[Samba] DM 3.6.25 -> 4.x

Rowland Penny rpenny at samba.org
Wed May 30 08:08:49 UTC 2018 

On Wed, 30 May 2018 09:48:04 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 2018-05-30 um 09:21 schrieb L.P.H. van Belle:
> > Hai Stefan, 
> > 
> > Yes, its always better to ask the list, that way everybody can
> > learn from it. ;-) 
> > 
> >> Do you think I will have to rejoin it to the domain?
> > No i dont think so. 
> 
> Good, I don't have the ADS-Admin-password (yet) ;-)
> I could ask them but for now it's better to not have to.
> 
> > Please note, o dont know anything about gentoo except that they
> > have a good wiki/info pages. If this was debian, then in this case,
> > what i would extra do here, run : samba -b and backup all folders
> > of samba and any thing samba related. Export the installed packages
> > list. 
> > 
> > Now if you install a new gentoo, import the packages list, and you
> > need the same hostname and ip and the samba backup. The files :
> > hosts resolv.conf nsswitch.conf, this is also a bit depending on
> > the use and setup, but review these. 
> > 
> > ! Install a the new server, and only pull the packages from the
> > server dont install yet. ! On debian thats apt-get install packages
> > -d ( download only ) 
> > 
> > Place the backups on this server and now pull the network
> > connection. Install all needed packages, stop samba, put the backup
> > back, start samba.
> > 
> > Reboot the server, "still network detached", review logs and clean
> > up logs, powerdown. Power off the old server, so nothing is changed
> > there, change the network cable to the new server, and power up new
> > server. If the old server is only used for and with samba, above
> > setups will give a clean installed server with an old samba
> > upgraded. 
> > 
> > If moveing to a new isnt an option the make sure you do make a full
> > system backup. Clone the harddisk to an other hdd, fasted with
> > minimal chance on error when you restore. And this is an fast way
> > to backup, i just attach a bit sata disk and clone the disk. 
> 
> This will happen in place, no new hardware.
> We have backups on tapes everyday, that is part of my job as well.

Make sure the backups contain everything but the OS, from my
experience, tape backups only contain some of the data. Whilst we are
talking about tape backups, hasn't anybody realised that tape backups
are so last century and from my experience very unreliable.

> 
> 
> > The config below is really outdated yes. This is what i would start
> > with. 
> > 
> >  [global]
> >  	netbios name = U1SECRETCUSTOMER
> > 	netbios aliases = samba
> > 	server string = U1SECRETCUSTOMER
> >     
> > 	security = ads
> > 	workgroup = SECRETCUSTOMER
> > 	realm = SECRETCUSTOMER.INTRA
> > 
> > 	domain master = no
> > 	local master = no
> > 	preferred master = no
> >  
> > 	interfaces = 192.168.100.4/24
> > 	bind interfaces only = Yes
> >     	
> > 	idmap config * : backend = tdb
> > 	idmap config * : range = 2000-9999
> > 	idmap config SECRETCUSTOMER : backend = rid
> > 	idmap config SECRETCUSTOMER : range = 10000-20000
> > 	
> > 	# depending on the samba version. You might need these.

You missed a line Louis ;-)

        # but only if you use the 'ad' backend
 
> > 	#idmap config SECRETCUSTOMER : unix_nss_info = yes
> > 	#idmap config SECRETCUSTOMER : unix_primary_group = yes
> > 
> > 	winbind use default domain = yes
> > 	
> > 	winbind nss info = template
> > 	template homedir = /mnt/MSA2040/smb/Homes/%D/%U
> > 	template shell = /bin/false

Two out of the three lines above are defaults

> > 
> > 	vfs objects = acl_xattr
> > 	map acl inherit = Yes
> > 	store dos attributes = Yes
> > 
> > 	unix extensions = no
> > 	follow symlinks= yes
> > 	wide links= yes
> > 	unix charset = iso8859-15
> > 	force unknown acl user = Yes
> > 
> > 	load printers = no
> > 	printcap name = /dev/null
> > 	disable spoolss = yes
> > 
> >  # Audit settings
> >      vfs objects = full_audit
> >      full_audit:prefix = %u|%I|%S
> >      full_audit:failure = connect
> >      full_audit:success = mkdir rmdir write pwrite rename unlink
> > chmod fchmod chown fchown ftruncate full_audit:facility = local5
> >      full_audit:priority = notice
> 
> Yes, thanks.
> The idmap stuff scares me the most ;-)

Why ? Once you get your head around it, you will probably wonder why
yourself ;-)

> 
> I will see when to start that, I have to keep the downtime at minimum
> etc
> 
> Would it make sense to do some intermediate step to a lower 4.x
> version or go straight from 3.6.25 to 4.8.2 ?

On a Unix domain member it won't make any difference, just go direct to
4.8.2

Rowland

More information about the samba mailing list