[Samba] samba 4.18 to 4.20 issue
Douglas G. Oechsler
doguibnu at gmail.com
Wed Apr 9 00:37:57 UTC 2025
Helllo!
I would like to share some information please!
Forget saying that we have a second AD member and doing a sysvol transfer
between AD-DC and AD-member on crontab each 15 min.
Can clients AD machines connect on AD-Member first on logon and this 15 min
affects changes until sysvol transfer be right (or the same) at the
AD-Member side?
Or, Am I asking a stupid question?
Thank you for your attention!
Em ter., 8 de abr. de 2025 às 15:16, Rowland Penny via samba <
samba at lists.samba.org> escreveu:
> On Tue, 8 Apr 2025 14:41:27 -0300
> "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:
>
> > Em ter., 8 de abr. de 2025 às 12:22, Rowland Penny via samba <
> > samba at lists.samba.org> escreveu:
> >
> > > On Tue, 8 Apr 2025 11:36:19 -0300
> > > "Douglas G. Oechsler via samba" <samba at lists.samba.org> wrote:
> > >
> > > > Hello!
> > > > How are you?
> > > >
> > > > I updated samba 4.18 to 4.20 and made a new samba ad member with
> > > > samba 4.20. So transfer FSMO from 4.18 to 4.20. Follow commands
> > > > to fix something and finish disable 4.18.
> > > > All appears to work well for about 20 days
> > >
> > > Could it actually have been 30 days ?
> > >
> > > Yes, or + or -
>
> If it was 30 days, it could be a kerberos problem, the kerberos ticket
> isn't being renewed correctly, which is why I asked about sssd, if both
> are running, then it is possible that the wrong package updates the
> ticket (and hence becomes the owner).
>
> Right!
> >
> >
> >
> > > > and yesterday while
> > > > trying to configure special permissions on RSAT windows (read,
> > > > write and no erase) at the finish command it made total control
> > > > and no respect to the special permissions command. What can be
> > > > wrong? When was 4.18 its working.
> > > >
> > > > *The samba version on samba server files is 4.20.2* package
> > > > distro
>
> The problem with Samba 4.20.x is that it is, from the Samba point of
> view, in security fixes only mode, so if you are hitting a bug, then it
> is unlikely to get fixed (unless redhat decides to backport any such
> fix) and indeed it might have already have been fixed in a later
> version.
> I suggest you use the TranquiIT Samba packages (you can get 4.21.5)
> everywhere and see if the problem persists.
>
Strange! At the end of afternoon the system was working well (special
permissions - write-read and no erase files). Because this I commented
about ad-member
>
> > >
> > > How have you setup the file server ?
> > > Can we please see your smb.conf file ?
> > > Is sssd running as well ?
> > >
> > >
> > no, sssd not running
> > We have winbind.
>
> Good, but did you follow any of the redhat instructions ?
>
I am sorry! About?
> >
> >
> > The samba file server config:
> >
> > cat /etc/samba/smb.conf
> > [global]
> >
> > bind interfaces only = Yes
> > interfaces = lo ens18
> > dedicated keytab file = /etc/krb5.keytab
> > kerberos method = secrets and keytab
> > log file = /var/log/samba/%m.log
> > min domain uid = 0
> > realm = MYDOMAIN.DOM
> > username map = /etc/samba/user.map
> > security = ADS
> > template homedir = /home/%U
> > template shell = /bin/bash
> > winbind refresh tickets = Yes
> > winbind use default domain = Yes
> > workgroup = MYDOMAIN
> > idmap config mydomain : range = 10000-999999
> > idmap config mydomain : backend = rid
> > idmap config * : range = 3000-7999
> > idmap config * : backend = tdb
> > map acl inherit = Yes
> > vfs objects = acl_xattr
> > store dos attributes = yes
> >
> >
> > [Disco-Arquivos]
> >
> > path = /mnt/diskrede/
> > read only = no
> > browseable = yes
>
> Nothing really wrong there, you could almost be looking at my smb.conf
> ;-)
>
>
Great!
Thank you
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
*Douglas Giovani Oechsler*
e-mail: doguibnu at gmail.com <douglasgiovani at oechsler.com.br>
*Prudentópolis - PR*
More information about the samba
mailing list