[Samba] Online AD Backup fails with "no auth" in 4.20?

Michael Tokarev mjt at tls.msk.ru
Fri Jun 28 06:50:17 UTC 2024

On 6/28/24 08:41, Matthias Kühne | Ellerhold Aktiengesellschaft via samba wrote:
> Hello Michael,
> the order of installation is irrelevant, I just posted it to get one
> point across: you need both samba-ad-provision and samba-dsdb-modules on
> a member server to do the online backup.
> With 4.19 both package were installed as dependency of the standard
> "samba" package. With 4.20.2 the split into "samba" (fileserver) and
> "samba-ad-dc" happened and these packages got removed from deps from the
> fileserver - hence I uninstalled them on all my fileservers.

Aha. This makes perfect sense.  I haven't realized you removed packages
which were previously installed.  That's when it actually "stopped working".
And that's also where I was confused by the order of actions.

Thank you, things are clear now.

> That was my understanding ... but looking at samba
> 2:4.19.7+dfsg-1~mjt-deb12 ... "samba-vfs-modules, samba-ad-provision"
> are only in the recommends section, not in depends. They were not
> manually installed (so should be marked auto installed and show be shown
> as autoremovable). But with "apt autoremove" 0 packages are presented to
> me? Running apt remove shows me that they are not a dependency of
> another package??
> So they're not depended on by other packages, werent installed manually
> but wont be removed by autoremove? How is that possible?

This is exactly how Recommends and Suggests package control fields work in
Debian (the difference between the two is that Recommends are installed by
default but Suggests are not).

If a package is auto-installed, it isn't a subject for auto-removal as
long as it is listed in at least one Recommends or Suggests (or, obviously,
Depends) of other packages.  It only becomes subject for auto-removal if
it is not referenced by any other installed package.

samba-dsdb-modules and samba-ad-provision are both dependencies of samba-ad-dc
in Debian currently. Neither of them is recommended or suggested by other samba
packages.  samba-ad-provision is only recommended by samba-ad-dc now, it is
not a dependency (so once the domain is set up, this package can be removed -
and as we learned in this thread, such removal will break domain backup).
samba-dsdb-modules is used for auth within domain, - it would be interesting
to see which modules are actually required in this context (I'll take a look



GPG Key transition (from rsa2048 to rsa4096) since 2024-04-24.
New key: rsa4096/61AD3D98ECDF2C8E  9D8B E14E 3F2A 9DD7 9199  28F1 61AD 3D98 ECDF 2C8E
Old key: rsa2048/457CE0A0804465C5  6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
Transition statement: http://www.corpit.ru/mjt/gpg-transition-2024.txt

More information about the samba mailing list