Web lists-archives.com

Re: [Samba] Replication fails after DC re-joined to domain




On Thu, 08 Feb 2018 06:45:28 +1300
Andrew Bartlett via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Wed, 2018-02-07 at 18:38 +0100, Denis Cardon via samba wrote:
> > Hi Roy,
> > 
> > > First some background:
> > > ==================
> > > I had a test environment which had two samba DCs (running v
> > > 4.8.0rc2) and 1 Windows Server 2008R2 DC.    The samba DCs had
> > > been upgraded from v 4.6x and the secrets database was not
> > > encrypted (as far as I know).    I decided to downgrade one of
> > > the samba DCs to v 4.7.4.
> > > 
> > > On re-starting samba after the downgrade the log shows:
> > > 
> > > ldb: unable to
> > > dlopen /usr/local/samba/lib/ldb/encrypted_secrets.so : /usr/local/samba/lib/private/libdsdb-module-samba4.so:
> > > version `SAMBA_4.8.0RC2' not found (required
> > > by /usr/local/samba/lib/ldb/encrypted_secrets.so)
> > 
> > when you are doing your downgrade, did you clean up all the 
> > /usr/local/samba directory or did you make && make install over the 
> > existing installation?
> > 
> > If it was a quick'n dirty make && make install over the existing
> > 4.8 install, could you try to do a install on a clean directory and
> > then copy over etc/smb.conf, private/ and var/locks/?
> > 
> > Cheers,
> > 
> > Denis
> 
> This is exactly the issue.  The install has left an ldb plugin
> (encrypted_secrets.so) around which blocks operation as it can't
> operate with the older Samba version but isn't overwritten as it
> didn't exist in the older version. 

The release notes clearly say this:

However, an in-place upgrade will not encrypt the database. 

So, the upgrade shouldn't create the ldb plugin, either that or rewrite
the release notes.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba