View Issue Details

IDProjectCategoryView StatusLast Update
0016929CentOS-8ipa-serverpublic2020-05-07 15:32
Reporteropoplawski 
PriorityurgentSeveritycrashReproducibilityalways
Status acknowledgedResolutionopen 
Product Version8.1.1911 
Target VersionFixed in Version 
Summary0016929: ipa-server-trust-ad appears to built with the incorrect samba version
DescriptionWith:
samba-4.10.4-101.el8_1.x86_64
ipa-server-trust-ad-4.8.0-11.module_el8.1.0+253+3b90c921.x86_64

# pdbedit -s /dev/null -b ipasam -d5

errors with:

Attempting to find a passdb backend to match ipasam (ipasam)
No builtin backend found, trying to load plugin
load_module_absolute_path: Probing module '/usr/lib64/samba/pdb/ipasam.so'
Error loading module '/usr/lib64/samba/pdb/ipasam.so': /usr/lib64/samba/pdb/ipasam.so: undefined symbol: DEBUGLEVEL_CLASS

https://bugzilla.redhat.com/show_bug.cgi?id=1744926 seems to suggest that it was build with the wrong samba version
TagsNo tags attached.

Activities

opoplawski

opoplawski

2020-01-15 23:36

reporter   ~0036028

Indeed - https://koji.mbox.centos.org/pkgs/packages/ipa/4.8.0/11.module_el8.1.0+253+3b90c921/data/logs/x86_64/root.log shows that it was built with samba 4.9.1-8.el8
opoplawski

opoplawski

2020-01-15 23:48

reporter   ~0036029

I'll note that RHEL 8.1 appears to have a newer version of ipa in DL1: 4.8.0-13.module+el8.1.0+4923+c6efe041
elytscha

elytscha

2020-01-23 15:20

reporter   ~0036102

do you have found a workaround? btw. can i offer help here? what is needed to do to fix it?

compile the freeipa sources with the right samba version?
opoplawski

opoplawski

2020-01-23 15:33

reporter   ~0036103

My workaround was to install the RHEL8.1 packages :(. Re-compiling the ipa rpm with the proper deps would do it - though modules greatly complicates things here.
Sokel

Sokel

2020-01-23 19:14

reporter   ~0036108

The -13 still is compiled against the old samba 4.9.1 (why?). The workaround that works for me is to dnf downgrade samba back to 4.9.1. And then the samba service runs for ipa.service.
lejeczek

lejeczek

2020-02-17 08:28

reporter   ~0036296

My vote would go marking this as 'urgent'
If you integrate Samba with ipa-adtrust-install then "smb" service will fail to start.
regards, L.
zerocool

zerocool

2020-02-23 17:15

reporter   ~0036366

I have the same problem.
zerocool

zerocool

2020-02-23 17:17

reporter   ~0036367

Anothe solutions is copy ipasam.so file from RHEL 8.1 or OL 8.1
elytscha

elytscha

2020-02-24 16:38

reporter   ~0036369

i wouldn't recommend to use libs from other systems like this, there are reasons why they get compiled for each distro and their flavours

dnf install // downgrade samba-4.9.1 is the better way i think until this is resolved
alatteri

alatteri

2020-04-11 17:47

reporter   ~0036679

I'm rather surprised this has not been fixed yet. It has been 3 months since originally reported, and it leads to a fatal non-working component.
Sokel

Sokel

2020-04-11 20:31

reporter   ~0036681

This bug is marked as urgent, yet, nothing has been done for the packages since January 21, which was only debranding. https://koji.mbox.centos.org/koji/buildinfo?buildID=6403 The builds are still against samba 4.9.1 when they shouldn't be. It would be nice to know why the build environment hasn't been fixed and the packages rebuilt.
alatteri

alatteri

2020-04-28 21:03

reporter   ~0036802

I hope this gets fixed in CentOS 8.2 builds.
elytscha

elytscha

2020-05-05 10:59

reporter   ~0036871

just to note that samba-4.9.1 seems to got removed from the mirrors ...

so the workaround

# dnf downgrade samba-4.9.1
Failed to set locale, defaulting to C.UTF-8
Last metadata expiration check: 0:00:26 ago on Tue May 5 10:54:57 2020.
No package samba-4.9.1 available.
Error: No packages marked for downgrade.

