Univention Bugzilla – Bug 40698
UCS 3.3 Samba update
Last modified: 2016-06-07 21:35:39 CEST
Samba should be updated to 4.1.17 (Debian Jessie) in UCS 3.3.
The package has been imported and built with the patches taken from errata4.0-3 and errata3.2-8. The errata4.0-3 patches match the packaging structure of the 4.2.17 Debian package better than the ones for errata3.2-8, so there were fewer adjustments required. Also errata4.0-3 was the first UCS 4.x release where we have built Samba against the builtin Heimdal again (as we did in 3.2-x). The patches ported from errata3.2-8 (like the badPwdCount patches) have been adjusted and converted to apply to the Debian 3.0 quilt source package format. UCS 3.3 changelog adjusted. These are my notes for comparison: • errata3.2-8 97_0001-s4-dsdb-common-samdb_result_parameters-fix-bug-in-ld.patch: replaced upstream • errata3.2-8 97_0002-dsdb-Do-not-permit-nested-event-loops-when-in-a-tran.patch: replaced upstream • errata3.2-8 97_bug29983.patch: applied upstream • errata3.2-8 97_bug33197.patch: applied upstream • errata3.2-8 97_bug33616-samba-tool-dbcheck-handle-missing-objectclass.patch: applied upstream • errata3.2-8 97_bug33977.patch: replaced upstream • errata3.2-8 98_CVE-2013-4408-v4.1.part1.patch: applied upstream • errata3.2-8 98_fix_join_with_recycle_bin.patch: applied upstream • errata3.2-8 98_sambabug_10716.patch: applied upstream • errata3.2-8 98_s4-badPwdCount-02-part*.patch: adjusted • errata3.2-8 99_bug34886-netlogon-over-ldap-tcp-part01.patch contains 32ee231da590d7b8aee74728a423b282ae845bce cherrypicked as 161699fdb41f7ddbe8c846f58ce1c043e4b168a8 into samba-4.1.10 • errata3.2-8 99_bug34886-netlogon-over-ldap-tcp-part02.patch contains 372127416825a8a947cd976f8a4165611c006c43 cherrypicked as 2c82031bc12dff2852440737480bc73f0753c52d into samba-4.1.10 • errata3.2-8 99_CVE-2012-6150.patch: applied upstream • errata3.2-8 99_CVE-2014-0178.patch: applied upstream • errata3.2-8 99_CVE-2014-0244-CVE-2014-3493.patch: applied upstream • errata3.2-8 99_CVE-2014-3560.patch: applied upstream • errata3.2-8 99_CVE-2014-8143.patch: applied upstream • errata3.2-8 99_CVE-2015-0240-*.patch: applied upstream • errata3.2-8 99_CVE-2015-7560-part*.patch: applied upstream • errata3.2-8 99_sambabug11395.patch: applied upstream • errata3.2-8 99_sambabug11529.patch: applied upstream • errata3.2-8 99_sambabug11536.patch: applied upstream • errata3.2-8 99_sambabug11552.patch: applied upstream • errata3.2-8 99_sambabug11636-part1.patch: applied upstream • errata3.2-8 99_sambabug9187.patch: applied upstream • errata4.0-3 98_bug39025_fix_samba_4.2.3_broken_bkrp_do_retrieve_server_wrap_key.patch: N/A • errata4.0-3 99_bug39079.patch: N/A
-> apt-get install univention-samba Die folgenden Pakete haben unerfüllte Abhängigkeiten: univention-samba : Hängt ab von: winbind soll aber nicht installiert werden Hängt ab von: univention-samba-local-config soll aber nicht installiert werden Hängt ab von (vorher): samba (>= 3.0.20) soll aber nicht installiert werden -> apt-get install univention-samba winbind samba Die folgenden Pakete haben unerfüllte Abhängigkeiten: univention-samba : Kollidiert mit: samba-dsdb-modules aber 2:4.1.17+dfsg-2+deb8u1.871.201603161430 soll installiert werden E: Beschädigte Pakete
named no longer starts with UCS 3.3 Mar 18 05:41:27 master named[1687]: generating session key for dynamic DNS Mar 18 05:41:27 master named[1687]: sizing zone task pool based on 1 zones Mar 18 05:41:27 master named[1687]: Loading 'samba4.zone' using driver dlopen Mar 18 05:41:27 master named[1687]: dlz_dlopen failed to open library '/usr/lib/samba/bind9/dlz_bind9.so' - /usr/lib/samba/bind9/dlz_bind9.so: cannot open shared object file: No such file or directory Mar 18 05:41:27 master named[1687]: dlz_dlopen of 'samba4.zone' failed Mar 18 05:41:27 master named[1687]: SDLZ driver failed to load. Mar 18 05:41:27 master named[1687]: DLZ driver failed to load. Mar 18 05:41:27 master named[1687]: loading configuration: failure Mar 18 05:41:27 master named[1687]: exiting (due to fatal error)
The packages univention-samba and univention-bind needed adjustment.
We have decided to update to Samba 4.3.
