[Samba] accidentally upgraded DC to 4.17.3 ... didn't work

Stefan G. Weichinger lists at xunil.at
Tue Nov 22 11:00:01 UTC 2022 

Am 22.11.22 um 11:34 schrieb Stefan G. Weichinger via samba:
> Am 22.11.22 um 10:59 schrieb Stefan G. Weichinger via samba:
>> Am 22.11.22 um 10:00 schrieb Andrew Bartlett:
>>> On Tue, 2022-11-22 at 09:53 +0100, Stefan G. Weichinger via samba
>>> wrote:
>>>> Am 22.11.22 um 09:43 schrieb Stefan G. Weichinger via samba:
>>>>
>>>>> but I don't have it OK yet:
>>>>
>>>> Update: seems OK now
>>>>
>>>> I wonder if to stay at 4.16.2 on ADC2 and 4.16.6 on ADC1 for now.
>>>>
>>>> Vacation starts on thursday ...
>>>
>>> It really comes down to how much you trust your users.  Remember that
>>> each of them is domain admin in Samba 4.16.2
>>
>> Hmm, yes, that sounds scary. Although the users there should be 
>> trustworthy.
>>
>> I check that DNS/resolved-issue again and retry the upgrade to 4.17.3 
>> soon.
> 
> On 4.17.3 now on one DC.
> 
> The DCs recently also became Kea-DHCP-servers, so they have interfaces 
> in various VLANs.
> 
> That seems to mess with winbind ...
> 
> # wbinfo -u
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> Error looking up domain users
> 
> I added this to smb.conf:
> 
> bind interfaces only = yes
> interfaces = lo enp0s31f6
> 
> .. to only let the DC run in the LAN.
> 
> Restarted samba-ad-dc.service, doesn't help.
> 
> systemd-resolved is disabled and stoppped
> 
> 
> 
> journal shows:
> 
> Nov 22 11:25:33 adc2 samba[303310]:   /usr/sbin/samba_dnsupdate: ; TSIG 
> error with server: tsig verify failure
> Nov 22 11:25:33 adc2 samba[303310]: [2022/11/22 11:25:33.849094,  0] 
> ../../lib/util/util_runcmd.c:355(samba_runcmd_io_handler)
> Nov 22 11:25:33 adc2 samba[303310]:   /usr/sbin/samba_dnsupdate: ; TSIG 
> error with server: tsig verify failure
> Nov 22 11:25:33 adc2 samba[303310]: [2022/11/22 11:25:33.920546,  0] 
> ../../source4/dsdb/dns/dns_update.c:85(dnsupdate_nameupdate_done)
> Nov 22 11:25:33 adc2 samba[303310]:   dnsupdate_nameupdate_done: Failed 
> DNS update with exit code 20
> 
> -
> 
> DRS replication seems to work, though
> 
> random tests:
> 
> # wbinfo -t
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the trust secret for domain (null) via RPC calls failed
> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
> Could not check secret
> 
> # wbinfo --ping-dc
> could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> 
> -
> 
> winbindd is running according to journal and "ps avx"

Additional observations on ADC2:

# tail log.samba
[2022/11/22 11:52:06.058000,  1] 
../../source4/dsdb/kcc/garbage_collect_tombstones.c:67(garbage_collect_tombstones_part)
   Doing a full scan on 
CN=Configuration,DC=arbeitsgruppe,DC=ikw-amstetten,DC=at and looking for 
deleted objects
[2022/11/22 11:53:57.118027,  1] 
../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth)
   dns_server_process_query_got_auth: Failed to add SOA record: 
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
[2022/11/22 11:53:57.959838,  1] 
../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth)
   dns_server_process_query_got_auth: Failed to add SOA record: 
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
[2022/11/22 11:54:24.196900,  1] 
../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth)
   dns_server_process_query_got_auth: Failed to add SOA record: 
WERR_DNS_ERROR_RCODE_FORMAT_ERROR
[2022/11/22 11:54:25.032117,  1] 
../../source4/dns_server/dns_query.c:1140(dns_server_process_query_got_auth)
   dns_server_process_query_got_auth: Failed to add SOA record: 
WERR_DNS_ERROR_RCODE_FORMAT_ERROR



# tail log.wb-ARBEITSGRUPPE
[2022/11/20 00:00:07.109539,  1] 
../../source3/winbindd/winbindd.c:364(winbindd_sig_hup_handler)
   Reloading services after SIGHUP
[2022/11/22 09:03:04.040791,  0] 
../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler)
   Got sig[15] terminate (is_parent=0)
[2022/11/22 11:22:52.368820,  0] 
../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler)
   Got sig[15] terminate (is_parent=0)
[2022/11/22 11:50:17.402770,  0] 
../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler)
   Got sig[15] terminate (is_parent=0)
[2022/11/22 11:58:34.500594,  0] 
../../source3/winbindd/winbindd_dual.c:1957(winbindd_sig_term_handler)
   Got sig[15] terminate (is_parent=0)

More information about the samba mailing list