Some end user tests with LMDB branch

Denis Cardon dcardon at tranquil.it
Fri May 11 09:52:22 UTC 2018


G'day Garming, Andrew and all,

> 0x000021bf is known as WERR_DS_DRA_RECYCLED_TARGET
>
> This might actually be expected behaviour (assuming the join still
> proceeded despite the error). There is a back-off if it discovers that
> there is a missing link, then it retries with the GET_TGT flag (which
> Tim implemented for 4.8) -- this used to cause serious problems with
> Windows joins.

ok, everything is fine after the join, so I assume it was the issue you 
outlined, as the other server is still a 4.7.7 (actually we haven't 
started 4.8 upgrades, waiting for Andrew's in place upgrade patch to 
make it in the next 4.8 minor release).

Doing a little more testing, ldapcmp is happy comparing between a 4.7.7 
and LMDB branch, and everything is fine. By the way, the test is done on 
small, but real world database copy with about two years of 
living/upgrading.

For the tooling, is there something like ldbsearch for querying lmdb 
files, or we just have to query using ldbsearch on sam.ldb file itself 
(which is working properly by the way)?

If all the testing goes well, I am thinking about upgrading one small 
primary school on LMDB to get live feedback. What would be the rollback 
procedure to go back to a 4.8 tdb database if needed? Since the database 
format is completly different, I guess it won't be as easy as the 4.8 to 
4.7 GUID index fixing. I was thinking about keeping a firewalled Samba 
4.8 replicating with Samba LMDB, and switching the two (or a backup of 
the 4.8 instance) if needed. Do you have better ideas?

Cheers,

Denis


>
> Cheers,
>
> Garming
>
> On 11/05/18 11:55, Denis Cardon wrote:
>> Good day Andrew, Sam and everyone,
>>
>> I am quite excited with the upcoming lmdb branch and I wanted to give
>> it a try tonight. I've used the branch you are working on with metze
>> over at gitlab [1]. I have build on a debian stretch 64bit. Here are a
>> few remarks/notes:
>>
>> * configure does not accept --with-lmdb flag (it although does build
>> properly with lmdb if dev lib are present)
>>
>> * provisioning a new domain with --backend-store=mdb works properly,
>> and basics testing goes fine (adding users, groups, joining computer,
>> authenticating, etc.)
>>
>> * however "samba-tool domain join" does not yet accept the
>> --backend-store parameter (samba-tool domain join: error: no such
>> option: --backend-store). Modifying by hand join.py to force the
>> backend does the trick:
>>
>> --- ./lib/python2.7/site-packages/samba/join.py    2018-05-11
>> 01:23:37.047187706 +0200
>> +++ ./lib/python2.7/site-packages/samba/join.py.new    2018-05-11
>> 01:23:27.031154394 +0200
>> @@ -849,7 +849,7 @@
>>                  machinepass=ctx.acct_pass, serverrole="active
>> directory domain controller",
>>                  sitename=ctx.site, lp=ctx.lp, ntdsguid=ctx.ntds_guid,
>>                  use_ntvfs=ctx.use_ntvfs, dns_backend=ctx.dns_backend,
>> -                plaintext_secrets=ctx.plaintext_secrets)
>> + plaintext_secrets=ctx.plaintext_secrets,backend_store="mdb")
>>          print("Provision OK for domain DN %s" % presult.domaindn)
>>          ctx.local_samdb = presult.samdb
>>          ctx.lp          = presult.lp
>>
>> Then the join works and the server behaves like expected (replication
>> with an existing domain, role transfer, user creation, authentication,
>> etc.)
>>
>> By the way I had an error message during the join when synchronizing
>> the configuration partition, even though I have not seen issue
>> afterward. Extract from join log:
>>
>> Partition[CN=Configuration,DC=ad,DC=tranquil,DC=it] objects[402/1633]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=ad,DC=tranquil,DC=it] objects[804/1633]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=ad,DC=tranquil,DC=it] objects[1206/1633]
>> linked_values[0/0]
>> Partition[CN=Configuration,DC=ad,DC=tranquil,DC=it] objects[1610/1633]
>> linked_values[0/10]
>> Partition[CN=Configuration,DC=ad,DC=tranquil,DC=it] objects[1633/1633]
>> linked_values[60/60]
>> Failed to commit objects: DOS code 0x000021bf
>>
>> I'll try to do some more test tomorrow and deploy on a small non
>> critical domain if everything is fine.
>>
>> Cheers,
>>
>> Denis
>>
>> [1]
>> https://gitlab.com/catalyst-samba/samba/-/archive/metze-master4-lmdb-full/samba-metze-master4-lmdb-full.tar.gz
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint SĂ©bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil.it

Samba install wiki for Frenchies : https://dev.tranquil.it
WAPT, software deployment made easy : https://wapt.fr



More information about the samba-technical mailing list