Bug 47638 – samba-ad-dc restart during server password change breaks DRS replication (4.3)

Bug 47638 - samba-ad-dc restart during server password change breaks DRS replication (4.3)


Summary:	samba-ad-dc restart during server password change breaks DRS replication (4.3)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 4.3
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.3-1-errata
Assigned To:	Arvid Requate
QA Contact:	Felix Botner

URL:	https://bepasty.knut.univention.de/hi...
Keywords:

Depends on:	47634
Blocks:	47643
	Show dependency tree / graph

Reported:	2018-08-23 12:17 CEST by Arvid Requate
Modified:	2018-08-23 18:11 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	4: Will affect most installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.571
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2018080121000518
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2018-08-23 12:17:21 CEST

samba-ad-dc restart during server password change breaks DRS replication. We need to do a /etc/init.d/samba restart instead.

Seen also in production with UCS 4.3 (Samba 4.7.8), even though we were not able to reproduce it yet.



+++ This bug was initially created as a clone of Bug #47637 +++

+++ This bug was initially created as a clone of Bug #47634 +++

Restarting only samba-ad-dc breaks drs replication in Samba 4.6.15 (UCS 4.2)

For example after

  /etc/init.d/samba-ad-dc restart


the command "samba-tool drs showrepl" fails:

ERROR(runtime): DsReplicaGetInfo of type 0 failed - (-1073610699, 'The operation cannot be performed.')

The same happens for restarts with "systemctl" and "service".


After a "/etc/init.d/samba restart" it works again.

Comment 1 Arvid Requate

2018-08-23 12:58:11 CEST

bd1a262d33 | after a server password change restart all of samba,
             not just the AD/DC component
273dbf5cf9 | Advisory

Comment 2 Felix Botner

2018-08-23 14:31:28 CEST

seems that invoke-rc.d samba restart does nothing, use /etc/init.d/samba restart instead

Comment 3 Arvid Requate

2018-08-23 15:30:39 CEST

c2af2fc201 | run /etc/init.d/samba instead of "service samba"
             and "invoke-rc.d samba"
03d26c4db6 | Advisory

Comment 4 Felix Botner

2018-08-23 16:28:53 CEST

OK

Comment 5 Arvid Requate

2018-08-23 16:49:55 CEST

<http://errata.software-univention.de/ucs/4.3/218.html>

Comment 6 Arvid Requate

2018-08-23 18:11:28 CEST

Whao, spectacluar fail of assignee, QA and release manager, I killed the existing advisory text for Bug 47388 and Bug 47576:

=====================================================================
commit 273dbf5cf9
Author: Arvid Requate <requate@univention.de>
Date:   Thu Aug 23 12:36:44 2018 +0200

    Bug #47638: Advisory

diff --git a/doc/errata/staging/univention-samba4.yaml b/doc/errata/staging/univention-samba4.yaml
index 9203875e8e..ddd8dfbe3d 100644
--- a/doc/errata/staging/univention-samba4.yaml
+++ b/doc/errata/staging/univention-samba4.yaml
@@ -3,17 +3,9 @@ release: "4.3"
 version: [1]
 scope: ucs_4.3-0-errata4.3-1
 src: univention-samba4
-fix: 7.0.2-22A~4.3.0.201808221631
+fix: 7.0.2-23A~4.3.0.201808231235
 desc: |
- This update addresses the following issue(s):
- * Improved error message for school slave join.
- * Two new UCR variables have been added to give more granular control
-   over the behaviour of the sysvol synchronization.
-   "samba4/sysvol/sync/from_upstream/delete" to control whether a downstream
-   DC should delete local changes during the synchronization from
-   the upstream DC (only usefull in ucsschool with
-   unidirctional synchronization from upstream DC)
-   "samba4/sysvol/sync/fix_gpt_ini" to control whether old, redundant gpt.ini
-   files should be deleted after the synchronisation to the local
-   sysvol directory.
-bug: [47388,47576]
+ This update addresses the following issue:
+  * after a server password change restart all of samba,
+    not just the AD/DC component
+bug: [47638]
=====================================================================