Hide Forgot
Description of problem: The "--updateall" parameter of authconfig doesn't update /etc/samba/smb.conf file but "--update" *does* update smb.conf. Version-Release number of selected component (if applicable): Name : authconfig Relocations: (not relocatable) Version : 6.1.12 Vendor: Red Hat, Inc. Release : 23.el6 Build Date: Wed 25 Feb 2015 04:35:09 AM EST How reproducible: Check the value of "security = " in /etc/samba/smb.conf: [root@example bschonec]# grep security /etc/samba/smb.conf | egrep -v '^;|^#' security = user [root@example bschonec]# # The current value is "user" (value doesn't matter in this context, we just need to note the value). # Change the value: [root@example bschonec]# authconfig --smbsecurity=ads --update Starting nslcd: [ OK ] [root@example bschonec]# grep security /etc/samba/smb.conf | egrep -v '^;|^#' security = ads # You can see that security has been updated to 'ads'. # Now set it back to 'user' just to show that '--update' is working. [root@example bschonec]# authconfig --smbsecurity=user --update Starting nslcd: [ OK ] [root@example bschonec]# grep security /etc/samba/smb.conf | egrep -v '^;|^#' security = user # You can see that security as been updated to 'user'. # Now use the '--updateall' [root@example bschonec]# authconfig --smbsecurity=ads --updateall Starting oddjobd: [ OK ] ^[[AStarting nslcd: [ OK ] [root@example bschonec]# grep security /etc/samba/smb.conf | egrep -v '^;|^#' security = user # You can see that security was NOT updated with the '--updateall'. # Authconfig didn't change smb.conf at all. Actual results: security = <value> not updated. smb.conf file not modified with '--updateall' option. Expected results: security = <value> should be updated in smb.conf when envoking '--updateall' parameter of authconfig. Additional info: It makes sense to me that you SHOULD be able to change the values of the parameters even if you don't intend to use those parameters. Case in point: I use Puppet to manage the authconfig settings on my servers. I don't use SMB or SSSD but I do need to set them to a known value so that my servers pass audits (PCI, HIPAA, etc.). It would make sense that you can't/shouldn't change values if you don't intend to use SSSD/Winbind but enabling something (in my case, something that will break authorization completely) and then disabling it right away just to set the values seems counterintuitive -- especially since --update works and --updateall doesn't. Yes, I could use '--update' in my puppet module but that would break backwards compatibility for everyone in the Puppet community that uses the modules (https://github.com/bschonec/puppet-authconfig.git).
Edit: It would make sense that you CAN/SHOULD be able to change values....
Can you please report the issue via the regular support channels so it can be prioritized properly? http://www.redhat.com/support
Red Hat Enterprise Linux version 6 is entering the Production 2 phase of its lifetime and this bug doesn't meet the criteria for it, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information.