Upgrade issue with 3.0.21b->3.0.22
simo
idra at samba.org
Wed Feb 8 14:05:02 GMT 2006
On Wed, 2006-02-08 at 08:06 +0100, Volker Lendecke wrote:
> On Tue, Feb 07, 2006 at 07:02:57PM -0500, simo wrote:
> > Can you draw what could happen in one case and the other ?
> > That will help thinking about the right solution imho.
>
> If we auto-map using the algorithm we can run into conflicts
> with vampired or otherwise created objects, like explicit
> group mappings done by the admin.
But in the case of vampired or group mapped ids we have a way to know
that. We could migrate these accounts.
> The 'algorithmic rid base'
> was created to prevent problems with this, but I've seen too
> many installations that get this wrong to have come to the
> conclusion that this does simply not work.
I found the algorithmic mapping concept a tempting evil :)
> If we auto-map using the RID allocator we break exisiting
> installations because they depend on the existing
> algorithmic fallback. Gids being used in the SamLogon token
> end up with different SIDs as they had been before.
Yes, this is a real problem. It is too confusing and unexpected for an
admin, it would make any admin crazy to find all it's SID mixed.
Moreover it will probably break acls stored on clients and perhaps
profiles.
I'd propose to introduce an option that defaults to something that
doesn't let samba start unless changed to the correct value and makes
smbd or any other binary prompt a prominent notice that explain where to
find info.
This way the admin is forced to take care of the problem and choose
itself the option.
We should provide migration scripts for the various cases that will help
fix the mappings in the database.
Simo.
--
Simo Sorce
Samba Team
email: idra at samba.org
http://samba.org/~idra
More information about the samba-technical
mailing list