[Samba] Recommended Upgrade technique for 4.0.3 (was Re: Should I run dbcheck and sysvolreset when upgrading 4.0.0 to 4.0.3?)
abartlet at samba.org
Sat Feb 16 03:53:46 MST 2013
On Sat, 2013-02-16 at 12:55 +1100, Andrew Bartlett wrote:
> On Fri, 2013-02-15 at 12:52 +1100, Andrew Bartlett wrote:
> > On Thu, 2013-02-14 at 20:50 -0500, Thomas Simmons wrote:
> > > Thank you, Andrew. Just to be clear, you're saying I can upgrade to 4.0.3
> > > (but do nothing after make install)? If it will make things worse in any
> > > way, I can stay at 4.0.0. Thanks, Thomas.
> > It's fine to upgrade. That protects you against the security issue we
> > fixed in 4.0.1, and makes a significant number of other fixes.
> My current testing shows that:
> samba_upgradeprovision --full
> dbcheck --cross-ncs [--fix [--yes]]
> Will break some ACLs on DNS, and not fix one of the ACLs on the DC's own
> LDAP object. The --full is important, without that the result is
> actually worse (as far as I can tell).
> I would like to make some progress on this before I recommend it as the
> final solution.
> It is however pretty close, and better than what is in the database
> right now.
I retract any advise to run this tool. I hope to have patches soon, but
for the moment it treats any beta or release version as being *before*
alpha9. Essentially we have been caught out by a regex that never
expected Samba to move beyond endless alphas :-)
Please do not run samba_upgradeprovision under any circumstances, until
I have tested patches to fix this.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba