Web lists-archives.com

Re: [Samba] Unable to successfully join Samba 4.8.0 or Windows 2008 R2 to a Samba 4.6.7 DC, unable to upgrade in-place




On Thu, 2018-03-15 at 16:10 -0400, Justin Foreman wrote:
> Okay. The master build worked on the join. Excellent. So it was 4.8.0 having a problem. 
> 
> I’ve attempted to join 2008 R2 now to 4.8.0 but it still blue screens. Should I start a new thread for clarity’s sake?

So, I think this, the upgrade issues and even the old
servicePrincipalName handling bug is all the same thing.

What happened is that in the past we did not reject:

servicePrincipalName: HOST/foo
servicePrincipalName: host/foo

Then with 4.8 the index code rejected this.  With master for 4.9 we
decided it wasn't the index code's job to do this, so fixed that (it
helped another use case). 

Add to this the upgrade code for GUID indexes didn't assert that if the
re-index failed that we must abort the transaction, so the partial
upgrade case gets committed and it all dies on the next DB open.

At least that is the theory I'll be working to prove or disprove on
Monday.

I think the core short-term fix is in:

commit 5c1504b94d1417894176811f18c5d450de22cfd2
Author: Gary Lockyer <gary@xxxxxxxxxxxxxxx>
Date:   Wed Feb 28 11:47:22 2018 +1300

    ldb_tdb: Do not fail in GUID index mode if there is a duplicate
attribute
    
    It is not the job of the index code to enforce this, but do give a
    a warning given it has been detected.
    
    However, now that we do allow it, we must never return the same
    object twice to the caller, so filter for it in
ltdb_index_filter().
    
    The GUID list is sorted, which makes this cheap to handle,
thankfully.
    
    Signed-off-by: Gary Lockyer <gary@xxxxxxxxxxxxxxx>
    Reviewed-by: Douglas Bagnall <douglas.bagnall@xxxxxxxxxxxxxxx>
    Reviewed-by: Andrew Bartlett <abartlet@xxxxxxxxx>


The replication to windows may be failing because of the duplicate
value, eventually we will need to write a dbcheck rule to fix that.

Thanks all for your patience!

Andrew Bartlett
-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba