Description of problem: Unable to run "samba-tool domain provision --use-rfc2307 --interactive" to provision new AD Domain due to version mismatch between LDB and Samba. Version-Release number of selected component (if applicable): samba-4.7.0-14.fc27 How reproducible: Consistently Steps to Reproduce: 1. Run "samba-tool domain provision --use-rfc2307 --interactive" 2. Provide "Realm", "Domain", "Server Role" and "Password" details 3. Unable to continue due to module version mismatch error. Actual results: ldb: module version mismatch in ../source4/dsdb/samdb/ldb_modules/acl.c : ldb_version=1.3.0 module_version=1.2.2 ldb: failed to initialise module /usr/lib64/samba/ldb/acl.so : Unavailable Setting up secrets.ldb WARNING: Module [samba_secrets] not found - do you need to set LDB_MODULES_PATH? Unable to load modules for /var/lib/samba/private/secrets.ldb: (null) ERROR(ldb): uncaught exception - None File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 176, in _run return self.run(*args, **kwargs) File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 474, in run nosync=ldap_backend_nosync, ldap_dryrun_mode=ldap_dryrun_mode) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 2140, in provision backend_credentials=provision_backend.credentials, lp=lp) File "/usr/lib64/python2.7/site-packages/samba/provision/__init__.py", line 966, in setup_secretsdb secrets_ldb = Ldb(path, session_info=session_info, lp=lp) File "/usr/lib64/python2.7/site-packages/samba/__init__.py", line 114, in __init__ self.connect(url, flags, options) Expected results: Domain provisioning to complete successfully. Additional info:
Wrong component. Can you reproduce it with samba-4.7.0-17.fc27? This is currently the latest version available in Bodhi and updates-testing: https://bodhi.fedoraproject.org/updates/FEDORA-2017-c8663d6898
Created attachment 1345365 [details] Samba_Update_to_v4.7.0-17
Yes error still occurs with update to v4.7.0-17.
Ok, the issue is that libldb was updated in Fedora 27 to 1.3.0 on October 21st but it still wasn't part of the Fedora 27 buildroot by October 27th: here is a root.log from samba build: https://kojipkgs.fedoraproject.org//packages/samba/4.7.0/17.fc27/data/logs/x86_64/root.log DEBUG util.py:439: libldb-devel x86_64 1.2.2-1.fc27 build 80 k DEBUG util.py:439: libtalloc-devel x86_64 2.1.10-4.fc27 build 59 k DEBUG util.py:439: libtdb-devel x86_64 1.3.15-1.fc27 build 22 k DEBUG util.py:439: libtevent-devel x86_64 0.9.33-3.fc27 build 54 k It still isn't a part of the buildroot. Lukas, could you please create a buildroot override so that we can rebuild samba? Ideally, it also needs to be pushed as a single update in bodhi to prevent such problems.
https://bodhi.fedoraproject.org/overrides/libldb-1.3.0-2.fc27 But it might take some time till override will be active koji wait-repo f27-build --build=libldb-1.3.0-2.fc27
Proposed as a Freeze Exception for 27-final by Fedora user abbra using the blocker tracking app because: Proposed as a freeze exception because otherwise it is impossible to use Samba AD DC in Fedora 27. Samba AD DC is new to Fedora and is one of publicised features of Fedora 27.
"Ok, the issue is that libldb was updated in Fedora 27 to 1.3.0 on October 21st" No it wasn't. An update was *submitted to testing* on October 21st. Packages in u-t are not and never have been part of the buildroot unless a buildroot override is submitted. The update has never been pushed to stable, nor has it ever been listed as being pushed to stable. It's been *submitted*, but of course has not been pushed, as we are frozen. If this issue only occurs if you have the libldb from u-t (i.e. 1.3.0-2.fc27) and samba from stable - but works fine if both libldb and samba are from stable - then I don't think this needs or deserves an FE, because what's in stable is fine and consistent. Similarly, if the case is as I understand it - 'libldb 1.3.0 breaks samba', basically - then the rebuilt samba *must* be added to the libldb update so that the two go stable together. I'd advise the update should be un-queued from batched/stable until that is done.
Adam, your last sentence is basically what I wrote in the comment 4. I added an explicit '%requires_eq libldb' in samba-dc subpackage as of 4.7.0-18. This forces samba-dc to have 'Requires: libldb = <majorversion>' requires for the version of libldb in the buildroot. As result, we'll see such breakage much earlier, when a new version of libldb would be submitted. Since I'm not a packager for libldb, I cannot submit a combined update, but I'll ask Andreas to do so.
I can edit the build into the update for you once it's done, if you like (I'm a provenpackager so I can do that kinda stuff :>)
Yes, the package is built already for quite some time. Unfortunately, the other two persons who were able to combine updates had public holiday today and weren't online. Please do the merge. ;)
libldb-1.3.0-2.fc27 samba-4.7.0-18.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06
libldb-1.3.0-2.fc27, samba-4.7.0-18.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06
Thanks guys, now running my Samba DC :)
Issues with SELinux / Bind9_DLZ see https://bugzilla.redhat.com/show_bug.cgi?id=1476187 Not seeing any audit messages unless I "sudo setenforce 0"
libldb-1.3.0-2.fc27 samba-4.7.1-0.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06
Discussed at 2017-11-01 to 2017-11-02 Fedora 27 Go/No-Go meeting, acting as a freeze exception review meeting: https://meetbot-raw.fedoraproject.org/fedora-meeting-1/2017-11-02/f27-final-and-server-beta-go-no-go-meeting.2017-11-02-17.00.html . To our best understanding, there is no real need for a freeze exception here, as the samba and libldb packages in stable (and thus in the F27 release candidate composes) - that is, samba-4.7.0-12.fc27 and libldb-1.2.2-1.fc27 - are consistent and compatible. There's no need to get the 1.3.0 / 4.7.1 update into the compose, it can be shipped fine as a post-release update. Thus this is rejected as a freeze exception issue.
libldb-1.3.0-2.fc27, samba-4.7.1-0.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-18d849bd06
libldb-1.3.0-2.fc27, samba-4.7.1-0.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.