Web lists-archives.com

Re: [Samba] corrupted db after upgrading to 4.7




Hello.

To follow-up this issue, since the upgrade, when i do a named reload it crash, look like there's duplicated zones.

Here's the log when i trigger a reload


nov 05 03:09:02 data.contoso.com named[2807]: received control channel command 'reload'
nov 05 03:09:02 data.contoso.com named[2807]: loading configuration from '/etc/named.conf'
nov 05 03:09:02 data.contoso.com named[2807]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
nov 05 03:09:02 data.contoso.com named[2807]: initializing GeoIP Country (IPv4) (type 1) DB
nov 05 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 Copyright (c) 2016 MaxMind
nov 05 03:09:02 data.contoso.com named[2807]: initializing GeoIP Country (IPv6) (type 12) DB
nov 05 03:09:02 data.contoso.com named[2807]: GEO-106FREE 20160607 Build 1 Copy
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4) (type 2) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv4) (type 6) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 30) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP City (IPv6) (type 31) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 3) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Region (type 7) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP ISP (type 4) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Org (type 5) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP AS (type 9) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP Domain (type 11) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: GeoIP NetSpeed (type 10) DB not available
nov 05 03:09:02 data.contoso.com named[2807]: using default UDP/IPv4 port range: [1024, 65535]
nov 05 03:09:02 data.contoso.com named[2807]: using default UDP/IPv6 port range: [1024, 65535]
nov 05 03:09:02 data.contoso.com named[2807]: sizing zone task pool based on 6 zones
nov 05 03:09:02 data.contoso.com named[2807]: Loading 'AD DNS Zone' using driver dlopen
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: starting configure
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'ratchet.com' from 'DC=@,DC=ratchet.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone '17.172.in-addr.arpa' from 'DC=@,DC=17.172.in-addr.arpa,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'johndoe.com' from 'DC=@,DC=johndoe.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone 'contoso.com' from 'DC=@,DC=contoso.com,CN=MicrosoftDNS,DC=DomainDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: samba_dlz: Ignoring duplicate zone '_msdcs.contoso.com' from 'DC=@,DC=_msdcs.contoso.com,CN=MicrosoftDNS,DC=ForestDnsZones,DC=contoso,DC=com'
nov 05 03:09:02 data.contoso.com named[2807]: using built-in DLV key for view _default
nov 05 03:09:02 data.contoso.com named[2807]: automatic empty zone: 10.IN-ADDR.ARPA
nov 05 03:09:02 data.contoso.com named[2807]: automatic empty zone: 16.172.IN-ADDR.ARPA
....
nov 05 03:09:02 data.contoso.com named[2807]: automatic empty zone: 110.100.IN-ADDR.ARPA
nov 05 03:09:02 data.contoso.com systemd[1]: named.service: main process exited, code=killed, status=6/ABRT
nov 05 03:09:02 data.contoso.com sh[24531]: kill: échec de changement de d'envoi de signal vers 2807: Aucun processus de ce type
nov 05 03:09:02 data.contoso.com systemd[1]: named.service: control process exited, code=exited status=1
nov 05 03:09:02 data.contoso.com sh[24537]: Utilisation :
nov 05 03:09:02 data.contoso.com sh[24537]: kill [options] <pid|nom> [...]
nov 05 03:09:02 data.contoso.com sh[24537]: Options :
nov 05 03:09:02 data.contoso.com sh[24537]: -a, --all              ne pas restreindre la conversion de nom en PID aux
nov 05 03:09:02 data.contoso.com sh[24537]: processus avec le même UID que le processus actuel
nov 05 03:09:02 data.contoso.com sh[24537]: -s, --signal <sig>     envoyer le signal indiqué
nov 05 03:09:02 data.contoso.com sh[24537]: -q, --queue <sig>      utiliser sigqueue(2) au lieu de kill(2)
nov 05 03:09:02 data.contoso.com sh[24537]: -p, --pid              afficher les PID sans leur envoyer de signal
nov 05 03:09:02 data.contoso.com sh[24537]: -l, --list [=<signal>] afficher les noms de signal, ou en convertir un en nom
nov 05 03:09:02 data.contoso.com sh[24537]: -L, --table            afficher les noms et numéros de signal
nov 05 03:09:02 data.contoso.com sh[24537]: -h, --help     afficher cette aide et quitter
nov 05 03:09:02 data.contoso.com sh[24537]: -V, --version  afficher les informations de version et quitter
nov 05 03:09:02 data.contoso.com sh[24537]: Consultez kill(1) pour obtenir des précisions complémentaires.
nov 05 03:09:02 data.contoso.com systemd[1]: named.service: control process exited, code=exited status=1
nov 05 03:09:02 data.contoso.com systemd[1]: Reload failed for Berkeley Internet Name Domain (DNS).
nov 05 03:09:02 data.contoso.com systemd[1]: Unit named.service entered failed state.
nov 05 03:09:02 data.contoso.com systemd[1]: named.service failed.



Is it related to Samba after the same bug ?

If i remove the samba dlz part in the named config, it's fine.

Thanks :)



----- Mail original -----
De: "Denis Cardon" <dcardon@xxxxxxxxxxx>
À: "Maxence Sartiaux" <msartiaux@xxxxxxxxxxxxx>, "Andrew Bartlett" <abartlet@xxxxxxxxx>
Cc: samba@xxxxxxxxxxxxxxx
Envoyé: Vendredi 3 Novembre 2017 11:02:18
Objet: Re: [Samba] corrupted db after upgrading to 4.7

Hi Maxence,

> Fyi, i've updated to 4.7.1, the dbcheck still not fix the broken links,
> is the fix you talk about planned for a future release ?
>
> Our customer reported me, some users have issues when their logon server
> is DC1 but not when it's DC2.
>
> On DC1 some users have access to all shares, some doesn't have any
> access at all.

actually this last symptom was the one that got us to hack quickly a 
solution for the issue with orphaned backlink attribute 'memberOf'. 
You'll probably have to do some cleanup as I pointed out in my last mail.

The bugzilla entry [1] you mentioned and corresponding patch prevents 
the problem from happening, but I don't think it fixes it.

Cheers,

Denis

[1] https://bugzilla.samba.org/show_bug.cgi?id=13095

>
>
>
> On 11/02/2017 04:38 PM, Andrew Bartlett wrote:
>> On Thu, 2017-11-02 at 16:19 +0100, Maxence Sartiaux via samba wrote:
>>>
>> No worries.
>>
>> Andrew Bartlett
>>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba