Update Samba inside AD DC Container

I noticed that the Samba Version used in the AD DC container is pretty much outdated (4.9.18, from January 2020).

I’m observing a strange issue with RDP authentication (see other post). I’m pretty sure it is a bug in the Samba authentication - that may have long been fixed. Therefore my question: is there any way to update the Samba version inside the container?

seems the last available version for 4.9…
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.9#Release_blocking_bugs

Exactly. 4.9 is a discontinued series since 03/2020.
Current series are >4.14

Is there a way to update inside the container? At least for a quick test if the bug has been fixed?

Hi Fabian, we already discussed this issue in the past. Please see this link

Was not that hard tell “short version, no update”, @davidep

1 Like

@davidep Thank you very much for this interesting pointer. The information is pretty sad though. Don’t get me wrong, I love what you do and I’m a big fan of nethserver. But it’s hard to accept that for the central authentication and authorization service it sticks to a version for which no security updates have been applied for more than two years.

Or do I understand Samba’s versioning wrong?
https://wiki.samba.org/index.php/Samba_Release_Planning#Discontinued_.28End_of_Life.29

Are there any plans to change this in the future?

Hi

NethServer 8 is in the works, still WIP, but will be released when ready…
That will solve the Samba issue - and several others also.

Patience, and follow the News concerning Nethserver 8…

A migration path for existing installations will be available.

:slight_smile:

My 2 cents
Andy

@Andy_Wismer you cannot currently put a date for when NS 8 “not stable” will be available.
I don’t know if the dev team can put the date, at least now.

Therefore, for an issue ongoing, using “soon™” and “next®” don’t seem to me a viable option for the requester, and an advisable option for an ambassador.

@pike

I do not see “soon” in the original question:

“Are there any plans to change this in the future?”

:slight_smile:

And the answer is “no”.
NethServer 7.9 is gonna die with that version of Samba for the AD container.

NS8 is a totally different product.

The intentions were to stick to 4.9.18 until the end of the world, but by time plans can change. Just start with a question, then the answer may change to “yes”.

Yes, the “Future” will be the perfect place where all issues are solved :grin:


Meanwhile ns7 is pinned to 4.9.18 and yes it is really old nowadays. As Giacomo wrote in the issue,

we will stick to Samba 4.9 as long as possible.
The only reason to upgrade Samba should be a security vulnerability which can’t be fixed in current release.

If you think some known vulnerability is important, we can try to patch 4.9 with a fix backport, or re-consider the upgrade to a supported release.

In contrast to a massive automated upgrade, we could try a manual upgrade procedure to preserve existing DC installations from incompatible changes (if any).

Which bug?

The issue is closed. And your words (bold my formatting) are not written into the issue.

Then. Answer still is no.

Up. Some updates here
https://community.nethserver.org/t/domain-login-error-after-windows-11-22h2-update/