The Samba installation fails: root@master331:~# apt-get install -s univention-samba4 samba Reading package lists... Done Building dependency tree Reading state information... Done Some packages could not be installed. This may mean that you have requested an impossible situation or if you are using the unstable distribution that some required packages have not yet been created or been moved out of Incoming. The following information may help to resolve the situation: The following packages have unmet dependencies: samba : Depends: lsb-base (>= 4.1+Debian) but 3.2-28.1~ucs3.3.52.201603070837 is to be installed E: Broken packages root@master331:~#
The following packages have been cherrypicked from errata4.0-5: * talloc * tevent * tdb * ldb * samba (plus patch for Bug #41049) In each case the package version increment has been artificially set during build-time to a value between errata3.2-8 and errata4.0-5. The packages univention-samba* and univention-s4-connector have been adjusted like in errata3.2-8 (i.e. selective backport from UCS 4.1-1). We could just have cherry-picked them (or not built them at all), but they had already been forked in UCS 3.3 before the Samba 4.3.7 update was shipped in errata3.2-8. So, nothing new here, apart from the changelog. Additionally univention-ldb-modules has been cherrypicked from errata3.2-8: Version: 4.0.3-1.84.201604081253: ucs_3.2-0-errata3.2-8 Version: 4.0.3-1.85.201604191605: ucs_3.3-0 Version: 3.0.3-1.67.201507201614: ucs_4.0-0-errata4.0-2 Version: 3.0.3-1.68.201508271310: ucs_4.0-0-errata4.0-3 Version: 3.0.3-1.70.201512161557: ucs_4.0-0-errata4.0-4 Version: 4.0.5-1.83.201604081249: ucs_4.0-0-errata4.0-5 Changelog adjusted.
After installing univention-s4-connector on 3.3 i get: UCS rejected S4 rejected 1: S4 DN: DC=_ldap._tcp.ForestDnsZones,DC=three.three,CN=MicrosoftDNS,CN=System,DC=three,DC=three UCS DN: <not found> 2: S4 DN: DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,DC=three.three,CN=MicrosoftDNS,CN=System,DC=three,DC=three UCS DN: <not found> 3: S4 DN: DC=_ldap._tcp.DomainDnsZones,DC=three.three,CN=MicrosoftDNS,CN=System,DC=three,DC=three UCS DN: <not found> 4: S4 DN: DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones,DC=three.three,CN=MicrosoftDNS,CN=System,DC=three,DC=three UCS DN: <not found> last synced USN: 3890 23.05.2016 16:57:53,587 LDAP (PROCESS): sync to ucs: Resync rejected dn: DC=_ldap._tcp.DomainDnsZones,DC=three.three,CN=MicrosoftDNS,CN=System,DC=three,DC=three 23.05.2016 16:57:53,592 LDAP (PROCESS): sync to ucs: [ dns] [ add] DC=_ldap._tcp.DomainDnsZones,dc=three.three,cn=dns,dc=three,dc=three 23.05.2016 16:57:53,603 LDAP (ERROR ): Unknown Exception during sync_to_ucs 23.05.2016 16:57:53,604 LDAP (ERROR ): Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/univention/s4connector/__init__.py", line 1400, in sync_to_ucs result = self.property[property_type].ucs_sync_function(self, property_type, object) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/dns.py", line 964, in con2ucs ucs_srv_record_create(s4connector, object) File "/usr/lib/pymodules/python2.6/univention/s4connector/s4/dns.py", line 667, in ucs_srv_record_create newRecord.create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 352, in create return self._create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/__init__.py", line 691, in _create self._ldap_pre_create() File "/usr/lib/pymodules/python2.6/univention/admin/handlers/dns/srv_record.py", line 148, in _ldap_pre_create self.dn='%s=%s,%s' % (mapping.mapName('name'), mapping.mapValue('name', self['name']), self.position.getDn()) File "/usr/lib/pymodules/python2.6/univention/admin/mapping.py", line 181, in mapValue res=self._map[map_name][1](value) File "/usr/lib/pymodules/python2.6/univention/admin/handlers/dns/srv_record.py", line 108, in mapName return '_{0}._{1}'.format( *old[ : 2 ] ) IndexError: tuple index out of range
I guess that's Bug 36101.
Fixed by backporting univention-s4-connector commit r55263 from UCS 4.0: * Use udm.handlers.src_record.unmapName (Bug #36101)
OK - s4connector OK - 3.3 new installation * Windows join * user sync * password change (UCS, Windows) * GPO's * printer * DRS * update to 4.1 TODO 3.2 + samba4 -> update 3.3
OK - 3.2 + samba4 -> update 3.3 * Windows join * user sync * password change (UCS, Windows) * GPO's * printer * DRS * update to 4.1 * ucs-tests samba4 OK - versioning 2:4.3.7-1.830.201604110947 0 500 https://updates.software-univention.de/4.1/maintained/ 4.1-2/amd64/ Packages 2:4.3.7-1.829.201604110946 0 500 https://updates.software-univention.de/4.0/maintained/component/ 4.0-5-errata/amd64/ Packages 500 https://updates.software-univention.de/3.2/maintained/component/ transition/amd64/ Packages 2:4.3.7-1.828.201605191457 0 500 http://updates-test.software-univention.de/3.3/maintained/ 3.3-0/amd64/ Packages 2:4.3.7-1.827.201604141315 0 500 https://updates.software-univention.de/3.2/maintained/component/ 3.2-8-errata/amd64/ Packages
UCS 3.3 has been released: https://docs.software-univention.de/release-notes-3.3-0-en.html https://docs.software-univention.de/release-notes-3.3-0-de.html If this error occurs again, please use "Clone This Bug".