Thank you, Andrew. Just to be clear, you're saying I can upgrade to 4.0.3 (but do nothing after make install)? If it will make things worse in any way, I can stay at 4.0.0. Thanks, Thomas.
On Thu, Feb 14, 2013 at 8:43 PM, Andrew Bartlett <[email protected]> wrote: > On Thu, 2013-02-14 at 18:51 -0500, Thomas Simmons wrote: > > Hello, > > > > Is it necessary or recommended to run 'samba-tool dbcheck --cross-ncs > > --fix' and 'samba-tool ntacl sysvolreset' when upgrading from 4.0.0 to > > 4.0.3? > > We are still trying to work out the safest upgrade path. In the short > term, you don't need to do either, but to get the ACLs fixed, then > eventually a dbcheck run will be required. > > We have hesitated to recommend this, as it may make it a little harder > for us to have our 'samba_upgradeprovision' tool automatically correct > some of the nTSecurityDescriptor values. (We had the wrong values in > the provision template). > > The issue is that, frankly, the samba_upgradeprovision tool is an > incredibly big hammer, is internally complex and finally it isn't > working correctly in my tests. When run in --full mode, it does some > complex manipulations to tell the difference between what a new > provision would do, and what you have in the old one, and merge the > difference. This is particularly hard to do for security descriptors. > > The alternative I'm leaning to is the simpler approach of a reset tool, > that will reset some key security descriptors, and require the > administrator to reinstate any specific changes they actually want. > > In summary, I don't have a recommended technique yet, but we hope to get > one soon. > > Andrew Bartlett > > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
