New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Samba 4.7.0 and automatic updates #5356

Closed
DavidePrincipi opened this Issue Oct 6, 2017 · 4 comments

Comments

1 participant
@DavidePrincipi
Copy link
Member

DavidePrincipi commented Oct 6, 2017

  • Compile and build nsdc RPM for Samba 4.7.0
  • Implement a prop to enable/disable automatic update of nsdc chroot when a new revision is published apply nsdc updates automatically
  • Show installed Samba version in Accounts provider page

See also

Samba 4.7.0 release notes excerpt

Parameter changes
-----------------

The "strict sync" global parameter has been changed from
a default of "no" to "yes". This means smbd will by default
obey client requests to synchronize unwritten data in operating
system buffers safely onto disk. This is a safer default setting
for modern SMB1/2/3 clients.

The 'ntlm auth' option default is renamed to 'ntlmv2-only', reflecting
the previous behaviour.  Two new values have been provided,
'mschapv2-and-ntlmv2-only' (allowing MSCHAPv2 while denying NTLMv1)
and 'disabled', totally disabling NTLM authentication and password
changes.

smb.conf changes
================

  Parameter Name                     Description             Default
  --------------                     -----------             -------
  allow unsafe cluster upgrade       New parameter           no
  auth event notification            New parameter           no
  auth methods                       Deprecated
  client max protocol                Effective               SMB3_11
                                     default changed
  map untrusted to domain            New value/              auto
                                     Default changed/
                                     Deprecated
  mit kdc command                    New parameter
  profile acls                       Deprecated
  rpc server dynamic port range      New parameter           49152-65535
  strict sync                        Default changed         yes
  password hash userPassword schemes New parameter
  ntlm auth                          New values              ntlmv2-only

@DavidePrincipi DavidePrincipi added this to the v7 milestone Oct 6, 2017

@DavidePrincipi

This comment has been minimized.

Copy link
Member

DavidePrincipi commented Oct 6, 2017

In nethserver-testing (7.4)
nethserver-dc-1.2.6-1.1.g2aac841.ns7.x86_64.rpm

@DavidePrincipi

This comment has been minimized.

Copy link
Member

DavidePrincipi commented Oct 10, 2017

Test case 1

  • Install the testing package
  • Check in "Doman accounts" page is OK
  • Check the Samba version in "Accounts provider" is 4.7.0

Test case 2

  • After test case 1, run manually

    signal-event nethserver-dc-update

The upgrade action must not trigger the upgrade event.

DavidePrincipi added a commit to NethServer/nethserver-sssd that referenced this issue Oct 10, 2017

Merge pull request #78 from DavidePrincipi/issue-5356
Display ns-samba version in local AD provider page

NethServer/dev#5356

DavidePrincipi added a commit to NethServer/nethserver-dc that referenced this issue Oct 10, 2017

DavidePrincipi added a commit to NethServer/nethserver-dc that referenced this issue Oct 10, 2017

@DavidePrincipi

This comment has been minimized.

Copy link
Member

DavidePrincipi commented Oct 10, 2017

In nethserver-testing 7.3, 7.4

  • nethserver-sssd-1.3.0-1.3.ga7c698a.ns7.noarch.rpm
  • nethserver-dc-1.2.6-1.6.g5d1cacc.ns7.x86_64.rpm
  • nethserver-dc-debuginfo-1.2.6-1.6.g5d1cacc.ns7.x86_64.rpm
@DavidePrincipi

This comment has been minimized.

Copy link
Member

DavidePrincipi commented Oct 13, 2017

The ns-samba-4.7.0 package has an issue with TDB backups, that was reported here

https://lists.samba.org/archive/samba/2017-October/211499.html

TODO: release this enhancement with Samba 4.6.8, see #5360

@DavidePrincipi DavidePrincipi added wontfix and removed testing labels Oct 13, 2017

@DavidePrincipi DavidePrincipi moved this from ⚙ Developing to 🗑 Done in NethServer 7 Oct 13, 2017

@gsanchietti gsanchietti referenced this issue Nov 8, 2018

Closed

Samba DC 4.8.6 upgrade #5633

2 of 2 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment