[Samba] 4.5.1 Upgrade Breaks Samba [Was: Schema Change Breaks Replication]

Adam Tauno Williams awilliam at whitemice.org
Sun Nov 20 20:55:08 UTC 2016


On Sat, 2016-11-19 at 09:57 +1300, Andrew Bartlett wrote:
> On Fri, 2016-11-18 at 09:41 -0500, Adam Tauno Williams wrote:
> > On Fri, 2016-11-18 at 21:32 +1300, Andrew Bartlett wrote:
> > > I believe a schema change on a Windows DC (2008rc) has
> > > > > > broken
> > > > sernet-samba-4.2.14-23.el6.x86_64 - the same package on all
> > > > three
> > > > LINUX DC.  All DCs are virtualized CentOS6.
> > > This is likely the major issue.  Running a current Samba version 
> > > would be a very good idea, for things like this.
> > Yep... I have just purchased a SAMBA+ subscription so I will have
> > the
> > 4.5 packages.  Should I begin by updating the software on the DCs?
> Yes.

An upgrade of one of the S4 DCs to Samba 4.5.1 appears to result in a
non-operational server.  Winbind is not working with a log message of -

[root at larkin26 samba]# tail log.winbindd 
[2016/11/20 15:38:58.229223,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'winbindd' finished starting up and ready to serve
connections
[2016/11/20 15:38:58.252934,  1]
../source3/winbindd/winbindd_util.c:352(trustdom_list_done)
  trustdom_list_done: Could not receive trusts for domain BACKBONE
[2016/11/20 15:40:33.495158,  0]
../source3/winbindd/winbindd_cache.c:3244(initialize_winbindd_cache)
  initialize_winbindd_cache: clearing cache and re-creating with
version number 2
[2016/11/20 15:40:36.106151,  0]
../lib/util/become_daemon.c:124(daemon_ready)
  STATUS=daemon 'winbindd' finished starting up and ready to serve
connections
[2016/11/20 15:40:36.129472,  1]
../source3/winbindd/winbindd_util.c:352(trustdom_list_done)
  trustdom_list_done: Could not receive trusts for domain BACKBONE


"samba-tool drs showrepl" fails -

[root at larkin26 ~]# samba-tool drs showrepl
Failed to connect host 172.31.7.50 on port 135 -
NT_STATUS_CONNECTION_REFUSED
Failed to connect host 172.31.7.50 (larkin26.micore.us) on port 135 -
NT_STATUS_CONNECTION_REFUSED.
ERROR(<class 'samba.drs_utils.drsException'>): DRS connection to
larkin26.micore.us failed - drsException: DRS connection to
larkin26.micore.us failed: (-1073741258, 'The connection was refused')
  File "/usr/lib64/python2.6/site-packages/samba/netcmd/drs.py", line
41, in drsuapi_connect
    (ctx.drsuapi, ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drsuapi_connect(ctx.server, ctx.lp, ctx.creds)
  File "/usr/lib64/python2.6/site-packages/samba/drs_utils.py", line
54, in drsuapi_connect
    raise drsException("DRS connection to %s failed: %s" % (server, e))

And it looks like nobody is listening on port 135 -

[root at larkin26 ~]# netstat --listen --inet --program --numeric
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address        
     State       PID/Program name   
tcp        0      0 127.0.0.1:199               0.0.0.0:*              
     LISTEN      1577/snmpd          
tcp        0      0 0.0.0.0:22                  0.0.0.0:*              
     LISTEN      1607/sshd           
tcp        0      0 127.0.0.1:25                0.0.0.0:*              
     LISTEN      1697/master         
udp        0      0 0.0.0.0:34659               0.0.0.0:*              
                 1271/rsyslogd       
udp        0      0 0.0.0.0:631                 0.0.0.0:*              
                 1261/portreserve    
udp        0      0 172.31.7.50:123             0.0.0.0:*              
                 1618/ntpd           
udp        0      0 127.0.0.1:123               0.0.0.0:*              
                 1618/ntpd           
udp        0      0 0.0.0.0:123                 0.0.0.0:*              
                 1618/ntpd           
udp        0      0 0.0.0.0:161                 0.0.0.0:*              
                 1577/snmpd          

-- 
Adam Tauno Williams <mailto:awilliam at whitemice.org> GPG D95ED383
Systems Administrator, Python Developer, LPI / NCLA





More information about the samba mailing list