[Samba] samba on ubuntu 22 lts breaks after unattended-upgrade

[Michael Tokarev]

06.04.2023 01:05, Jakob Curdes via samba wrote:
> Hello, this morning we had the unpleasant experience of two DCs breaking at the same time, no logins, no DNS resolution, any call to samba binaries 
> fails with an error message similar to :
> 
> libldbsamba.so.0 : ldb_msg_element_is_inaccessible
> (cannot copy&paste as I disabled network access to this server).

This is a packaging error.

As Andrew pointed out, ldb is packaged separately. This changed in a
later samba release for debian (4.16+, ubuntu usually follows debian
here), now it should not happen anymore.

Even before the merge of ldb source package in debian/ubuntu back into
samba source, like in this case, it is possible to get the deps right.
But someone needs to keep an eye on this, and to properly fix the deps
manually when necessary, again like in this case. The recent security
update of samba changed *both* libldb and its users, and this has been
apparent because ldb version is increased and new symbols appeared there
which needed to be updated in the debian packaging.  This means older
version of libldb can not be used. However, whomever did the update
for ubuntu, forgot to use stricter Depends: fields for samba-libldb
dependency.  Hence the error.

..
> I now disabled unattended-upgrades and the DC is up and running since 2 hours, which was never achieved since this morning.
> 
> Does this ring a bell with anybody? My current recovery plan is to setup a new "DC3" with U22 and join it to the domain, then demote the old "DC1".

You have to upgrade libldb2 before or together with upgrading
samba. If this doesn't work automatically for whatever reason
(I don't know why, I haven't looked at ubuntu samba update),
just upgrade it before you upgrade samba.

Hopefully next version of ubuntu will pick up current samba
packaging from debian and this problem will not occur anymore.

/mjt