Web lists-archives.com

Re: [Samba] Fwd: Samba broken after 4.8 upgrade




Thanks for getting back to me.  I managed to restore my domain from a
backup that I forgot I had.

Glad you know about the bug!

On Fri, Apr 13, 2018 at 4:04 AM, Andrew Bartlett <abartlet@xxxxxxxxx> wrote:

> On Thu, 2018-04-12 at 13:02 -0400, Andrew Dumaresq via samba wrote:
> > Hello,
> >
> > Today I tried to upgrade to samba 4.8.0, the upgrade seems to have
> failed,
> > and I can't seem to fix it or back out.  The issue seems to be I've lost
> > the some KRB tickets.  Here's and example of the errors i get:
> >
> > samba-tool domain exportkeytab /tmp/test2
> > samba_kdc_fetch: could not find own KRBTGT in DB: dsdb_search at
> > ../source4/dsdb/common/util.c:4641
> > ERROR(runtime): uncaught exception - }
> >   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/_
> _init__.py",
> > line 176, in _run
> >     return self.run(*args, **kwargs)
> >   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/
> domain.py",
> > line 143, in run
> >     net.export_keytab(keytab=keytab, principal=principal)
> >
> > this missing KRBTGT also means that my kdc is not listening on port 88
> > netstat -tlpn |grep samba
> > tcp        0      0 192.168.1.10:636        0.0.0.0:*
>  LISTEN
> >     17772/samba: task[l
> > tcp        0      0 192.168.1.10:49152      0.0.0.0:*
>  LISTEN
> >     17767/samba: task[d
> > tcp        0      0 192.168.1.10:49153      0.0.0.0:*
>  LISTEN
> >     17767/samba: task[d
> > tcp        0      0 192.168.1.10:49154      0.0.0.0:*
>  LISTEN
> >     17767/samba: task[d
> > tcp        0      0 192.168.1.10:3268       0.0.0.0:*
>  LISTEN
> >     17772/samba: task[l
> > tcp        0      0 192.168.1.10:3269       0.0.0.0:*
>  LISTEN
> >     17772/samba: task[l
> > tcp        0      0 192.168.1.10:389        0.0.0.0:*
>  LISTEN
> >     17772/samba: task[l
> > tcp        0      0 192.168.1.10:135        0.0.0.0:*
>  LISTEN
> >     17767/samba: task[d
> >
> >
> >
> > I suspect this has something to do with my domain being very old (I
> created
> > it while samba 4 was still in beta).  I was upgrading from samba-4.7.5 so
> > it wasn't a huge version jump.
> >
> > I am also unable to downgrade, the source4/scripting/bin/
> sambaundoguididx
> > script core dumps without producing any messages so I can't downgrade
> > either (serves me right for not taking a backup first).
>
> This is unfortunate.  My suggestion is that you use ldbdump and then
> ldbadd to re-build the backend databases (the things in sam.ldb.d/ that
> we generally say not to touch) and then try the script again.  You may
> with to manually avoid adding the index controls (@INDEXLIST) and let
> Samba re-add them once you get back to 4.7.
>
> This is the bug for a fixed Samba 4.8 upgrade:
>
> https://bugzilla.samba.org/show_bug.cgi?id=13335
>
> Anyway, the data should still be in there, it just might be a little
> harder to find.
>
> I'm very sorry for this situation, and if you can report the backtrace
> from the script as a bug it would be helpful in fixing that too.
>
> Thanks,
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                       http://samba.org/~abartlet/
> Authentication Developer, Samba Team  http://samba.org
> Samba Developer, Catalyst IT          http://catalyst.net.nz/
> services/samba
>
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba