Recommended Upgrade technique for 4.0.3 (was Re: [Samba] Should I run dbcheck and sysvolreset when upgrading 4.0.0 to 4.0.3?)

[Andrew Bartlett]

On Sat, 2013-02-16 at 12:55 +1100, Andrew Bartlett wrote:
> On Fri, 2013-02-15 at 12:52 +1100, Andrew Bartlett wrote:
> > On Thu, 2013-02-14 at 20:50 -0500, Thomas Simmons wrote:
> > > Thank you, Andrew. Just to be clear, you're saying I can upgrade to 4.0.3
> > > (but do nothing after make install)? If it will make things worse in any
> > > way, I can stay at 4.0.0. Thanks, Thomas.
> > 
> > It's fine to upgrade.  That protects you against the security issue we
> > fixed in 4.0.1, and makes a significant number of other fixes.
> 
> My current testing shows that:
> 
> samba_upgradeprovision --full
> dbcheck --cross-ncs [--fix [--yes]]
> 
> Will break some ACLs on DNS, and not fix one of the ACLs on the DC's own
> LDAP object.  The --full is important, without that the result is
> actually worse (as far as I can tell).
> 
> I would like to make some progress on this before I recommend it as the
> final solution.
> 
> It is however pretty close, and better than what is in the database
> right now.  

I retract any advise to run this tool.  I hope to have patches soon, but
for the moment it treats any beta or release version as being *before*
alpha9.  Essentially we have been caught out by a regex that never
expected Samba to move beyond endless alphas :-)

Please do not run samba_upgradeprovision under any circumstances, until
I have tested patches to fix this. 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org