Web lists-archives.com

Re: [Samba] Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC




On Thu, 2018-03-15 at 14:34 -0400, Justin Foreman wrote:
> The problem does not happen if I recreate the domain from scratch. I’m able to successfully join 4.8.0 to a 4.6.7 domain built from scratch (just tried it). One thing that I will note is that I also saw SPN creation failures when attempting to join Windows 2008 R2. So it’s not a Samba 4.8.0 problem. It’s a problem with my database (help!).

Just to connect the dots, this bug has been filed for the same issue:

https://bugzilla.samba.org/show_bug.cgi?id=13336

This commit in master might be a fix:

commit 5c1504b94d1417894176811f18c5d450de22cfd2
Author: Gary Lockyer <gary@xxxxxxxxxxxxxxx>
Date:   Wed Feb 28 11:47:22 2018 +1300

    ldb_tdb: Do not fail in GUID index mode if there is a duplicate
attribute
    
    It is not the job of the index code to enforce this, but do give a
    a warning given it has been detected.
    
    However, now that we do allow it, we must never return the same
    object twice to the caller, so filter for it in
ltdb_index_filter().
    
    The GUID list is sorted, which makes this cheap to handle,
thankfully.
    
    Signed-off-by: Gary Lockyer <gary@xxxxxxxxxxxxxxx>
    Reviewed-by: Douglas Bagnall <douglas.bagnall@xxxxxxxxxxxxxxx>
    Reviewed-by: Andrew Bartlett <abartlet@xxxxxxxxx>

Can you re-try with git master to help us isolate this?

Andrew Bartlett

> As for an in-place upgrade, I’m struggling a bit with that, as 4.6.7 is Ubuntu packaged and the folder layout is much different than the vanilla source. (i.e. /var/lib/samba vs /usr/local/samba/{var,private,etc}. Is there an easy way to map the folders (env variables?)? I tried to do a find for each tdb and place it correctly in the /usr/local/samba directory structure but it failed miserably when I started the source-built 4.8.0 (essentially ended up with an empty database).
> 
> Justin
> 
> > On Mar 15, 2018, at 2:09 PM, Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> > 
> > On Thu, 2018-03-15 at 10:36 -0400, Justin Foreman wrote:
> > > After deleting the entire OU the failure happens on a different computer account in a different OU and so on. I don't think that there's anything unusual about my computer accounts.
> > 
> > Does it happen when you re-create the domain from scratch with 4.6 or
> > 4.7 and join to 4.8?  What about a join of 4.8?  What if the source is
> > upgraded in place first?
> > 
> > Can you pin anything down in particular about it?
> > 
> > I would be very surprised if a 4.8 -> 4.8 join fails, as that is
> > extensively tested in the selftest, but the more clues we get and the
> > shorter the steps to reproduce the easier it will be to work this out. 
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > 
> > -- 
> > Andrew Bartlett                       http://samba.org/~abartlet/
> > Authentication Developer, Samba Team  http://samba.org
> > Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> > 
> 
> 
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba