[Samba] samba 4.18 to 4.20 issue

Rowland Penny rpenny at samba.org
Tue Apr 8 18:15:38 UTC 2025 

On Tue, 8 Apr 2025 14:41:27 -0300
"Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:

> Em ter., 8 de abr. de 2025 às 12:22, Rowland Penny via samba <
> samba at lists.samba.org> escreveu:
> 
> > On Tue, 8 Apr 2025 11:36:19 -0300
> > "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:
> >
> > > Hello!
> > > How are you?
> > >
> > > I updated samba 4.18 to 4.20 and made a new samba ad member with
> > > samba 4.20. So transfer FSMO from 4.18 to 4.20. Follow commands
> > > to fix something and finish disable 4.18.
> > > All appears to work well for about 20 days
> >
> > Could it actually have been 30 days ?
> >
> > Yes, or + or -

If it was 30 days, it could be a kerberos problem, the kerberos ticket
isn't being renewed correctly, which is why I asked about sssd, if both
are running, then it is possible that the wrong package updates the
ticket (and hence becomes the owner).
 
> 
> 
> 
> > > and yesterday while
> > > trying to configure special permissions on RSAT windows (read,
> > > write and no erase) at the finish command it made total control
> > > and no respect to the special permissions command. What can be
> > > wrong? When was 4.18 its working.
> > >
> > > *The samba version on samba server files is 4.20.2*  package
> > > distro

The problem with Samba 4.20.x is that it is, from the Samba point of
view, in security fixes only mode, so if you are hitting a bug, then it
is unlikely to get fixed (unless redhat decides to backport any such
fix) and indeed it might have already have been fixed in a later
version.
I suggest you use the TranquiIT Samba packages (you can get 4.21.5)
everywhere and see if the problem persists.

> >
> > How have you setup the file server ?
> > Can we please see your smb.conf file ?
> > Is sssd running as well ?
> >
> >
> no,  sssd not running
> We have winbind.

Good, but did you follow any of the redhat instructions ?

> 
> 
> The  samba file server config:
> 
> cat /etc/samba/smb.conf
> [global]
> 
>         bind interfaces only = Yes
>         interfaces = lo ens18
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> log file = /var/log/samba/%m.log
> min domain uid = 0
> realm = MYDOMAIN.DOM
>         username map = /etc/samba/user.map
> security = ADS
> template homedir = /home/%U
> template shell = /bin/bash
> winbind refresh tickets = Yes
> winbind use default domain = Yes
> workgroup = MYDOMAIN
> idmap config mydomain : range = 10000-999999
> idmap config mydomain : backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> map acl inherit = Yes
> vfs objects = acl_xattr
>         store dos attributes = yes
> 
> 
> [Disco-Arquivos]
> 
>         path = /mnt/diskrede/
>         read only = no
>         browseable = yes

Nothing really wrong there, you could almost be looking at my smb.conf
;-)

Rowland

More information about the samba mailing list