Bug 48826 - DRS replication doesn't work directly after joining a Samba 4.10 Backup
DRS replication doesn't work directly after joining a Samba 4.10 Backup
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Samba4
UCS 4.4
Other Linux
: P5 enhancement (vote)
: UCS 4.4
Assigned To: Arvid Requate
Felix Botner
:
Depends on: 48084 48085
Blocks:
  Show dependency treegraph
 
Reported: 2019-02-28 19:51 CET by Arvid Requate
Modified: 2019-03-12 13:41 CET (History)
5 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2019-02-28 19:51:29 CET
Looks like the DRS replication doesn't work directly after joining a Samba 4.10 Backup/Slave. showrepl shows no output (data) connections and a newly created user (via udm) doesn't get replicated via Samba/AD DRS.

After /etc/init.d/samba restart on the master, the replication starts to work. 

That's a bit like Bug #35560, but worse, because it already happes with just two DCs.


Maybe something like Bug #47441 reappeared? Unlikely.
Comment 1 Arvid Requate univentionstaff 2019-02-28 19:55:06 CET
Hmm, after I joined an additional slave and installed samba via "univention-app install samba4" it worked directly on that new slave. I'll check again.
Comment 2 Arvid Requate univentionstaff 2019-03-04 17:44:21 CET
Seems to be an effect of the new kcc replication topology.
Comment 3 Arvid Requate univentionstaff 2019-03-05 00:18:43 CET
The join.log output of a single DC Backup joining into a single DC Master shows the long delay until the initial DRS replication gets going:

Configure 98univention-samba4-dns.inst Wed Feb 27 02:29:35 CET 2019
2019-02-27 02:29:35.363449729+01:00 (in joinscript_init)
Setting dns/backend
File: /etc/systemd/system/bind9.service.d/10-configure-backend.conf
Restarting bind9 (via systemctl): bind9.service.
Wait for bind9:  done
Waiting for RID Pool replication: done.
Object created: uid=dns-backup41,cn=users,dc=ar440pt1,dc=qa
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
looking for spn account "dns-backup41" in local samba
Modified 1 records successfully
Added 1 records successfully
Comment 4 Arvid Requate univentionstaff 2019-03-05 15:00:38 CET
04f56b1201 | Revert Activate new KCC for new installations, keep old on upgrades
ab3bb02879 | Revert Updated UCR variable description for samba4/kccsrv/samba_kcc
817848327e | debian/changelog
e3a367e3b3 | Remove reverted bug from UCS 4.4 changelog

Package: univention-samba4
Version: 8.0.0-15A~4.4.0.201903051348
Branch: ucs_4.4-0
Comment 5 Felix Botner univentionstaff 2019-03-05 17:41:31 CET
OK - wiki
OK - univention-samba4 default for kcc is False

testparm -s -v | grep kcc
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
'winbind separator = +' might cause problems with group membership.

Server role: ROLE_ACTIVE_DIRECTORY_DC

	samba kcc command = /usr/sbin/samba_kcc
	server services = s3fs, rpc, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
	kccsrv:samba_kcc = False
Comment 6 Florian Best univentionstaff 2019-03-11 14:33:49 CET
There is no changelog entry in changelog-4.4-0.xml.
Comment 7 Arvid Requate univentionstaff 2019-03-12 00:30:30 CET
Interim Bug, reverting Bug #48085.
Comment 8 Florian Best univentionstaff 2019-03-12 13:41:07 CET
UCS 4.4 has been released:
 https://docs.software-univention.de/release-notes-4.4-0-en.html
 https://docs.software-univention.de/release-notes-4.4-0-de.html

If this error occurs again, please use "Clone This Bug".