Bug 9525 - After upgrading Samba 4.x to Version 4.1.0pre1-GIT-bcacd8f Bind9 dns account present in sam.ldb but not secrets.ldb
Summary: After upgrading Samba 4.x to Version 4.1.0pre1-GIT-bcacd8f Bind9 dns account ...
Status: NEW
Alias: None
Product: Samba 4.0
Classification: Unclassified
Component: AD: LDB/DSDB/SAMDB (show other bugs)
Version: unspecified
Hardware: x64 Linux
: P5 normal (vote)
Target Milestone: ---
Assignee: Andrew Bartlett
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-12-30 21:59 UTC by Dan Lawson
Modified: 2013-06-09 08:11 UTC (History)
2 users (show)

See Also:

Attachments
Log file with error, and after it was fixed (6.46 KB, text/plain)
2012-12-30 22:02 UTC, Dan Lawson 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dan Lawson 2012-12-30 21:59:19 UTC 

    


    


      



        
          Comment 1
        

        
          Dan Lawson

        

        
        

        
          2012-12-30 22:02:24 UTC
        

      






Created attachment 8373 [details]
Log file with error, and after it was fixed

    


    


      



        
          Comment 2
        

        
          Dan Lawson

        

        
        

        
          2012-12-30 22:03:31 UTC
        

      






After upgrading samba using git pull, ./configure, make, and make install, DNS stopped working.  It required samba_upgradedns to fix.  Attached is log file.

    


    


      



        
          Comment 3
        

        
          Andrew Bartlett

        

        
        

        
          2012-12-31 07:59:21 UTC
        

      






So, what seems to have happened here is that the dns-SERVER account exists in the sam.ldb, but not in secrets.ldb.

Failing is actually the right thing to do (it will fail at runtime otherwise), and samba_upgradedns is the right fix to restore the secrets.ldb entry. 

I'm not sure what more we can do here, perhaps we can try and fix the existing install automatically, but it's going to be messy.

    


    


      



        
          Comment 4
        

        
          Kai Blin

        

        
        

        
          2013-05-25 10:07:11 UTC
        

      






This is not a bug in the internal DNS server, as that doesn't technically require the DNS account at all. I'm a bit at a loss what to classify this as, but I at least updated the bug title.

    


    


      



        
          Comment 5
        

        
          Kai Blin

        

        
        

        
          2013-06-09 08:11:55 UTC
        

      






I'd argue this is more of an AD-related issue than a DNS-related issue.