Univention Bugzilla – Bug 44227
s4-with-slave environment: schema_load_init: dsdb_get_schema failed
Last modified: 2023-06-12 15:39:32 CEST
The UCS@school Singleserver S4 environment with additional S4 slave showed ~20 failing test scripts with similar traceback (see below). Maybe related/same issue as Bug 40457? ---[cut]--- 00_checks.05_check_join_status.test [2017-04-03 04:36:27.501799] Warning: 'univention-samba4slavepdc-dns' is not configured. [2017-04-03 04:36:27.501851] Error: Not all install files configured: 1 missing ---[cut]--- http://jenkins.knut.univention.de:8080/job/UCSschool%204.2/job/UCSschool%204.2%20Singleserver/ImportTests=NoImportTests,SambaVersion=s4-with-slave/22/artifact/autotest-201-ucsschool-singleserver-s4-with-slave.log Running 98univention-samba4slavepdc-dns.inst[60Gfailed (exitcode: 1) Object exists: cn=services,cn=univention,dc=autotest201,dc=local Object exists: cn=UCS@school Education,cn=services,cn=univention,dc=autotest201,dc=local Object modified: cn=slave202,cn=dc,cn=server,cn=computers,ou=School1,dc=autotest201,dc=local ************************************************************************** Warning: 'univention-samba4slavepdc-dns' is not configured. Error: Not all install files configured: 1 missing ************************************************************************** *** Failed 1: /root/ucs-school-join-secondary-samba4 --dcaccount Administrator --dcpwd /tmp/univention --rootpassword /tmp/univention 10.210.70.67 ---[cut]--- Configure 98univention-samba4-dns.inst Mon Apr 3 04:26:55 EDT 2017 2017-04-03 04:26:55.599898853-04:00 (in joinscript_init) Waiting for RID Pool replication: done. Note: samba-tool user add is deprecated. Please use samba-tool user create for the same function. User 'dns-slave202' created successfully Expiry for user 'dns-slave202' disabled. Modified 1 records successfully Added 1 records successfully Setting dns/backend Restarting bind9 (via systemctl): bind9.service. Wait for bind9: done Not updating samba4/sysvol/sync/cron Adding CNAME record "ab555e64-e030-43c8-9c7e-d00544153276._msdcs slave202.autotest201.local." to zone autotest201.local... done Adding TXT record "_kerberos AUTOTEST201.LOCAL" to zone autotest201.local... done cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error cannot reset server in localhost-only mode syntax error Failed update of 25 entries 2017-04-03 04:27:26.844475095-04:00 (in joinscript_save_current_version) ---[cut]--- Several test scripts failed because of this traceback: (2017-04-03 05:18:40.622659) Traceback (most recent call last): (2017-04-03 05:18:40.622704) File "94_samba4_check_shares_access", line 105, in <module> (2017-04-03 05:18:40.622799) exit(TestDCLocatorShares.main()) (2017-04-03 05:18:40.622857) File "94_samba4_check_shares_access", line 89, in main (2017-04-03 05:18:40.622945) student_name, student_dn, student_password = self.create_student() (2017-04-03 05:18:40.622999) File "94_samba4_check_shares_access", line 71, in create_student (2017-04-03 05:18:40.623086) wait_for_drs_replication("(sAMAccountName=%s)" % escape_filter_chars(student_name), attrs="objectSid") (2017-04-03 05:18:40.623144) File "/usr/lib/pymodules/python2.7/univention/testing/ucs_samba.py", line 32, in wait_for_drs_replication (2017-04-03 05:18:40.623231) samdb = SamDB("tdb://%s" % lp.private_path("sam.ldb"), session_info=system_session(lp), lp=lp) (2017-04-03 05:18:40.623293) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 57, in __init__ (2017-04-03 05:18:40.623378) options=options) (2017-04-03 05:18:40.623432) File "/usr/lib/python2.7/dist-packages/samba/__init__.py", line 115, in __init__ (2017-04-03 05:18:40.623521) self.connect(url, flags, options) (2017-04-03 05:18:40.623575) File "/usr/lib/python2.7/dist-packages/samba/samdb.py", line 72, in connect (2017-04-03 05:18:40.623657) options=options) (2017-04-03 05:18:40.623843) _ldb.LdbError: (1, 'schema_load_init: dsdb_get_schema failed')
Using ucs-school-join-secondary-samba4 against a ucs-school-singleserver fails already in UCS 4.1-4-e408, see also http://jenkins.knut.univention.de:8080/job/UCSschool%204.1/job/UCSschool%204.1%20(R2)%20Singleserver/ImportTests=NoImportTests,SambaVersion=s4-with-slave/lastSuccessfulBuild/artifact/autotest-201-ucsschool-singleserver-s4-with-slave.log The jenkins log shows that the secondary slave doesn't obtain the official sambaSID from OpenLDAP but uses a samba-specific one instead: ============================================================================= Configure 98univention-samba4-dns.inst done ************************************************************************** * INFO: In case 98univention-samba4slavepdc-dns.inst failed, this is ok * for rejoins and will be retried in a couple of seconds below. ************************************************************************** Restarting samba-ad-dc (via systemctl): samba-ad-dc.service. Checking my SID 'S-1-5-21-2813166106-4013422480-1458797850-5018' in the remote Samba4: ERROR: SID 'S-1-5-21-2813166106-4013422480-1458797850-5018' not found associated with slave202 in Samba4 on 10.210.70.67 Found instead: S-1-5-21-2813166106-4013422480-1458797850-1126 ============================================================================= This objectSid is also found in the Samba/AD of the singlemaster. In the current state that script doesn't seem to be fit for the job, at least in this situation. I cannot find the output of the corresponding other Jenkins setup: autotest-204-ucsschool-multiserver-s4-school-only-with-slave.cfg , is it run?
This issue has been filled against UCS@school 4.1 (R2). The maintenance with bug and security fixes for UCS@school 4.1 (R2) has ended on 5th of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3 (or later). Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.