Hi, On Sun, Mar 9, 2025 at 4:36 AM Michael Tokarev <[email protected]> wrote: > > 08.03.2025 20:15, Andreas Hasenack wrote: > > What's the scenario where an AD DC server will not have the > > samba-ad-dc package installed? That package exists since stable. > > No. In stable, samba-ad-dc was completely optional, - it was just > a meta-package depending on all components which are essential for > an AD-DC to function (incl. samba-dsdb-modules, winbind, ...). It > was a preparation for the actual split which I didn't want to do > that late in the release process (bookworm freeze). It was entirely > okay to have the same components installed manually without > installing samba-ad-dc, and have a working DC, the way it has always > been before.
Ok, the Ubuntu documentation always stated to install samba-ad-dc. > > Actual move happened in 4.20.1+dfsg-2: > > samba (2:4.20.1+dfsg-2) unstable; urgency=medium > > * move many files from samba package to samba-ad-dc package. > From now on, samba-ad-dc isn't just a meta-package, it is actually > needed for AD-DC functionality. If you run AD-DC, please ensure > that samba-ad-dc package is installed (it is not recommended by samba) > Closes: #1051770 > > at which point samba-ad-dc has become mandatory for a DC to function. > > See d/samba.NEWS file for the details, - it has an entry for this very > version. A similar info will be included in trixie release notes. > > We'll have to live with this for one release, - I'll plan to demote > this Recommends to Suggests after the trixie release. I think I will remove that Recommends from Ubuntu. The way it is now, that Recommends means that every single fresh installation of samba (or upgrade) will get samba-ad-dc installed, even if it's a simple standalone file server. That means winbind running, and libnss-winbind/libpam-winbind configured in the pam stack and /etc/nsswitch.conf. In the case of Ubuntu, I believe we can more reasonably expect to have samba-ad-dc installed if it's meant to be an AD/DC server, because that's what our docs explain. In the worst case, since we have a release upgrade tool (do-release-upgrade), we can add code to it to manually select samba-ad-dc in release upgrades if we detect that the current system is an AD/DC server that didn't have samba-ad-dc installed.
