Univention Bugzilla – Bug 35319
Samba 4.2
Last modified: 2014-11-26 06:54:42 CET
Samba 4.2 should be built for UCS 4.0
The patches for samba, ldb, tdb, tevent and talloc should be checked as well.
From Bug #35320: (In reply to Stefan Gohmann from comment #1) > I've started an upgrade of a 3.2-3 system. Among other packages the > following samba packages have been removed: > > libdcerpc-server0 > libdcerpc0 > libgensec0 > libnetapi0 > libregistry0 > libsamba-policy0 > libsamdb0 > libsmbclient-raw0 > libsmbd0 > python-univention-connector > python-univention-connector-ad > python-univention-connector-s4 > samba-ad-dc > samba4 > samba4-clients > univention-ad-connector > univention-management-console-module-adconnector > univention-s4-connector
The following packages have been adjusted to call /etc/init.d/samba-ad-dc instead of /etc/init.d/samba4: univention-management-console-module-adtakeover univention-ldap univention-join univention-printserver univention-s4-connector
Please update to the latest git snapshot and move this bug to interim-3. I don't think we need a special QA for MS2.
2:4.2.0~rc1 has been imported and built.
Samba 4.2 contains a major change affecting winbind (see the WHATSNEW linked in the URL field of this Bug): When configured to run as Samba4 (samba-ad-dc), the source3 "winbindd" daemon is forked automatically by the samba-Daemon instead of the source4 "winbind". So we probably should add typical source3 winbindd parameters found in univention-samba also to univention-samba4 (e.g. "winbind enum users", "winbind enum groups" and "winbind nested groups"). Additionally: In Samba 4.2 the default for "winbind expand groups" changed from 1 to 0. For a description of the parameter see the (old) manpage linked in the URL. The new 4.2 manpage contains this additional section: ============================================================================= The default value was changed from 1 to 0 with Samba 4.2. Some broken applications calculate the group memberships of users by traversing groups, such applications will require "winbind expand groups = 1". But the new default makes winbindd more reliable as it doesn't require SAMR access to domain controllers of trusted domains. Default: winbind expand groups = 0 =============================================================================
The manpage: https://www.samba.org/samba/docs/man/manpages-3/smb.conf.5.html#WINBINDEXPANDGROUPS
I've re-checked the failed Samba tests in Jenkins on backups and slaves. The reason seems to be the restart in 10_ldap/60failedldif. After this test case the samba daemon doesn't run anymore. I've created a simple test script for the restart and was able to reproduce it: ***************************************************************************** root@backup093:~# cat test.sh #!/bin/bash /etc/init.d/slapd restart ucr commit /etc/samba/smb.conf for srv in samba smaba4 winbind; do test -x /etc/init.d/$srv && invoke-rc.d $srv restart done root@backup093:~# ***************************************************************************** The result: ***************************************************************************** root@backup093:~# pidof samba 31806 31805 31803 31802 31801 31800 31799 31798 31797 31795 31794 31776 root@backup093:~# ./test.sh [info] Restarting ldap server(s). [ ok ] Stopping ldap server(s): slapd ...done. [ ok ] Starting ldap server(s): slapd ...done. Multifile: /etc/samba/smb.conf [ ok ] Stopping NetBIOS name server: nmbd. [ ok ] Stopping SMB/CIFS daemon: smbd. [....] Stopping Samba AD DC daemon: sambastart-stop-daemon: warning: failed to kill 31776: No such process . ok [ ok ] Starting Samba AD DC daemon: samba. [ ok ] Stopping the Winbind daemon: winbind. winbind disabled by ucr var winbind/autostart=no root@backup093:~# pidof samba root@backup093:~# ./test.sh [info] Restarting ldap server(s). [ ok ] Stopping ldap server(s): slapd ...done. [ ok ] Starting ldap server(s): slapd ...done. Multifile: /etc/samba/smb.conf [ ok ] Stopping NetBIOS name server: nmbd. [ ok ] Stopping SMB/CIFS daemon: smbd. [ ok ] Stopping Samba AD DC daemon: samba. [ ok ] Starting Samba AD DC daemon: samba. [ ok ] Stopping the Winbind daemon: winbind. winbind disabled by ucr var winbind/autostart=no root@backup093:~# pidof samba 32403 32402 32401 32399 32398 32397 32396 32395 32394 32392 32391 32329 root@backup093:~# ***************************************************************************** Maybe it is a bug in the init script. If it has been fixed, please revert r54298 in ucs-test.
Created attachment 6207 [details] samba_4.2rc1_param_changes.txt Attached there are the main new points in the smb.conf manpage.
Samba 4.2.0 RC2 has been imported and built.
OK - samba 2:4.2.0~rc2-1.707.201 OK - new UCS 4.0 installation OK - win7, win8.1 join OK - RSAT OK - client login OK - printer setup OK - update UCS 3.2 master (s4 connector, samba4) and slabe (samba4) OK - already joined clients still joined OK - mixed setup (master 4.0 slave 3.2) OK - dbcheck after the update OK - drs replication after the update OK - univention-s4connector-list-rejected OK - client login after the update OK - policy still exists and works OK - client login with new users (also with RSAT) OK - win7 join OK - changelog
UCS 4.0-0 has been released: http://docs.univention.de/release-notes-4.0-0-en.html http://docs.univention.de/release-notes-4.0-0-de.html If this error occurs again, please use "Clone This Bug".