[Samba] security = ads, backend = ad parameter not working in samba 4.10.10

Sérgio Basto sergio at serjux.com
Thu Dec 5 22:17:38 UTC 2019 

On Thu, 2019-12-05 at 19:56 +0000, Rowland penny via samba wrote:
> On 05/12/2019 19:48, Sérgio Basto wrote:
> > I made the packages [1] (BTW I'm a fedora packager maintainer ).
> > 
> > [1] https://github.com/sergiomb2/sambaad
> You have used heimdal and not MIT, haven't you ?
> > > > I just migrate the users and his password nothing more  ... I
> > > > had
> > > > to
> > > > remove a lot of fields,  OU(s) etc for example: [1] .
> > > Just which user attributes did you migrate ?
> > > 
> > > The users objectSid would have contained the SID of the old
> > > Domain,
> > > for
> > > instance.
> > Not objectSid, here is the complete list of attributes [2]
> > extracted
> > from the final file that was imported  .
> > 
> > [2]
> > accountExpires:
> > badPasswordTime:
> > badPwdCount:
> > cn:
> > description:
> > displayName:
> > distinguishedName:
> > dn:
> > givenName:
> > initials:
> > lastLogoff:
> > lastLogon:
> > lastLogonTimestamp:
> > logonCount:
> > logonHours:
> > msDS-SupportedEncryptionTypes:
> > mSMQDigests:
> > mSMQSignCertificates:
> > name:
> > objectCategory:
> > objectClass:
> > sAMAccountName:
> > servicePrincipalName:
> > sn:
> > streetAddress:
> > unicodePwd:
> > userAccountControl:
> > userParameters:
> > userPrincipalName:
> > 
> > > > And is working very well, I'm very happy, yesterday I upgrade
> > > > all
> > > > DC(s)
> > > > to samba 4.10.10 and it was very smooth .
> > > This sure surprises me, people have upgrading correctly and have
> > > had
> > > problems.
> > No one complained, until now :)
> OK, you might have got away with it this time, but please don't try
> it 
> again ;-)

I'm not crazy :) ,  I did a backup using backup script and prepare some
rpms to revert to exactly the same state if something goes wrong . 

After update to 4.8.12-2 packages [1], I removed krb5 server packages,
as you asked [2], as nothing changed I updated to [3], if something
goes wrong I could back to [1] with yum [4] 


[1]
Updated: 1:samba-common-4.8.12-2.el7.noarch
Updated: 1:libwbclient-4.8.12-2.el7.x86_64
Updated: 1:libsmbclient-4.8.12-2.el7.x86_64
Updated: 1:samba-common-tools-4.8.12-2.el7.x86_64
Updated: 1:samba-common-libs-4.8.12-2.el7.x86_64
Updated: 1:samba-client-libs-4.8.12-2.el7.x86_64
Updated: 1:samba-winbind-4.8.12-2.el7.x86_64
Updated: 1:samba-winbind-modules-4.8.12-2.el7.x86_64
Updated: 1:samba-python-4.8.12-2.el7.x86_64
Updated: 1:samba-4.8.12-2.el7.x86_64
Updated: 1:samba-libs-4.8.12-2.el7.x86_64
Updated: 1:samba-client-4.8.12-2.el7.x86_64
Updated: 1:samba-python-dc-4.8.12-2.el7.x86_64
Updated: 1:samba-dc-libs-4.8.12-2.el7.x86_64
Updated: 1:samba-dc-4.8.12-2.el7.x86_64
Updated: 1:samba-test-libs-4.8.12-2.el7.x86_64
Updated: 1:ctdb-4.8.12-2.el7.x86_64
Updated: 1:ctdb-tests-4.8.12-2.el7.x86_64
Updated: 1:samba-test-4.8.12-2.el7.x86_64
Updated: 1:samba-dc-bind-dlz-4.8.12-2.el7.x86_64
Updated: 1:samba-krb5-printing-4.8.12-2.el7.x86_64
Updated: 1:samba-winbind-clients-4.8.12-2.el7.x86_64
Updated: 1:samba-python-test-4.8.12-2.el7.x86_64
Updated: 1:samba-winbind-krb5-locator-4.8.12-2.el7.x86_64
Updated: 1:samba-pidl-4.8.12-2.el7.noarch

[2]
Erased: sssd-1.16.4-21.el7_7.1.x86_64
Erased: fedpkg-1.37-7.el7.noarch
Erased: fedora-packager-0.6.0.1-1.el7.noarch
Erased: sssd-ad-1.16.4-21.el7_7.1.x86_64
Erased: sssd-ipa-1.16.4-21.el7_7.1.x86_64
Erased: sssd-krb5-1.16.4-21.el7_7.1.x86_64
Erased: sssd-ldap-1.16.4-21.el7_7.1.x86_64
Erased: sssd-krb5-common-1.16.4-21.el7_7.1.x86_64
Erased: krb5-workstation-1.15.1-37.el7_7.2.x86_64
Erased: krb5-server-1.15.1-37.el7_7.2.x86_64

[3]
Updated: 3:samba-common-4.10.10-3.el7.noarch
Installed: lmdb-libs-0.9.22-2.el7.x86_64
Updated: 3:samba-python-dc-4.10.10-3.el7.x86_64
Updated: 3:samba-client-libs-4.10.10-3.el7.x86_64
Updated: 3:libwbclient-4.10.10-3.el7.x86_64
Updated: 3:samba-common-libs-4.10.10-3.el7.x86_64
Installed: 3:samba-4.10.10-3.el7.x86_64
Updated: 3:samba-common-tools-4.10.10-3.el7.x86_64
Updated: 3:samba-winbind-modules-4.10.10-3.el7.x86_64
Updated: 3:samba-client-4.10.10-3.el7.x86_64
Updated: 3:samba-winbind-4.10.10-3.el7.x86_64
Updated: 3:samba-libs-4.10.10-3.el7.x86_64
Updated: 3:libsmbclient-4.10.10-3.el7.x86_64
Updated: 3:samba-python-4.10.10-3.el7.x86_64
Updated: 3:samba-dc-libs-4.10.10-3.el7.x86_64
Updated: 3:samba-dc-4.10.10-3.el7.x86_64
Updated: 3:samba-test-libs-4.10.10-3.el7.x86_64
Updated: 3:ctdb-4.10.10-3.el7.x86_64
Updated: 3:ctdb-tests-4.10.10-3.el7.x86_64
Updated: 3:samba-test-4.10.10-3.el7.x86_64
Updated: 3:samba-dc-bind-dlz-4.10.10-3.el7.x86_64
Updated: 3:samba-python-test-4.10.10-3.el7.x86_64
Updated: 3:samba-winbind-krb5-locator-4.10.10-3.el7.x86_64
Updated: 3:samba-winbind-clients-4.10.10-3.el7.x86_64
Updated: 3:samba-krb5-printing-4.10.10-3.el7.x86_64
Updated: 3:samba-pidl-4.10.10-3.el7.noarch
Erased: libtalloc-2.1.14-1.el7.x86_64 (I use libtalloc from sambasource) 

[4]
yum --tmprepo=/root/rpms/ 
--disablerepo=copr:copr.fedorainfracloud.org:sergiomb:SambaAD 
distro-sync


> Rowland
> 
> 
> 
-- 
Sérgio M. B.

More information about the samba mailing list