Re: [Samba] Replication fails after DC re-joined to domain
- Date: Wed, 7 Feb 2018 22:23:19 -0000
- From: Roy Eastwood via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Replication fails after DC re-joined to domain
> -----Original Message-----
> From: Andrew Bartlett [mailto:abartlet@xxxxxxxxx]
> Sent: 07 February 2018 17:45
> To: Denis Cardon; Roy Eastwood; samba@xxxxxxxxxxxxxxx
> Subject: Re: [Samba] Replication fails after DC re-joined to domain
> On Wed, 2018-02-07 at 18:38 +0100, Denis Cardon via samba wrote:
> > Hi Roy,
> > > First some background:
> > > ==================
> > > I had a test environment which had two samba DCs (running v 4.8.0rc2) and 1
> > > Windows Server 2008R2 DC. The samba DCs had been upgraded from v 4.6x
> and the
> > > secrets database was not encrypted (as far as I know). I decided to
> > > one of the samba DCs to v 4.7.4.
> > >
> > > On re-starting samba after the downgrade the log shows:
> > >
> > > ldb: unable to dlopen /usr/local/samba/lib/ldb/encrypted_secrets.so :
> > > /usr/local/samba/lib/private/libdsdb-module-samba4.so: version
> > > not found (required by /usr/local/samba/lib/ldb/encrypted_secrets.so)
> > when you are doing your downgrade, did you clean up all the
> > /usr/local/samba directory or did you make && make install over the
> > existing installation?
> > If it was a quick'n dirty make && make install over the existing 4.8
> > install, could you try to do a install on a clean directory and then
> > copy over etc/smb.conf, private/ and var/locks/?
> > Cheers,
> > Denis
> This is exactly the issue. The install has left an ldb plugin
> (encrypted_secrets.so) around which blocks operation as it can't
> operate with the older Samba version but isn't overwritten as it didn't
> exist in the older version.
> However I also need to write up about the GUID index change, which also
> prevents in-place downgrades. It seems I forgot to mention that in the
> (That requires running source4/scripting/bin/sambaundoguididx before
> any downgrade in-place from 4.8 to 4.7 and below).
Thanks for that. However, the subsequent problem remains - ie replication failure. May be related, I also cannot connect to the server using the Windows DNS Manager - Access denied. Running samba_dnsupdate fails with TSIG error with server: tsig verify failure.
I have tried demoting, removing samba, re-installing samba and re-joining the domain a second time, but the problems remain.
Any suggestions how to proceed?
To unsubscribe from this list go to the following URL and read the