[Samba] Need advice on upgrading from 4.3.11 to 4.8.3

Taner Tas taner76 at gmail.com
Mon Jul 16 08:03:22 UTC 2018 

> Hi all,
> 
> We have a Samba AD DC service running on Ubuntu 16.0.4 with Samba
> 4.3.11. We are planning to upgrade it to a recent version, probably
> 4.8.3.
> 
> I think that I have two options:
> 
> a) Package upgrade via 3rd party repositories (Louis Van Belle's repo)
> by following wiki.
> 
> b) A fresh install of 4.8.3 on another VM then join it to 4.3.11 as
> backup DC, then transfer all FSMO roles on new and finally demote
> older one.
> 
> Since this a production environment, I have to accomplish this task
> transparently. Is there anyone out there who did same task before?
> I'll appreciate any advice regarding this.
> 
> Thanks.


I would go with option 'b', but it sounds like you only have one DC, I
would also create a second DC. I would also ensure they were on
different hardware, whether they are in VM's or not.

Also, you should get out of calling DC's anything other than just a DC,
all DC's are equal except for the FSMO roles and they can be on any DC.

Rowland

I tried to join 4.8.2 (latest one at Louis Van Belle's repo) but I got this error:

-----------------
ldc4# samba-tool domain join testdomain.org.tr DC -U"TESTDOMAIN\administrator" --dns-backend=BIND9_DLZ
Finding a writeable DC for domain 'testdomain.org.tr'
Found DC ldc1.testdomain.org.tr
Password for [TESTDOMAIN\administrator]:
workgroup is TESTDOMAIN
realm is testdomain.org.tr
Adding CN=LDC4,OU=Domain Controllers,DC=testdomain,DC=org,DC=tr
Join failed - cleaning up
ERROR(ldb): uncaught exception - LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS -  <00002071: ../ldb_tdb/ldb_index.c:1216: Failed to re-index objectSid in CN=LDC4,OU=Domain Controllers,DC=testdomain,DC=org,DC=tr - ../ldb_tdb/ldb_index.c:1148: unique index violation on objectSid in CN=LDC4,OU=Domain Controllers,DC=testdomain,DC=org,DC=tr> <>
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 176, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 706, in run
    plaintext_secrets=plaintext_secrets)
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1482, in join_DC
    ctx.do_join()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1381, in do_join
    ctx.join_add_objects()
  File "/usr/lib/python2.7/dist-packages/samba/join.py", line 616, in join_add_objects

/etc/hosts:
10.220.1.19     ldc1.testdomain.org.tr      ldc1
10.220.1.20     ldc2.testdomain.org.tr      ldc2
10.220.1.22     ldc4.testdomain.org.tr      ldc4

/etc/hostname:
ldc4
-----------------

I tested with "LDC3" hostname first, then changed hostname to "LDC4" after seeing
a deleted DC record with "LDC3" name. 

# ldbsearch -H /var/lib/samba/private/sam.ldb --cross-ncs --show-deleted | grep LDC3

But changing hostname to "LDC4" didn't help either as can be seen above.
I have same issue with 4.7.6 (Ubuntu official).

I googled this "LDAP error 68 LDAP_ENTRY_ALREADY_EXISTS" error
during join operation. Some people had similar problem but without a solution.

---
Taner Tas

More information about the samba mailing list