Hi list, are there preparations for upgrading a samba 4.8.5 to 4.9.1 via van-belle-repository to change the backend db? Is there some handwork necessary? Regards, Oliver
L.P.H. van Belle
2018-Sep-26 12:47 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Hai,
At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a side note on
this.
The bug in question why im blocking it for production, does not happen for
domain members and AD-DC's but it's still a risk in my opinion.
Because for this bug, your obligated to set the idmap ... : settings or run :
net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin
For the member, you need to adjust the install order a bit to get past it
without problems.
As temp workaround (for member installation) ADDC should go fine once
provisioned.
For a stand-alone server use the same steps, but leave out the idmap domain
settings.
- Steps
apt-get install samba
- Then stop smbd and nmbd
systemctl stop smbd nmbd
- Option 1: ( my personal choice, because this keeps thing in sight )
- ( Domain Member settings and/or Stand-Alone installs )
- Configure smb.conf ( make sure you have configured the idmap settings. )
# - You must set a DOMAIN backend configuration, see below
idmap config * : backend = tdb
idmap config * : range = 3000-7999
- Domain Member only setting, choose one of these 2, read and choose.
https://wiki.samba.org/index.php/Idmap_config_ad
https://wiki.samba.org/index.php/Idmap_config_rid
Option 2: net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin
Recommended if you using only a stand-alone setup, dont run this on a member,
that not needed and my cause other problems.
- And now your ready to install winbind.
apt-get install winbind
When i'm happy with the status of 4.9.x then im moving it from the test repo
to the stretch-samba49 repo.
And I really suggest you wait until that happen, except when your want to test
things out.
Just change the repo name to : stretch-experimental
If you want to test ldmb, the preparation for lmdb are done in the 4.9.x.
packages.
https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed#New_Experimental_LMDB_LDB_backend
Im not aware of an upgrade possibilty of tdb to lmdb (yet).
At least i did not find any upgrade notes.
I hope this is a bit the answer your are looking for.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Oliver Rath via samba
> Verzonden: woensdag 26 september 2018 13:57
> Aan: samba
> Onderwerp: [Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
>
> Hi list,
>
> are there preparations for upgrading a samba 4.8.5 to 4.9.1 via
> van-belle-repository to change the backend db? Is there some handwork
> necessary?
>
> Regards,
> Oliver
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
Denis Cardon
2018-Sep-26 17:04 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Hi Oliver,> are there preparations for upgrading a samba 4.8.5 to 4.9.1 via > van-belle-repository to change the backend db? Is there some handwork > necessary?it is not possible to do an inplace upgrade going from TDB to LMDB. In order to upgrade, you have to join a new server using the --backend-store=mdb option. I've done some extensive stress testing on LMDB DC in lab environment and it works pretty well. By default samba-tool is still doing TDB provising, but I hope it will switch to default on LMDB with the next major release, because it is really a great piece of work that has been done here by Andrew and his team! Cheers, Denis> > Regards, > Oliver > > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
Denis Cardon
2018-Sep-26 17:08 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Hi Louis,> > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a side note on this. > The bug in question why im blocking it for production, does not happen for domain members and AD-DC's but it's still a risk in my opinion. > Because for this bug, your obligated to set the idmap ... : settings or run : net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin > > For the member, you need to adjust the install order a bit to get past it without problems. > > As temp workaround (for member installation) ADDC should go fine once provisioned. > For a stand-alone server use the same steps, but leave out the idmap domain settings.I've done extensive stress testing on the DC (compiled version, not packaged one) and I confirm that it works very well.