On Sat, 2013-02-16 at 12:55 +1100, Andrew Bartlett wrote: > On Fri, 2013-02-15 at 12:52 +1100, Andrew Bartlett wrote: > > On Thu, 2013-02-14 at 20:50 -0500, Thomas Simmons wrote: > > > Thank you, Andrew. Just to be clear, you're saying I can upgrade to 4.0.3 > > > (but do nothing after make install)? If it will make things worse in any > > > way, I can stay at 4.0.0. Thanks, Thomas. > > > > It's fine to upgrade. That protects you against the security issue we > > fixed in 4.0.1, and makes a significant number of other fixes. > > My current testing shows that: > > samba_upgradeprovision --full > dbcheck --cross-ncs [--fix [--yes]] > > Will break some ACLs on DNS, and not fix one of the ACLs on the DC's own > LDAP object. The --full is important, without that the result is > actually worse (as far as I can tell). > > I would like to make some progress on this before I recommend it as the > final solution. > > It is however pretty close, and better than what is in the database > right now.
I retract any advise to run this tool. I hope to have patches soon, but for the moment it treats any beta or release version as being *before* alpha9. Essentially we have been caught out by a regex that never expected Samba to move beyond endless alphas :-) Please do not run samba_upgradeprovision under any circumstances, until I have tested patches to fix this. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
