[Samba] Replication fails after DC re-joined to domain

Andrew Bartlett abartlet at samba.org
Wed Feb 7 17:45:28 UTC 2018

On Wed, 2018-02-07 at 18:38 +0100, Denis Cardon via samba wrote:
> Hi Roy,
> > First some background:
> > ==================
> > I had a test environment which had two samba DCs (running v 4.8.0rc2) and 1
> > Windows Server 2008R2 DC.    The samba DCs had been upgraded from v 4.6x and the
> > secrets database was not encrypted (as far as I know).    I decided to downgrade
> > one of the samba DCs to v 4.7.4.
> > 
> > On re-starting samba after the downgrade the log shows:
> > 
> > ldb: unable to dlopen /usr/local/samba/lib/ldb/encrypted_secrets.so :
> > /usr/local/samba/lib/private/libdsdb-module-samba4.so: version `SAMBA_4.8.0RC2'
> > not found (required by /usr/local/samba/lib/ldb/encrypted_secrets.so)
> when you are doing your downgrade, did you clean up all the 
> /usr/local/samba directory or did you make && make install over the 
> existing installation?
> If it was a quick'n dirty make && make install over the existing 4.8 
> install, could you try to do a install on a clean directory and then 
> copy over etc/smb.conf, private/ and var/locks/?
> Cheers,
> Denis

This is exactly the issue.  The install has left an ldb plugin
(encrypted_secrets.so) around which blocks operation as it can't
operate with the older Samba version but isn't overwritten as it didn't
exist in the older version. 

However I also need to write up about the GUID index change, which also
prevents in-place downgrades.  It seems I forgot to mention that in the

(That requires running source4/scripting/bin/sambaundoguididx before
any downgrade in-place from 4.8 to 4.7 and below).


Andrew Bartlett
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list