upgrading "old" samba to new schema

Matthieu Patou mat+Informatique.Samba at matws.net
Tue Jun 16 15:51:09 GMT 2009 

Hello andrew,

I spent some time today to manually upgrade my test env to the new 
schema and I succeeded.
I've done almost like provisionning a new domain and  copying new 
schema.ldb and configuration.ldb to my current installation.
My current installation was provisionned in december 2008 or something 
like this (but after that extend dn have been committed).

Well of course all the subtitlity is in the almost.
Because the couple user.ldb/configuration.ldb and user.ldb/schema.ldb 
where not coherent in terms of SID and GUID (I guess I could managed to 
have coherence on SID if I forced the new provision to use the same SID 
as the current one ...).
So I've been exporting to plain text the content of the new 
configuration.ldb and schema.ldb and the current content of user.ldb as 
well.
In the plain files I've been looking for GUID= and SID= strings that 
were related to cross objects (from one partition to another one, ie. 
CN=TEST,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=sm
  b4,DC=tst in user.ldb text file), I've replaced the GUID and SID in 
those strings and also the parentGUID of CN=Configuration,DC=smb4,DC=tst 
so that that three ldb are in sync.
I also looked at the biggest usn in the current.ldb and modified all the 
usn of schema.ldb and configuration.ldb in order to had to uSN* my 
biggest usn +1. My idea here is to avoid to have two identical usn in 
user.ldb and in configuration.ldb (or schema.ldb), I am not sure that 
this is mandatory but in case of doubt ...
The final step is to modify secrets.ldb to add entries that were missing 
(I guess this step is more related to continuous improvement of samba 
rather than just to the schema upgrade) and not forgetting to change the 
SID/GUID so that they are in sync with my current installation.

I discovered that editing secrets.ldb regenerate the keytabs if values 
are modified and that these keytab contains news values that broke 
machine account, fortunatly restoring the saved keytab solve 
automatically the thing.



All of this have been **very** interesting in order to have a better 
view of what an upgrade script should do and where pitfalls of the 
process. If you have any comments.

Matthieu.

More information about the samba-technical mailing list