Denis Cardon
2018-Sep-26 17:08 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Hi Louis,> > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a side note on this. > The bug in question why im blocking it for production, does not happen for domain members and AD-DC's but it's still a risk in my opinion. > Because for this bug, your obligated to set the idmap ... : settings or run : net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin > > For the member, you need to adjust the install order a bit to get past it without problems. > > As temp workaround (for member installation) ADDC should go fine once provisioned. > For a stand-alone server use the same steps, but leave out the idmap domain settings.I've done extensive stress testing on the DC (compiled version, not packaged one) and I confirm that it works very well.> - Steps > apt-get install samba > > - Then stop smbd and nmbd > systemctl stop smbd nmbd > > - Option 1: ( my personal choice, because this keeps thing in sight ) > - ( Domain Member settings and/or Stand-Alone installs ) > - Configure smb.conf ( make sure you have configured the idmap settings. ) > # - You must set a DOMAIN backend configuration, see below > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > - Domain Member only setting, choose one of these 2, read and choose. > https://wiki.samba.org/index.php/Idmap_config_ad > https://wiki.samba.org/index.php/Idmap_config_ridI have always been configuring a tdb backend for builtin users aside from the rfc2307 or rid backend for domain users (like in [1]). In which documentation is it missing this piece of information? Cheers, Denis [1] https://dev.tranquil.it/wiki/SAMBA_-_Installation_d%27un_nouveau_serveur_de_fichiers_Samba4#Configuration_smb.conf> > Option 2: net groupmap add sid=S-1-5-32-546 unixgroup=nobody type=builtin > Recommended if you using only a stand-alone setup, dont run this on a member, that not needed and my cause other problems. > > - And now your ready to install winbind. > apt-get install winbind > > When i'm happy with the status of 4.9.x then im moving it from the test repo to the stretch-samba49 repo. > And I really suggest you wait until that happen, except when your want to test things out. > Just change the repo name to : stretch-experimental > > If you want to test ldmb, the preparation for lmdb are done in the 4.9.x. packages. > https://wiki.samba.org/index.php/Samba_4.9_Features_added/changed#New_Experimental_LMDB_LDB_backend > Im not aware of an upgrade possibilty of tdb to lmdb (yet). > At least i did not find any upgrade notes. > > I hope this is a bit the answer your are looking for. > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens >> Oliver Rath via samba >> Verzonden: woensdag 26 september 2018 13:57 >> Aan: samba >> Onderwerp: [Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb? >> >> Hi list, >> >> are there preparations for upgrading a samba 4.8.5 to 4.9.1 via >> van-belle-repository to change the backend db? Is there some handwork >> necessary? >> >> Regards, >> Oliver >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >> > >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr
Rowland Penny
2018-Sep-26 17:58 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
On Wed, 26 Sep 2018 19:08:52 +0200 Denis Cardon via samba <samba at lists.samba.org> wrote:> Hi Louis, > > > > At this point i can not recommend to upgrade to 4.9.0 or 4.9.1, a > > side note on this. The bug in question why im blocking it for > > production, does not happen for domain members and AD-DC's but it's > > still a risk in my opinion. Because for this bug, your obligated to > > set the idmap ... : settings or run : net groupmap add > > sid=S-1-5-32-546 unixgroup=nobody type=builtin > > > > For the member, you need to adjust the install order a bit to get > > past it without problems. > > > > As temp workaround (for member installation) ADDC should go fine > > once provisioned. For a stand-alone server use the same steps, but > > leave out the idmap domain settings. > > I've done extensive stress testing on the DC (compiled version, not > packaged one) and I confirm that it works very well. > > > - Steps > > apt-get install samba > > > > - Then stop smbd and nmbd > > systemctl stop smbd nmbd > > > > - Option 1: ( my personal choice, because this keeps thing in sight > > ) > > - ( Domain Member settings and/or Stand-Alone installs ) > > - Configure smb.conf ( make sure you have configured the idmap > > settings. ) # - You must set a DOMAIN backend configuration, see > > below idmap config * : backend = tdb > > idmap config * : range = 3000-7999 > > > > - Domain Member only setting, choose one of these 2, read and > > choose. https://wiki.samba.org/index.php/Idmap_config_ad > > https://wiki.samba.org/index.php/Idmap_config_rid > > I have always been configuring a tdb backend for builtin users aside > from the rfc2307 or rid backend for domain users (like in [1]). In > which documentation is it missing this piece of information?I will turn that on its head ;-) If you read 'man idmap_tdb', you will find this: [global] # "backend = tdb" is redundant here since it is the default idmap config * : backend = tdb idmap config * : range = 1000000-2000000 Which means that you do not have to add the 'backend' line.> > Cheers, > > Denis > > [1] > https://dev.tranquil.it/wiki/SAMBA_-_Installation_d%27un_nouveau_serveur_de_fichiers_Samba4#Configuration_smb.confYour wiki page needs updating, all supported Samba versions now use a slightly different 'ad' setup and I wish I knew who thought it was good idea to recommend putting the '*' domain above the 'DOMAIN' domain. Rowland
Denis Cardon
2018-Sep-27 08:12 UTC
[Samba] Upgrade 4.8 to 4.9 with Backend-Change to lmdb?
Hi Rowland,>>> - Option 1: ( my personal choice, because this keeps thing in sight >>> ) >>> - ( Domain Member settings and/or Stand-Alone installs ) >>> - Configure smb.conf ( make sure you have configured the idmap >>> settings. ) # - You must set a DOMAIN backend configuration, see >>> below idmap config * : backend = tdb >>> idmap config * : range = 3000-7999 >>> >>> - Domain Member only setting, choose one of these 2, read and >>> choose. https://wiki.samba.org/index.php/Idmap_config_ad >>> https://wiki.samba.org/index.php/Idmap_config_rid >> >> I have always been configuring a tdb backend for builtin users aside >> from the rfc2307 or rid backend for domain users (like in [1]). In >> which documentation is it missing this piece of information? > > I will turn that on its head ;-)do as you please as long as it is constructive. :-)> If you read 'man idmap_tdb', you will find this: > > [global] > # "backend = tdb" is redundant here since it is the default > idmap config * : backend = tdb > idmap config * : range = 1000000-2000000 > > Which means that you do not have to add the 'backend' line.one more line for more clarity is not a hefty price to pay. One of the objective of a tutorial is to help the reader understand what he does!>> >> Cheers, >> >> Denis >> >> [1] >> https://dev.tranquil.it/wiki/SAMBA_-_Installation_d%27un_nouveau_serveur_de_fichiers_Samba4#Configuration_smb.conf > > Your wiki page needs updating, all supported Samba versions now use a > slightly different 'ad' setup and I wish I knew who thought it was good > idea to recommend putting the '*' domain above the 'DOMAIN' domain.Well, sorry to disappoint you but that wiki configuration does work with current Samba version. And it does not matter to have the "catchall" idmap configuration above or under the domain idmap configuration. Cheers, Denis PS : by the way I am wondering what fantastic job you have that allows you to spend so much time on the mailing list :-) ? I'm sure doing Samba mailing list posting all day long does not "put butter in the spinach" (like we frogs say here) !> > Rowland >-- Denis Cardon Tranquil IT Systems Les Espaces Jules Verne, bâtiment A 12 avenue Jules Verne 44230 Saint Sébastien sur Loire tel : +33 (0) 2.40.97.57.55 http://www.tranquil.it Samba install wiki for Frenchies : https://dev.tranquil.it WAPT, software deployment made easy : https://wapt.fr