[Samba] Fwd: Samba broken after 4.8 upgrade

Andrew Bartlett abartlet at samba.org
Fri Apr 13 08:04:08 UTC 2018 

On Thu, 2018-04-12 at 13:02 -0400, Andrew Dumaresq via samba wrote:
> Hello,
> 
> Today I tried to upgrade to samba 4.8.0, the upgrade seems to have failed,
> and I can't seem to fix it or back out.  The issue seems to be I've lost
> the some KRB tickets.  Here's and example of the errors i get:
> 
> samba-tool domain exportkeytab /tmp/test2
> samba_kdc_fetch: could not find own KRBTGT in DB: dsdb_search at
> ../source4/dsdb/common/util.c:4641
> ERROR(runtime): uncaught exception - }
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/__init__.py",
> line 176, in _run
>     return self.run(*args, **kwargs)
>   File "/usr/local/samba/lib/python2.7/site-packages/samba/netcmd/domain.py",
> line 143, in run
>     net.export_keytab(keytab=keytab, principal=principal)
> 
> this missing KRBTGT also means that my kdc is not listening on port 88
> netstat -tlpn |grep samba
> tcp        0      0 192.168.1.10:636        0.0.0.0:*               LISTEN
>     17772/samba: task[l
> tcp        0      0 192.168.1.10:49152      0.0.0.0:*               LISTEN
>     17767/samba: task[d
> tcp        0      0 192.168.1.10:49153      0.0.0.0:*               LISTEN
>     17767/samba: task[d
> tcp        0      0 192.168.1.10:49154      0.0.0.0:*               LISTEN
>     17767/samba: task[d
> tcp        0      0 192.168.1.10:3268       0.0.0.0:*               LISTEN
>     17772/samba: task[l
> tcp        0      0 192.168.1.10:3269       0.0.0.0:*               LISTEN
>     17772/samba: task[l
> tcp        0      0 192.168.1.10:389        0.0.0.0:*               LISTEN
>     17772/samba: task[l
> tcp        0      0 192.168.1.10:135        0.0.0.0:*               LISTEN
>     17767/samba: task[d
> 
> 
> 
> I suspect this has something to do with my domain being very old (I created
> it while samba 4 was still in beta).  I was upgrading from samba-4.7.5 so
> it wasn't a huge version jump.
> 
> I am also unable to downgrade, the source4/scripting/bin/sambaundoguididx
> script core dumps without producing any messages so I can't downgrade
> either (serves me right for not taking a backup first).

This is unfortunate.  My suggestion is that you use ldbdump and then
ldbadd to re-build the backend databases (the things in sam.ldb.d/ that
we generally say not to touch) and then try the script again.  You may
with to manually avoid adding the index controls (@INDEXLIST) and let
Samba re-add them once you get back to 4.7.

This is the bug for a fixed Samba 4.8 upgrade:

https://bugzilla.samba.org/show_bug.cgi?id=13335

Anyway, the data should still be in there, it just might be a little
harder to find.

I'm very sorry for this situation, and if you can report the backtrace
from the script as a bug it would be helpful in fixing that too.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list