[Samba] accidentally upgraded DC to 4.17.3 ... didn't work

[Stefan G. Weichinger]

Am 23.11.22 um 16:57 schrieb Michael Tokarev:
> 23.11.2022 11:59, Stefan G. Weichinger via samba wrote:
> ..
>> Ad my "reinstall approach": I tend to be rather defensive on a 
>> productive DC like this one. So deleting samba-related files etc is 
>> something I avoid ... -> I would need a definitive howto for this, 
>> because I know too little about the details. I don't want to corrupt 
>> any AD-related information etc
>>
>> Maybe the change from the Louis-packages to the backports-packages 
>> and/or 4.16 -> 4.17 left some wrong packages behind or so.
> 
> A package manager (dpkg in this case) ensures all the installed binaries
> (and other files) are exactly the same whenever you install fresh or
> upgrade or even downgrade. Louis repository is based on Debian packages,
> it is not different from regular debian samba packages. Even if it did,
> it doesn't really matter.
> 
> What *does* matter is the content of /var/lib/samba/.  *This* is where
> all the issues happens, *especially* issues due to incompatibilities
> or past wrong settings or whatnot.
> 
> And this is the place which is not covered by the package manager,
> because it is local state data, it is not a package manager business
> to mess with these.
> 
> So it doesn't matter how you ended up with a given set of binaries, -
> it should be the same set, belonging to this version of the packages
> you installed, nothing else.  But it does matter which state data
> do you have.
> 
> It is the upgrade of the state data (mostly in /var/lib/samba/) which
> breaks stuff at upgrades (when it breaks).  And it is the reason why
> people demote a DC, remove a server from domain, and re-join it -
> to get fresh /var/lib/samba/* without prior (mis)configurations,
> failures during upgrades, or whatever else. It is the only thing
> which actually matters, - the local state.
> 
> You don't need to reinstall binary packages, - you'll end up with
> exactly the same files from exactly the same packages. But you
> can't have the same freshly created correct state data unless you
> remove the old, non-working, data and generate the right one.
> This can't be done without removing old data first.
> 
> That's basically it.
> 
>> I still have 2 servers to upgrade there, so I am open to suggestions 
>> (and thankful if they work ;-) ).
> 
> FWIW, I don't see anything between 4.16 and 4.17 which can break
> in this context. Re-joining is actually a simple and stright-forward
> procedure, so for a quick fix it is always available.
> 
> I can't say more at this time, unfortunately, - today was a very
> busy day for me too.

Thanks for the detailled reply, even after a busy day.

So you basically say, I should/could "rm -fr /var/lib/samba" while 
upgrading?

I currently try upgrading the second dc and I see the same issue with 
winbind. No, I haven't yet tried that rejoin step.