[Pkg-samba-maint] Debian Jessie Samba 4 recursive lookup issue
Eoin Kim
Eoin.Kim at rcst.com.au
Thu Apr 19 12:26:04 BST 2018
Thanks very much guys. I may have to think about upgrading systems to Stretch. Thanks again.
Eoin
________________________________________
From: L.P.H. van Belle <belle at bazuin.nl>
Sent: Thursday, 19 April 2018 7:57 PM
To: Mathieu Parent; Eoin Kim
Cc: Debian Samba Maintainers
Subject: RE: [Pkg-samba-maint] Debian Jessie Samba 4 recursive lookup issue
Hai,
@Eoin,
If you really want a better version for Jessie.
I maintain packages for the samba communitie for Jessie and Stretch.
I try to keep them as close to the original debian samba as possible.
The following is available on my apt for Jessie
4.5.12 As backport from debian stretch, only updated again if a CVE hits samba.
4.5.16 The latest samba 4.5, only updated again if a CVE hits samba.
4.6.15 Latest 4.6.
And for stretch i have the following
4.6.15
4.7.7
4.8.1 will be there when released. ( 4.8.0 is not safe when upgrading samba )
All my packages are all signed, if you have questions about these, im on the samba list.
But as Mathieu suggested, upgrade to debian stretch, thats the best advice really.
I'll tell why.
A much better kernel, Jessie suffers from high load on ksoftirqd, which really hurts the os performance.
A much much better samba, which increase the performance. And with the 4.9 kernel you notice a lot of speed gain.
I saw my complet network speed/responsiveness be much faster with Stretch than with Jessie.
And LOTS of fixed in samba. Because of that i do advice samba 4.6 or 4.7.
If you want to keep running, only debian orginal packages, and you server is a samba only server.
Upgrade to buster, but do turn of automatic upgrade, it still testing.
Personaly i running all my productions now on stretch + samba 4.7.7 and im very happy with it.
Just do the following if you BEFORE going to upgrade!!!
Read :
https://wiki.samba.org/index.php/Samba_Features_added/changed_(by_release)
https://www.samba.org/samba/history/samba-4.3.0.html
https://www.samba.org/samba/history/samba-4.4.0.html
https://www.samba.org/samba/history/samba-4.5.0.html
https://www.samba.org/samba/history/samba-4.6.0.html
https://www.samba.org/samba/history/samba-4.7.0.html
Also this >> https://wiki.samba.org/index.php/Updating_Samba << most imported to read.
So it's really very important that you have a correct smb.conf before you upgrade.
If you need help when upgrading just mail the samba list.
Greetz,
Louis
Ps.
@Mathieu, im bombed with work here atm., my git setup is still in setup fase.
As soon i have time for the setup, i might ask some things.
> -----Oorspronkelijk bericht-----
> Van: Pkg-samba-maint
> [mailto:pkg-samba-maint-bounces+belle=bazuin.nl at alioth-lists.d
> ebian.net] Namens Mathieu Parent
> Verzonden: donderdag 19 april 2018 10:48
> Aan: Eoin Kim
> CC: Debian Samba Maintainers
> Onderwerp: Re: [Pkg-samba-maint] Debian Jessie Samba 4
> recursive lookup issue
>
> )
>
> 2018-04-18 23:31 GMT+02:00 Eoin Kim <Eoin.Kim at rcst.com.au>:
> > Hello Mathieu,
> >
>
> Hello,
>
> >
> > First of all, my apologies for sending an email to you
> directly regarding
> > the issue I am having. I searched the Internet to find
> solutions as possible
> > as I could but I didn’t have any luck so far.
>
> I've CC-ed the mailing list which is the proper way to ask support.
>
> > Therefore, I am asking you a
> > help if possible. I installed Samba 4 from my Debian Jessie
> using apt-get.
> > The version is 4.2.14+dfsg-0+deb8u9, which I believe the
> latest for Jessie.
> > I provisioned the Active Directory domain without any
> issues. After that, I
> > installed another service which uses LDAP authentication in
> my other Debian
> > Jessie host.
> >
>
> Samba in jessie is pretty old. And it has an unpatched
> security hole as AD-DC:
> https://security-tracker.debian.org/tracker/CVE-2018-1057
>
> Please use stretch instead.
>
> >
> > During the LDAP authentication setup, I configured the
> filter option that
> > includes LDAP_MATCHING_RULE_IN_CHAIN
> (memberOf:1.2.840.113556.1.4.1941), and
> > it didn’t work. I also tried ldbsearch from command line
> directly on the
> > Samba host and no luck. The below is the result.
> >
> >
> >
> > # ldbsearch -H /var/lib/samba/private/sam.ldb -s sub -b
> "dc=lab,dc=domain"
> > '(memberOf:1.2.840.113556.1.4.1941:=CN=SG-Icinga2_Users,OU=Security
> > Groups,OU=LAB Groups,DC=lab,DC=domain)'
> >
> > ldb: unknown extended rule_id 1.2.840.113556.1.4.1941
> >
> >
> >
> > Is this not supported in Samba entirely or just Samba 4.2? If it is
> > supported in other versions, could you please tell me which
> version will be
> > working with Debian Jessie? I really need this feature to
> make my other
> > service work well. Sorry again for direct email. I look
> forward to your
> > response. Thanks a lot.
> >
>
> It probably were implemented in 4.3 or 4.4.
>
> >
> > Eoin Kim
> >
> > Systems Administrator
> [...]
>
>
> Regards
> --
> Mathieu Parent
>
> _______________________________________________
> Pkg-samba-maint mailing list
> Pkg-samba-maint at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-s
> amba-maint
>
More information about the Pkg-samba-maint
mailing list