Your message dated Mon, 9 Oct 2006 15:34:23 +0200
with message-id <[EMAIL PROTECTED]>
and subject line fixed in etch/unstable
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: samba
Version: 3.0.14a-3
Severity: grave
Justification: causes non-serious data loss

When upgrading from Debian Woody (with Samba 2.x) to Debian Sarge (with
Samba 3.x), /var/lib/dpkg/info/samba.postinst attempts to convert the
smbpasswd database to the new TDB format, with the following commands:

        umask 066
        pdbedit -i smbpasswd -e tdbsam
        rm /etc/samba/smbpasswd
        umask 022

Unfortunately if the user accounts are provided by, eg, LDAP (or NIS, or
some other external password database), and that password database is
down (due, eg, to being in the process of upgrading from Debian Woody
to Debian Sarge...) then there will be a large number of errors reported
of the form:

build_sam_account: smbpasswd database is corrupt!  username ewen with
uid 1024 is not in unix passwd database!

and the resulting TDB password database will contain few, if any, of
the original users because these are omitted since they're "missing"
(temporarily due to, eg, slapd being down).

samba.postinst then removes the original /etc/samba/smbpasswd file with
out making any backup copy or asking the user for permission to do so.
This prevents the administrator from rerunning the migration once the 
LDAP/NIS/etc database has been restarted during the upgrade.  

IMHO it is inexcusible to deliberately destroy the old version of the
password database simply on the assumption that the conversion command
"must" have worked.  The old password database should be renamed to
something which makes it obvious that it is not used any longer (eg,
/etc/samba/smbpasswd.pre-migration-to-tdb), but left in place to allow
the administrator to recover from any issues that might occur.

It would also be an extrememly good idea to delay running the smbpasswd
conversion script until the end of the sequence of upgrades so that
there is the most chance that LDAP/NIS/etc will be functional again.

FWIW, the sole reason that I didn't mark this a critical bug was that,
fortunately, smbpasswd is backed up daily into /var/backups.  So I
don't have to resort to last nights tape backup to recover from this
destructive postinst script.

Ewen


-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.26-wavelength-amd-via
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages samba depends on:
ii  debconf [debconf-2.0]      1.4.30.13     Debian configuration management sy
ii  libacl1                    2.2.23-1      Access control list shared library
ii  libattr1                   2.4.16-1      Extended attribute shared library
ii  libc6                      2.3.2.ds1-22  GNU C Library: Shared libraries an
ii  libcomerr2                 1.37-2sarge1  common error description library
ii  libcupsys2-gnutls10        1.1.23-10     Common UNIX Printing System(tm) - 
ii  libkrb53                   1.3.6-2sarge2 MIT Kerberos runtime libraries
ii  libldap2                   2.1.30-8      OpenLDAP libraries
ii  libpam-modules             0.76-22       Pluggable Authentication Modules f
ii  libpam-runtime             0.76-22       Runtime support for the PAM librar
ii  libpam0g                   0.76-22       Pluggable Authentication Modules l
ii  libpopt0                   1.7-5         lib for parsing cmdline parameters
ii  logrotate                  3.7-5         Log rotation utility
ii  netbase                    4.21          Basic TCP/IP networking system
ii  samba-common               3.0.14a-3     Samba common files used by both th

-- debconf information:
  samba/nmbd_from_inetd:
* samba/run_mode: daemons
* samba/log_files_moved:
* samba/tdbsam: true
* samba/generate_smbpasswd: false


--- End Message ---
--- Begin Message ---
Version: 3.0.23c-1

Hi,

as discussed in the bug report, this is fixed post-sarge and thus
closing the bug report.

Cheers,
Andi
-- 
  http://home.arcor.de/andreas-barth/

--- End Message ---

Reply via email to