[Pkg-samba-maint] Bug#1099755: Bug#1099755:
Andreas Hasenack
andreas.hasenack at canonical.com
Mon Mar 10 12:56:35 GMT 2025
Hi,
On Sun, Mar 9, 2025 at 4:36 AM Michael Tokarev <mjt at tls.msk.ru> wrote:
>
> 08.03.2025 20:15, Andreas Hasenack wrote:
> > What's the scenario where an AD DC server will not have the
> > samba-ad-dc package installed? That package exists since stable.
>
> No. In stable, samba-ad-dc was completely optional, - it was just
> a meta-package depending on all components which are essential for
> an AD-DC to function (incl. samba-dsdb-modules, winbind, ...). It
> was a preparation for the actual split which I didn't want to do
> that late in the release process (bookworm freeze). It was entirely
> okay to have the same components installed manually without
> installing samba-ad-dc, and have a working DC, the way it has always
> been before.
Ok, the Ubuntu documentation always stated to install samba-ad-dc.
>
> Actual move happened in 4.20.1+dfsg-2:
>
> samba (2:4.20.1+dfsg-2) unstable; urgency=medium
>
> * move many files from samba package to samba-ad-dc package.
> From now on, samba-ad-dc isn't just a meta-package, it is actually
> needed for AD-DC functionality. If you run AD-DC, please ensure
> that samba-ad-dc package is installed (it is not recommended by samba)
> Closes: #1051770
>
> at which point samba-ad-dc has become mandatory for a DC to function.
>
> See d/samba.NEWS file for the details, - it has an entry for this very
> version. A similar info will be included in trixie release notes.
>
> We'll have to live with this for one release, - I'll plan to demote
> this Recommends to Suggests after the trixie release.
I think I will remove that Recommends from Ubuntu.
The way it is now, that Recommends means that every single fresh
installation of samba (or upgrade) will get samba-ad-dc installed,
even if it's a simple standalone file server. That means winbind
running, and libnss-winbind/libpam-winbind configured in the pam stack
and /etc/nsswitch.conf.
In the case of Ubuntu, I believe we can more reasonably expect to have
samba-ad-dc installed if it's meant to be an AD/DC server, because
that's what our docs explain. In the worst case, since we have a
release upgrade tool (do-release-upgrade), we can add code to it to
manually select samba-ad-dc in release upgrades if we detect that the
current system is an AD/DC server that didn't have samba-ad-dc
installed.
More information about the Pkg-samba-maint
mailing list