Web lists-archives.com

Re: [Samba] [Patches] AD Database corruption after upgrade from <= 4.6 to 4.7 (bug #13228)






Am 22.01.2018 um 22:12 schrieb Ralph Böhme:
On Mon, Jan 22, 2018 at 05:24:44PM +0100, Achim Gottinger via samba wrote:
Am 22.01.2018 um 10:49 schrieb Stefan Metzmacher via samba:
Also DO NOT repair the following errors with samba-tool dbcheck!
"Remove duplicate links in attribute"
and
"ERROR: orphaned backlink"
as this removes the ability to repair the database
in the next round of patches!

I had this error after upgrading from 4.7.3 to 4.7.4 and used samba-tool
dbcheck --clean to get rid of them.
Replication is still working. What kind of unrepairable corruption can i
expect now?
see the bug report for details, this can eg cause loss of group memberships or
generally speaking loss of linked-attributes.

The only remede is comparing all objects for differences in linked-attributes
and restore overwritten forward-links from now dangling backlinks.

We're currently also working on an improvement to dbcheck so it can detect such
corruption and fix it, but this will only work if you did *not* run dbcheck
--fix on the affected database.

-slow

Thank you for the infos!

I took a look at my notes.

I updates from 4.6.8 to 4.7.3 on 25.11.2017.

Back then i found error like this all related to siteList before the update.

ERROR: no target object found for GUID component for siteList in object CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=samba-list,DC=loc - <GUID=d4f41749a1595a43871ab1d72f24fe6b>;<RMD_ADDTIME=130015150890000000>;<RMD_CHANGETIME=130015150890000000>;<RMD_FLAGS=0>;<RMD_INVOCID=af301252bb781543b57dbd7cb773d46f>;<RMD_LOCAL_USN=4762>;<RMD_ORIGINATING_USN=4762>;<RMD_VERSION=0>;CN=Test,CN=Sites,CN=Configuration,DC=samba-list,DC=loc
Not removing dangling forward link
ERROR: no target object found for GUID component for siteList in object CN=DEFAULTIPSITELINK,CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=samba-list,DC=loc - <GUID=596bd8ae9e8bc94eab99ad3c12e22132>;<RMD_ADDTIME=130739077850000000>;<RMD_CHANGETIME=130739077850000000>;<RMD_FLAGS=0>;<RMD_INVOCID=af301252bb781543b57dbd7cb773d46f>;<RMD_LOCAL_USN=453494>;<RMD_ORIGINATING_USN=453494>;<RMD_VERSION=0>;CN=Grafing,CN=Sites,CN=Configuration,DC=samba-list,DC=loc
Not removing dangling forward link
Please use --fix to fix these errors

I updated to 4.7.3 and back then edited the ldb file and deleted the links to old expunged sites whom did no longer exist with the given GUID.

#~ldbedit -e nano -H /varLib/samba/private/sam.ldb.d/CN=CONFIGURATION,DC=SAMBA-LIST,DC=LOC.ldb
#~samba-tool dbcheck --reindexdb

An month later on 26.12.2017 at about 5 am a few groups suddenly had an messed up member list, some users showed up twice some where missing. I fixed it by deleting and recreating the affected groups, erros where deceted but could not be fixed with samba-tool dbcheck for the affected users/groups. Also deleting those twice listed users did not work. Thought it was caused by an forced kill -9 to the samba service from an cron job at that time.

I maintain two separate networks with samba addc's and this only happend at one of these networks, both run samba adds's on 5 and 7 sites. My thombstoneLifetime is set to 30 days ab both networks.

On 12.01.2018 i updated from 4.7.3 to 4.7.4. dbcheck ran clean before the update but showed a few dangling forward errors whom i then fixed with dbcheck --fix. Till now no group corruption had happened. I can think of restoring an backup from 11.01.2018 to an vm with 4.7.4 here to inspect the errors from dbcheck again and maybe recreate these deleted links again. As far as i remember the errors where different on the ad's of whom i run a dozend, so this may become complicated.

I assume the errors caused by the 4.6.8->4.7.3 update happened 30 days later and I fixed these by recreating the affected groups. But i'm unsure if the fixes i ran after the 4.7.3->4.7.4 update may cause another corruption on 11.02.2018. dbcheck --cross-ncs did not find any errors before the update only afterwards. So the question is will the fixing of the newly detected  errors (by dbcheck version 4.7.4) cause issues or are these unrelated.

Achim~



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba