[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Rowland Penny
rpenny at samba.org
Wed Sep 26 17:58:41 UTC 2018
On Wed, 26 Sep 2018 19:08:52 +0200
Denis Cardon via samba <samba at lists.samba.org> wrote:
> Hi Louis,
> >
> > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a
> > side note on this. The bug in question why im blocking it for
> > production, does not happen for domain members and AD-DC's but it's
> > still a risk in my opinion. Because for this bug, your obligated to
> > set the idmap ... : settings or run : net groupmap add
> > sid=S-1-5-32-546 unixgroup=nobody type=builtin
> >
> > For the member, you need to adjust the install order a bit to get
> > past it without problems.
> >
> > As temp workaround (for member installation) ADDC should go fine
> > once provisioned. For a stand-alone server use the same steps, but
> > leave out the idmap domain settings.
>
> I've done extensive stress testing on the DC (compiled version, not
> packaged one) and I confirm that it works very well.
>
> > - Steps
> > apt-get install samba
> >
> > - Then stop smbd and nmbd
> > systemctl stop smbd nmbd
> >
> > - Option 1: ( my personal choice, because this keeps thing in sight
> > )
> > - ( Domain Member settings and/or Stand-Alone installs )
> > - Configure smb.conf ( make sure you have configured the idmap
> > settings. ) # - You must set a DOMAIN backend configuration, see
> > below idmap config * : backend = tdb
> > idmap config * : range = 3000-7999
> >
> > - Domain Member only setting, choose one of these 2, read and
> > choose. https://wiki.samba.org/index.php/Idmap_config_ad
> > https://wiki.samba.org/index.php/Idmap_config_rid
>
> I have always been configuring a tdb backend for builtin users aside
> from the rfc2307 or rid backend for domain users (like in [1]). In
> which documentation is it missing this piece of information?
I will turn that on its head ;-)
If you read 'man idmap_tdb', you will find this:
[global]
# "backend = tdb" is redundant here since it is the default
idmap config * : backend = tdb
idmap config * : range = 1000000-2000000
Which means that you do not have to add the 'backend' line.
>
> Cheers,
>
> Denis
>
> [1]
> https://dev.tranquil.it/wiki/SAMBA_-_Installation_d%27un_nouveau_serveur_de_fichiers_Samba4#Configuration_smb.conf
Your wiki page needs updating, all supported Samba versions now use a
slightly different 'ad' setup and I wish I knew who thought it was good
idea to recommend putting the '*' domain above the 'DOMAIN' domain.
Rowland
More information about the samba
mailing list