Bug 48826 – DRS replication doesn't work directly after joining a Samba 4.10 Backup

Bug 48826 - DRS replication doesn't work directly after joining a Samba 4.10 Backup


Summary:	DRS replication doesn't work directly after joining a Samba 4.10 Backup

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.4
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 4.4
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:	48084 48085
Blocks:
	Show dependency tree / graph

Reported:	2019-02-28 19:51 CET by Arvid Requate
Modified:	2019-03-12 13:41 CET (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2019-02-28 19:51:29 CET

Looks like the DRS replication doesn't work directly after joining a Samba 4.10 Backup/Slave. showrepl shows no output (data) connections and a newly created user (via udm) doesn't get replicated via Samba/AD DRS.

After /etc/init.d/samba restart on the master, the replication starts to work. 

That's a bit like Bug #35560, but worse, because it already happes with just two DCs.


Maybe something like Bug #47441 reappeared? Unlikely.

Comment 1 Arvid Requate

2019-02-28 19:55:06 CET

Hmm, after I joined an additional slave and installed samba via "univention-app install samba4" it worked directly on that new slave. I'll check again.

Comment 2 Arvid Requate

2019-03-04 17:44:21 CET

Seems to be an effect of the new kcc replication topology.

Comment 3 Arvid Requate

2019-03-05 00:18:43 CET

The join.log output of a single DC Backup joining into a single DC Master shows the long delay until the initial DRS replication gets going:

Configure 98univention-samba4-dns.inst Wed Feb 27 02:29:35 CET 2019
2019-02-27 02:29:35.363449729+01:00 (in joinscript_init)
Setting dns/backend
File: /etc/systemd/system/bind9.service.d/10-configure-backend.conf
Restarting bind9 (via systemctl): bind9.service.
Wait for bind9:  done
Waiting for RID Pool replication: done.
Object created: uid=dns-backup41,cn=users,dc=ar440pt1,dc=qa
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
Modified 1 records successfully
Added 1 records successfully

Comment 4 Arvid Requate

2019-03-05 15:00:38 CET

04f56b1201 | Revert Activate new KCC for new installations, keep old on upgrades
ab3bb02879 | Revert Updated UCR variable description for samba4/kccsrv/samba_kcc
817848327e | debian/changelog
e3a367e3b3 | Remove reverted bug from UCS 4.4 changelog

Package: univention-samba4
Version: 8.0.0-15A~4.4.0.201903051348
Branch: ucs_4.4-0

Comment 5 Felix Botner

2019-03-05 17:41:31 CET

OK - wiki
OK - univention-samba4 default for kcc is False

testparm -s -v | grep kcc
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.

Server role: ROLE_ACTIVE_DIRECTORY_DC

	samba kcc command = /usr/sbin/samba_kcc
	server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	kccsrv:samba_kcc = False

Comment 6 Florian Best

2019-03-11 14:33:49 CET

There is no changelog entry in changelog-4.4-0.xml.

Comment 7 Arvid Requate

2019-03-12 00:30:30 CET

Interim Bug, reverting Bug #48085.

Comment 8 Florian Best

2019-03-12 13:41:07 CET

UCS 4.4 has been released:
 https://docs.software-univention.de/release-notes-4.4-0-en.html
 https://docs.software-univention.de/release-notes-4.4-0-de.html

If this error occurs again, please use "Clone This Bug".