Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
Beide Seiten, vorherige Überarbeitung Vorherige Überarbeitung Nächste Überarbeitung | Vorherige Überarbeitung Nächste Überarbeitung Beide Seiten, nächste Überarbeitung | ||
lpi2:samba-ad [2022/05/19 10:27] 127.0.0.1 Externe Bearbeitung |
lpi2:samba-ad [2023/07/20 11:44] ingo_wichmann [Pakete] |
||
---|---|---|---|
Zeile 52: | Zeile 52: | ||
apt install samba winbind | apt install samba winbind | ||
- | (( | + | ++++ Vorsicht mit Samba-Paketen vor Debian 12 (bookworm) | |
- | Alternativ: Pakete von sernet | + | |
+ | Michael Tokarev <mjt@tls.msk.ru> schrieb am 20.7.2023 auf der Debian LTS Mailingliste: | ||
+ | |||
+ | //"It come to my attention that a discussion is happening about samba | ||
+ | and LTS (and the same applies to oldstable too). | ||
+ | |||
+ | The thing is: samba packages in bullseye and before, in my opinion, | ||
+ | are hopeless. I know it because I know the state of debian packaging | ||
+ | it was. For years (for a few debian releases), samba maintenance was | ||
+ | more on auto-pilot. Most changes were made by applying a minimal change, | ||
+ | not the right change. The result was.. horrible. | ||
+ | |||
+ | Now, the Samba team basically re-designed whole VFS layer in 4.16, to | ||
+ | fix a few serious issues with symlinks. This is not backportable to | ||
+ | anything, and it changes quite big portion of the codebase, so subsequent | ||
+ | fixes even in seemingly unrelated areas don't apply anymore (not all | ||
+ | of them ofc). | ||
+ | |||
+ | Upstream stopped supporting 4.13 (bullseye) version of samba even before | ||
+ | bullseye release iirc. There were numerous alternative samba repositories | ||
+ | all around the world to plug the gap between debian-provided samba and | ||
+ | actual samba. | ||
+ | |||
+ | There are numerous other security issues, compatibility issues with | ||
+ | previous windows releases, and other stuff which basically makes samba | ||
+ | in bullseye (already, not to mention buster!) basically unusable. | ||
+ | |||
+ | Trying to fix an issue or two there will work. This particular issue | ||
+ | with Jul-23 windows10/11 update is trivial to fix, the same change | ||
+ | applies (with minimal context fix) to 4.7 version of samba too. | ||
+ | |||
+ | But I urge not doing this. This will bring false sense of security. | ||
+ | People will think samba in buster or bullseye is worth to keep since | ||
+ | it is being "supported", - it is not due to other numerous issues. | ||
+ | |||
+ | It is like with old crypto, - you fix a buffer overflow in some DES | ||
+ | implementation, but it does not mean DES can be used in 2023. | ||
+ | |||
+ | If there's a need for samba in buster, it can be fixed. See for | ||
+ | example my repository at http://www.corpit.ru/mjt/packages/samba/ - | ||
+ | it provides amd64 binaries of all current samba packages on actual | ||
+ | Debian and Ubuntu releases, - I spent quite some time to ensure it | ||
+ | all works fine on different environments and the original debian | ||
+ | packages can be built on older debian releases and on various | ||
+ | ubuntu releases. This currently does not include buster, but it | ||
+ | is kinda trivial to fix. My repository happens to become quite | ||
+ | popular (by the amount of downloads, amount of screaming once I | ||
+ | turned it off for 5 minutes for a reboot, and amount of questions | ||
+ | I received after the Jul-23 windows update), - so something like | ||
+ | this is needed (or was, anyway, for older releases). | ||
+ | |||
+ | Buster and bullseye versions of samba are not supported. Please | ||
+ | don't use band-aid on a dead horse."// | ||
+ | ++++ | ||
+ | |||
+ | ++++ Alternativ: Pakete von sernet | | ||
wget https://download.sernet.de/pub/sernet-samba-keyring_1.4_all.deb | wget https://download.sernet.de/pub/sernet-samba-keyring_1.4_all.deb | ||
dpkg -i sernet-samba-keyring_1.4_all.deb | dpkg -i sernet-samba-keyring_1.4_all.deb | ||
Zeile 70: | Zeile 125: | ||
aptitude search sernet | aptitude search sernet | ||
apt-get install sernet-samba-ad | apt-get install sernet-samba-ad | ||
- | )) | + | ++++ |
===== Dienste stoppen ===== | ===== Dienste stoppen ===== | ||