gitlab.com/samba-team/samba/-/merge_requests/3757 we have patches that cover off the final case where there are a lot of links and other parts of the highwatermark might not change. Effectively the logic is changed to accept (reserved_usn == the_expected_value || reserved_usn == 0).

This bug is to facilitate backport.
Comment 1 Samba QA Contact 2024-08-28 05:40:11 UTC
This bug was referenced in samba master:

4b4a7c3fd465267c43d9586ab79ca8f84c0cad24
796e92a530004406dcb3fea33f54833c722480a0
67c7609ab755291de27c620120a1c71b557452e4
2e1ccb35239fc6fe129c943bb7305bd4612d72d7
5ef27019033fd73decd111f9426e7f8982cbb806
7a623d8d5626b4e6c88ffb85e36f0934d89ed830
44a478038b6ec78aaec832d9dbde7fa6b2cdd639
7dac035896b368bf3a86acf58260eef39d195d19