> - Steps > apt-get install samba > > - Then stop smbd and nmbd > systemctl stop smbd nmbd > > - Option 1: ( my personal choice, because this keeps thing in sight ) > - ( Domain Member settings and/or Stand-Alone installs ) > - Configure smb.conf ( make sure you have configured the idmap settings. ) > # - You must set a DOMAIN backend configuration, see below > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > - Domain Member only setting, choose one of these 2, read and choose. > https://wiki.samba.org/index.php/Idmap_config_ad > https://wiki.samba.org/index.php/Idmap_config_ridI have always been configuring a tdb backend for builtin users aside from the rfc2307 or rid backend for domain users (like in [1]). In which documentation is it missing this piece of information? Cheers, Denis [1] https://dev.tranquil.it/wiki/SAMBA_-_Installation_d%27un_nouveau_serveur_de_fichiers_Samba4#Configuration_smb.conf> > Option 2: net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin > Recommended if you using only a stand-alone setup, dont run this on a member, that not needed and my cause other problems. > > - And now your ready to install winbind. > apt-get install winbind > > When i'm happy with the status of 4.9.x then im moving it from the test repo to the stretch-samba49 repo. > And I really suggest you wait until that happen, except when your want to test things out. > Just change the repo name to : stretch-experimental > > If you want to test ldmb, the preparation for lmdb are done in the 4.9.x. packages. > https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed#New_Experimental_LMDB_LDB_backend > Im not aware of an upgrade possibilty of tdb to lmdb (yet). > At least i did not find any upgrade notes. > > I hope this is a bit the answer your are looking for. > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Oliver Rath via samba >> Verzonden: woensdag 26 september 2018 13:57 >> Aan: samba >> Onderwerp: [Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb? >> >> Hi list, >> >> are there preparations for upgrading a samba 4.8.5 to 4.9.1 via >> van-belle-repository to change the backend db? Is there some handwork >> necessary? >> >> Regards, >> Oliver >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
Stefan G. Weichinger
2018-Oct-17 09:24 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Am 26.09.18 um 14:47 schrieb L.P.H. van Belle via samba:> Hai, > > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a > side note on this. The bug in question why im blocking it for > production, does not happen for domain members and AD-DC's but it's > still a risk in my opinion.Is that still true (oct 17th 2018)? Is that mentioned backend change obligatory? Couldn't follow all the threads lately ;-) ... but checking in to prepare for upgrades over the next weeks or so. Thanks, Stefan
L.P.H. van Belle
2018-Oct-17 09:46 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Yes, Ive fixed 1 of the 2 problems at install. Im testing fix 2 atm, and ask @technical for extra info. There are 2 bugs with the upgrade of 4.8 to 4.9. For others, please note, i've only tested this on debian with the debian packages (experimental) and my own packages. Bug 1) at install samba is unable to start due to : a change (commit) 0b261dc4e3f2 in 4.9 that requires to have BUILTIN\Guests group always to be mapped here there are 2 fixed, as suggested by Alexander fix 1) net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin << on debian dont use that. use : net groupmap add sid=S-1-5-32-546 unixgroup=nogroup type=builtin ( change nobody to nogoup) fix 2) change smb.conf and enable idmap * This is the fix i implemented in the package, mainly because now you see thats done. fix 1, can be forgotten in time and might kick back later on.. Bug 2) when you install (apt install samba winbind) then both smbd and winbind wont start due to extra added parts in the systemd files and these are copied to /etc/systemd/system This is a debian policy confict and this should not happen. The correct and working files exact at /lib/systemd/system So after getting passed bug1 i did hit bug2. :-( you can get easy past it by removing the files in /etc/systemd/system smbd/winbind/samba/nmbd service files run : systemctl daemon-reload run : apt-get -f install then the install continues. You only see this with a new install, because these are set to "standalone server". Once set to ad-dc or member server, you dont see bug 1, you only might hit bug2. So you can test the 4.9.1 packages, but only when im 10000000% sure the package install and upgrades are ok. Only then, I'll put them in the 4.9 repo, for now they are still in the stretch-experimental repo. Im updating these lots atm to test packages out. I ( and all the people using these packages ) cant have a failty upgrade or stalled install. Conclusion, for production, no not yet, for testing yes please. I have some report back already that once you got past the 2 bug samba runs fine. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Stefan G. Weichinger via samba > Verzonden: woensdag 17 oktober 2018 11:25 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb? > > Am 26.09.18 um 14:47 schrieb L.P.H. van Belle via samba: > > Hai, > > > > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a > > side note on this. The bug in question why im blocking it for > > production, does not happen for domain members and AD-DC's but it's > > still a risk in my opinion. > > Is that still true (oct 17th 2018)? > > Is that mentioned backend change obligatory? > > Couldn't follow all the threads lately ;-) ... but checking in to > prepare for upgrades over the next weeks or so. > > Thanks, Stefan > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >