[Samba] windows 10 on samba Version 4.3.11

Andrew Bartlett abartlet at samba.org
Mon Aug 28 20:31:16 UTC 2023 

On Mon, 2023-08-28 at 13:05 +0100, Rowland Penny via samba wrote:
> On Mon, 28 Aug 2023 08:43:30 -0300
> jmpatagonia via samba <
> samba at lists.samba.org
> > wrote:
> 
> > Our big problem is that we use the samba 4.3.11 ldap schema to
> > validate many applications, against samba, and added some
> > attributes
> > to the schema. 
> 
> You can extend the AD schema, there is even a wiki page that might
> help:
> 
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions
> 
> 
> > Basically we validate and authenticate our
> > applications and 3rdparty (that use ldap) to this schema and work
> > properly since years ago. And use a API to Add, modify, delete
> > users
> > and password.
> 
> What are these 'applications' ?
> Perhaps someone is already using these applications with Samba AD.
>  
> > And the new versión of samba (4 AD) the schema is very different
> > and
> > the ldap database it is built-in, so we can externalice the ldap to
> > maintenance our repository.
> > 
> > So we want to keep samba 4.3.11 alive or make a project to move all
> > to
> > another schema
> 
> Samba is a rapidly moving system and 4.3.11 is extremely old, also
> the
> old ldap based Samba relies heavily on SMBv1 and Samba is working
> hard
> on removing this.

I do wish to give some words of comfort.  Firstly, Rowland is correct:
Samba's NT4 domains support is old, and we do want the SMB1 code to go
away, so it will also go away at some point.

The comfort I can give is that, except for the LDAP part (as we don't
start or populate an LDAP server in the tests), it is tested in our CI,
and the major components are used by Red Hat's FreeIPA, which keeps
them maintained to an extent. 

Because it is old, it also isn't changing, so a direct upgrade from
Samba 4.3 to a currently supported Samba will very likley fix any
issues with modern Windows versions, particularly the recent secure
channel issue.

I would do that, then look at moving Samba and the applications you
connect to it, to Samba AD for a long-term solution. 

Andrew Bartlett


-- 
Andrew Bartlett (he/him)       https://samba.org/~abartlet/
Samba Team Member (since 2001) https://samba.org
Samba Team Lead                https://catalyst.net.nz/services/samba
Catalyst.Net Ltd

Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group
company

Samba Development and Support: https://catalyst.net.nz/services/samba

Catalyst IT - Expert Open Source Solutions

More information about the samba mailing list