Deprecate SMBv1 options and NT4-like domains for Samba 4.13?
Alexander Bokovoy
ab at samba.org
Sat Aug 8 12:57:00 UTC 2020
On ke, 01 heinä 2020, Andrew Bartlett via samba-technical wrote:
> Samba 4.13 freezes soon, so I wanted to again propose adding things to
> the deprecated list.
>
> Yes, we add things to this list far faster then we remove the options,
> but the job for anyone wishing to remove features starts with this
> point, marking and announcing to our users that we are not going to
> keep every Samba option and feature forever.
>
> So I present to you this MR:
>
> https://gitlab.com/samba-team/samba/-/merge_requests/1398
>
> No code is removed of course, and of course we are not going to remove
> code that FreeIPA needs, but even in between all that I think this is
> worth doing.
>
> (pdb_ldap is not impacted, I've dropped those references compared to my
> earlier MR)
>
> Parameter Name Description Default
> -------------- ----------- ------
> domain logons Deprecated no
Removing this setting affects FreeIPA. The logic for 'security = <user|auto>'
triggers PDC definition only in case 'domain logons = yes'. FreeIPA
depends on NT4 domains mode functionality to provide its hybrid AD
forest setup.
I guess, looking at lp_find_server_role() and
lp_is_security_and_server_role_valid(), I'd need to define
server role = CLASSIC PRIMARY DOMAIN CONTROLLER
security = user
explicitly. Right now we have
security = user
domain master = yes
domain logons = yes
and no 'server role', so it defaults to AUTO and will require an update
of the configuration to set server role explicitly.
Given we are deprecating not removing it altogether, it is more of a
task to me rather than a blocker. I filed
https://pagure.io/freeipa/issue/8452 to update FreeIPA configuration.
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list