This is a general documentation on how to update a Samba installation.
Note: Samba 4 is just the next release after 3.6. Samba 4 doesn't mean „Active Directory only“. You can simply update your NT4-style domain to the latest 4x version, like you had installed updates in the past.
If the type of installation (Active Directory Domain Controller, NT4-style PDC, Member Server) does not change, you can simply follow the steps below to update.
The following steps are the same, regardless if you update a Samba AD DC, Samba NT4-style PDC or Samba Member Server.
- Stop all Samba services.
- Create a working backup!
- Read all release notes of versions since the one you are updating from! They will contain imporant and useful information, like parameters that have changed.
- Install the latest version over your existing one.
- If you compile Samba from source, download the latest version from http://www.samba.org. If you use the same „configure“ options, than for your previous version, Samba will be installed over the old binaries, tries to find its databases on the same place, etc. But always check if some configure options had changed and need to be adapted!
- If you use packages, like from SerNet, check out the packagers information on how to install.
- Start Samba. You only have to start the same processes, like you did before.
- DC: samba
- NT4-style PDC: smbd, nmbd
- Member Server: smbd, nmbd (winbind, if you use it)
- Check your Samba logs for errors and problems.
- Test your new installed version.
Upgrades of early Samba 4 version on Samba Active Directory DCs
Early version of Samba 4 (Beta, RC, early 4.0.x) had some issues like e. g. incorrect SysVol and directory ACLs. In the following you'll find commands to fix these problems, after you had updated.
- Reset well known ACLs in AD (without the „--fix“, it only checks)
# samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix
- Reset wrong SysVol ACLs (if you use the option „sysvolcheck“ instead, the ACLs are only checked)
# samba-tool ntacl sysvolreset
- Fix errors in the AD database (without the „--fix“, it only checks)
# samba-tool dbcheck --cross-ncs --fix
- Required only if updating from < 4.0.4: Remove TLS .pem files, because they were exposed by insecure permissions. They are re-created with correct permissions during the next Samba startup
# rm /usr/local/samba/private/tls/*.pem