diff --git a/tasks/install.yml b/tasks/install.yml
index 5ae8063..2b3a3d1 100644
--- a/tasks/install.yml
+++ b/tasks/install.yml
@@ -20,6 +20,61 @@
 #     enabled: no
 #   ignore_errors: true
 
+# known regression in certain Samba 4.22.x builds
+
+- name: Check installed Samba version
+  ansible.builtin.command: samba --version
+  register: samba_version
+  changed_when: false
+  failed_when: false
+
+- name: Show installed Samba version
+  ansible.builtin.debug:
+    msg: "Samba version: {{ samba_version.stdout }}"
+
+- name: Warn if Samba version is 4.22.4
+  ansible.builtin.debug:
+    msg: "⚠️ Detected buggy Samba version 4.22.4 — upgrade recommended!"
+  when: "'4.22.4' in samba_version.stdout"
+
+- name: Add Samba Team Debian GPG key (only if upgrade is needed)
+  ansible.builtin.apt_key:
+    url: https://pkg.samba.org/keys/samba-pubkey.asc
+    state: present
+  when: "'4.22.4' in samba_version.stdout"
+
+- name: Add Samba Team Debian repository (only if upgrade is needed)
+  ansible.builtin.apt_repository:
+    repo: "deb http://pkg.samba.org/packages/debian $(lsb_release -cs) samba-422"
+    state: present
+    filename: samba-team
+  when: "'4.22.4' in samba_version.stdout"
+
+- name: Update APT cache (only if upgrade is needed)
+  ansible.builtin.apt:
+    update_cache: yes
+  when: "'4.22.4' in samba_version.stdout"
+
+- name: Upgrade Samba packages if version is 4.22.4
+  ansible.builtin.apt:
+    name:
+      - samba
+      - samba-dsdb-modules
+      - samba-common-bin
+      - python3-samba
+    state: latest
+  when: "'4.22.4' in samba_version.stdout"
+
+- name: Verify installed Samba version
+  ansible.builtin.command: samba --version
+  register: samba_version
+  changed_when: false
+
+- name: Display upgraded Samba version
+  ansible.builtin.debug:
+    msg: "✅ Samba version after upgrade: {{ samba_new_version.stdout }}"
+
+
 - name: Stop Samba services before provisioning
   ansible.builtin.service:
     name: '{{ item }}'