[Samba] Proper way to upgrade from rc1?

Andrew Bartlett abartlet at samba.org
Thu Dec 13 23:00:15 MST 2012

On Thu, 2012-12-13 at 23:03 +0100, Szymon Życiński wrote:
>  > Running the dbcheck command suggested in the release notes might also be
>  > a good idea, but we haven't intentionally made changes that would hit.
> No errors found so it was not neccessery.
>  > A late change turned on read ACL enforcement, but your directory won't
>  > have the correct ACLs set, so you can set 'acl:search=false' to return
>  > to rc5 behaviour here, until we provide an upgrade script.  (This seems
>  > to hit joining windows DCs to the domain in particular).
> I added it to globals in smb.conf but could you explain why is it 
> required and what it does?

With that option ('acl:search=false'), we have the same behaviour that
we have before rc6, that is that all users can read all non-password
attributes.  The only other change is that attributes explicitly marked
as 'confidential' are also protected from reading by normal users (this,
also in rc6, is always done now). 

The new default is to apply the ntSecurityDescriptor to all reads (as
well as writes, which we have done for some time).  This may well have
some unexpected consequences, particularly if the directory is an
upgrade, not a fresh provision.  

> I upgraded through ssh remotely from home, after talking on phnoe with 
> one user at work it seems to work (login and GPO computer config). 
> Toomorow will know if roaming profiles and logon scripts works ok.
> Hope that DNS will work now without problem (dynamic updates) and will 
> not have to restart samba every night becouse internal DNS gets stuck 
> after few days of heavy load.

Do let us know if you have any remaining issues.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba mailing list