isn't working anymore, this means this bug is hyper critical due to this its not possible to setup new repliacs on centos 8.1 if the cluster is in an adtrust
zerocool

zerocool

2020-05-06 07:38

reporter   ~0036875

The only workaround which works but not recommended is to put ipasam.so from red hat 8.1 or OL8.1 package to directory. After that my freeipa instance with trust work fine for me. I have two freeipa servers with trust agent and two AD replicas. seem to woks for me. I am using this method 2 month already.
elytscha

elytscha

2020-05-06 11:02

reporter   ~0036876

This is how i fixxed it, thanks to fcami@redhat.com

he pointed out this link: http://mirror.ircam.fr/pub/CentOS/8-stream/BaseOS/x86_64/os/Packages/

so i was able to get all packages i needed from there and install it via:

i checked the installed packages which ipa installs by default (rpm -qa | grep 4.10.4) this listed me all packages related to samba, all those packages i downloaded from the mirror above, baked into ansible and roll them out like:


- name: Copy samba 4.9.1 rpms to server
  copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
  with_items:
     - { src: "libwbclient-4.9.1.rpm", dest: "/tmp/libwbclient-4.9.1.rpm" }
     - { src: "samba-4.9.1.rpm", dest: "/tmp/samba-4.9.1.rpm" }
     - { src: "samba-client-libs-4.9.1.rpm", dest: "/tmp/samba-client-libs-4.9.1.rpm" }
     - { src: "samba-libs-4.9.1.rpm", dest: "/tmp/samba-libs-4.9.1.rpm" }
     - { src: "samba-common-libs-4.9.1.rpm", dest: "/tmp/samba-common-libs-4.9.1.rpm" }
     - { src: "samba-common-4.9.1.rpm", dest: "/tmp/samba-common-4.9.1.rpm" }
     - { src: "samba-common-tools-4.9.1.rpm", dest: "/tmp/samba-common-tools-4.9.1.rpm" }
     - { src: "samba-winbind-modules-4.9.1.rpm", dest: "/tmp/samba-winbind-modules-4.9.1.rpm" }
     - { src: "python3-samba-4.9.1.rpm", dest: "/tmp/python3-samba-4.9.1.rpm" }
     - { src: "samba-winbind-4.9.1.rpm", dest: "/tmp/samba-winbind-4.9.1.rpm" }
     - { src: "libsmbclient-4.9.1.rpm", dest: "/tmp/libsmbclient-4.9.1.rpm" }

- name: Install samba 4.9.1
  shell: rpm --force -U /tmp/*.rpm

now i have the samba version installed on centos 8.1 i need to run successfully an ipa in and adtrust setup
carlwgeorge

carlwgeorge

2020-05-07 15:32

developer   ~0036891

We are working on resolving this as part of the 8.2 rebuild effort. Emailing the team members directly is not necessary.

Issue History

Date Modified Username Field Change
2020-01-15 23:30 opoplawski New Issue
2020-01-15 23:36 opoplawski Note Added: 0036028
2020-01-15 23:48 opoplawski Note Added: 0036029
2020-01-16 07:18 toracat Status new => acknowledged
2020-01-23 15:20 elytscha Note Added: 0036102
2020-01-23 15:33 opoplawski Note Added: 0036103
2020-01-23 19:14 Sokel Note Added: 0036108
2020-02-17 08:28 lejeczek Note Added: 0036296
2020-02-23 17:15 zerocool Note Added: 0036366
2020-02-23 17:17 zerocool Note Added: 0036367
2020-02-24 16:38 elytscha Note Added: 0036369
2020-04-11 17:47 alatteri Note Added: 0036679
2020-04-11 20:31 Sokel Note Added: 0036681
2020-04-18 09:03 arrfab Note Added: 0036707
2020-04-28 21:03 alatteri Note Added: 0036802
2020-05-05 10:59 elytscha Note Added: 0036871
2020-05-06 07:38 zerocool Note Added: 0036875
2020-05-06 11:02 elytscha Note Added: 0036876
2020-05-07 15:32 carlwgeorge Note Added: 0036891