I noticed that the Samba Version used in the AD DC container is pretty much outdated (4.9.18, from January 2020).
I’m observing a strange issue with RDP authentication (see other post). I’m pretty sure it is a bug in the Samba authentication - that may have long been fixed. Therefore my question: is there any way to update the Samba version inside the container?
@davidep Thank you very much for this interesting pointer. The information is pretty sad though. Don’t get me wrong, I love what you do and I’m a big fan of nethserver. But it’s hard to accept that for the central authentication and authorization service it sticks to a version for which no security updates have been applied for more than two years.
@Andy_Wismer you cannot currently put a date for when NS 8 “not stable” will be available.
I don’t know if the dev team can put the date, at least now.
Therefore, for an issue ongoing, using “soon™” and “next®” don’t seem to me a viable option for the requester, and an advisable option for an ambassador.
The intentions were to stick to 4.9.18 until the end of the world, but by time plans can change. Just start with a question, then the answer may change to “yes”.
Yes, the “Future” will be the perfect place where all issues are solved
Meanwhile ns7 is pinned to 4.9.18 and yes it is really old nowadays. As Giacomo wrote in the issue,
we will stick to Samba 4.9 as long as possible.
The only reason to upgrade Samba should be a security vulnerability which can’t be fixed in current release.
If you think some known vulnerability is important, we can try to patch 4.9 with a fix backport, or re-consider the upgrade to a supported release.
In contrast to a massive automated upgrade, we could try a manual upgrade procedure to preserve existing DC installations from incompatible changes (if any).