Recently we switched the passdb backend to tdbsam as default.
This might cause trouble for users using older operating systems as soon as the vendor provides recent binaries.
This is only the case as long as the fictional user hasn't set an explicit passdb backend in the smb.conf.
Therefore I suggest to make the default passdb backend a configure option at compile time.
Created attachment 4286 [details]
Add --with-default-passdb-backend configure option
This patch adds the suggested global 'passdb backend' option.
It defaults to tdbsam and accepts only smbpasswd the second alternative.
Please don't do this. If you need a different default for SLES, please do that with a patch in your RPMs. If you have concerns with the new default, please bring up this discussion on samba-technical again.
This is not a concern about the new default.
This is about customers using Samba on older products in general. This isn't an issue to one vendor only.
This is a very generic issue to anyone using and deploying Samba.
As soon as no 'passdb backend' is set in the old smb.conf file the users gets without intention the new default.
The new --with-default-passdb-backend configure option - which defaults to tdbsam! - allows vendors to ship updates for older products using the same default 'passdb backend' as shipped with the initial product.
Bring this up on samba-technical again.
to sumarize what I said in a chat: I have objections to such a variable default
setting. When people send in the smb.conf on samba ML or bugzilla or any other
support case it will no longer suffice to see the smb.conf. An output of
testparm would be required (which again does not show parametrized options).
A major version update should not be made unattended. A major version update
always requires a good config review and a close look at the Changelog. If some
verndors decide to do unattended major version updates, then we should not mess
up in upstream because of that and make config files more worthless for support
cases. When a vendor decides for whatever reason to make unattended major
version updates (the usefullmess shouldn't be discussed here), they can modify
the config and add something like "passdb backend = smbpasswd" via post/pre
install scripts or patch their package to use a different default if they
really think this is the right thing to do. For upstream I don't think we
should allow to make cusomizable default settings.
What I'm missing here is a follow-up of the thread that lead to the changed default. Lars has the requirement that we never ever change any default in the smb.conf file, so that we don't break any upgrade.
We should really not discuss this here, it is a valid concern that a broader audience must discuss.