Bug 55595 – samba restart not always working (AD DC)

Bug 55595 - samba restart not always working (AD DC)


Summary:	samba restart not always working (AD DC)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Samba4
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-3-errata
Assigned To:	Felix Botner
QA Contact:	Arvid Requate

URL:
Keywords:

Depends on:	55486
Blocks:
	Show dependency tree / graph

Reported:	2023-01-25 10:26 CET by Arvid Requate
Modified:	2023-02-16 11:58 CET (History)
CC List:	5 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.229
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:	Yes
Flags outvoted (downgraded) after PO Review:
Ticket number:	2022111821000375, 2022112521000067, 2023011821000427
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2023-01-25 10:26:35 CET

The adjustment made for Bug #55486 is not enough as doesn't actually resolve the issue for Samba AD DCs, only for Samba memberservers. We need to adjust the `samba-ad-dc` part too.

And we should probably also do the same for samba-bgqd, which is also running stand-alone, like the samba-dcerpc.

Comment 1 Arvid Requate

2023-01-25 18:54:12 CET

Note: This has a similar effect as observed at Bug #47634:

"samba-tool drs showrepl" and "samba-tool drs kcc" fail with this message:

ERROR(runtime): DsReplicaGetInfo of type 0 failed - (3221356597, 'The operation cannot be performed.')

The "samba-tool drs" command send the rpc call to the samba rpc_server on 135
and from there it shall be routed to the process "samba: task[kcc] pre-fork master"
but that fails in this case with this message in log.samba on the respective target server:

[2023/01/23 21:58:04.480673,  0, pid=1380, effective(0, 0), real(0, 0)] ../../source4/rpc_server/common/forward.c:55(dcesrv_irpc_forward_callback)
  IRPC callback failed for DsReplicaGetInfo - NT_STATUS_OBJECT_NAME_NOT_FOUND

Unfortunately I was still unable to trigger this situation manually on a test system

Even though the man page of samba-dcerpcd claims that the daemon
will not be used in the AD DC configuration we still observed that
this error goes away if one runs this:

/etc/init.d/samba stop; pkill samba-dcerpcd; /etc/init.d/samba start

We should adjust the samba-ad-dc init script to also terminate the samba-dcerpcd.

Comment 2 Arvid Requate

2023-01-25 19:09:38 CET

I adjusted the patch in svn already:

r19737 - stop samba-dcerpcd also in samba-ad-dc init

Package has not been rebuilt yet to avoid collision with
UCS 5.0-3 release. If we can't make it before, then we need
to cherrypick the package to errata5.0-3 and revert
the patch in svn/patches/samba/5.0-0-0-ucs/2:4.16.8-1-errata5.0-2.

Comment 4 Felix Botner

2023-02-13 10:26:46 CET

Package: samba
Version: 2:4.16.8-1A~5.0.0.202302131011
Branch: ucs_5.0-0
Scope: errata5.0-3

16b546eb49ddec851f12780b016eceabcd28a97c - yaml

Comment 5 Arvid Requate

2023-02-14 22:39:49 CET

Verified:
* adjusted patch applied
* functional test
* advisory

Comment 6 Philipp Hahn

2023-02-16 11:58:02 CET

<https://errata.software-univention.de/#/?erratum=5.0x574>