Back to bug 2190417

Who When What Removed Added
Red Hat Bugzilla 2023-04-28 11:22:25 UTC Pool ID sst_idm_sssd_rhel_8
Andreas Schneider 2023-04-28 11:23:38 UTC QA Contact sssd-qe dkarpele
CC asn
Keywords Rebase, Triaged
Red Hat One Jira (issues.redhat.com) 2023-04-28 11:23:46 UTC Link ID Red Hat Issue Tracker RHELPLAN-156033
Andreas Schneider 2023-04-28 11:25:00 UTC Docs Contact mmuehlfe
Red Hat One Jira (issues.redhat.com) 2023-04-28 11:26:11 UTC Link ID Red Hat Issue Tracker SSSD-5995
Andreas Schneider 2023-04-28 11:30:18 UTC Depends On 2190419
Andreas Schneider 2023-04-28 11:36:14 UTC Depends On 2190421
Andreas Schneider 2023-04-28 11:42:42 UTC Depends On 2190425
Andreas Schneider 2023-04-28 11:43:22 UTC Depends On 2190427
Andre Boscatto 2023-05-23 11:40:00 UTC Fixed In Version samba-4.18.2-0.el8
Status NEW ASSIGNED
Assignee asn pfilipen
CC aboscatt
Andre Boscatto 2023-05-23 11:53:58 UTC Status ASSIGNED MODIFIED
errata-xmlrpc 2023-06-09 14:01:49 UTC Fixed In Version samba-4.18.2-0.el8 samba-4.18.2-1.el8
Fixed In Version samba-4.18.2-1.el8 samba-4.18.2-2.el8
Status MODIFIED ON_QA
Denis Karpelevich 2023-06-15 08:35:03 UTC Fixed In Version samba-4.18.2-2.el8 samba-4.18.3-0.el8
Status ON_QA VERIFIED
Marc Muehlfeld 2023-08-02 08:15:27 UTC Fixed In Version samba-4.18.3-0.el8 samba-4.18.4-0.el8
Doc Text .`samba` rebased to version 4.18.4

The `samba` packages have been upgraded to upstream version 4.18.4, which provides bug fixes and enhancements over the previous version. The most notable changes:

* Security improvements in previous releases impacted the performance of the Server Message Block (SMB) server for high metadata workloads. This update improves the performance in this scenario.

* The new `wbinfo --change-secret-at=<domain_controller>` command enforces the change of the trust account password on the specified domain controller.

* By default, Samba stores access control lists (ACLs) in the `security.NTACL` extended attribute of files. You can now customize the attribute name with the `acl_xattr:<security_acl_name>` setting in the `/etc/samba/smb.conf` file. Note that a custom extended attribute name is not a protected location as `security.NTACL`. Consequently, users with local access to the server can be able to modify the custom attribute's content and compromise the ACL.

Note that the server message block version 1 (SMB1) protocol has been deprecated since Samba 4.11 and will be removed in a future release.

Back up the database files before starting Samba. When the `smbd`, `nmbd`, or `winbind` services start, Samba automatically updates its `tdb` database files. Red Hat does not support downgrading `tdb` database files.

After updating Samba, use the `testparm` utility to verify the `/etc/samba/smb.conf` file.
Doc Type If docs needed, set a value Enhancement

Back to bug 2190417