Re: [Samba] [Announce] Samba 4.8.0 Available for Download

On 3/13/2018 3:22 PM, Karolin Seeger via samba wrote:

Release Announcements

This is the first stable release of the Samba 4.8 release series.
Please read the release notes carefully before upgrading.



New GUID Index mode in sam.ldb for the AD DC

The new layout used for sam.ldb is GUID, rather than DN oriented.
This provides Samba's Active Directory Domain Controller with a faster
database, particularly at larger scale.

The underlying DB is still TDB, simply the choice of key has changed.

The new mode is not optional, so no configuration is required.  Older
Samba versions cannot read the new database (see the upgrade
note above).

KDC GPO application

Adds Group Policy support for the Samba kdc. Applies password policies
(minimum/maximum password age, minimum password length, and password
complexity) and kerberos policies (user/service ticket lifetime and
renew lifetime).

Adds the samba_gpoupdate script for applying and unapplying
policy. Can be applied automatically by setting

  'apply group policies = yes'.


    I have a few questions on the above. My upgrades since Samba 4.0 has always been in place as reference. The first change regarding 'New GUID index mode'.  Does this mean when I upgrade 1 of my current 4.7.x DC's to 4.8.0, the other remaining 4.7.x DC's will not replicate until they have been updated? I normally update one DC at a time and verify replication is still working before preceding on to the next.

The other feature 'KDC GPO application'. Will the command 'samba-tool domain passwordsettings show' display the GPO settings? I take it the account lockout duration/threshold and reset account lockout must still be set via. samba-tool? Thanks.


