AW: [Samba] Upgrade to Alfa13

Matthieu Patou mat at
Wed Sep 29 14:28:41 MDT 2010

  On 29/09/2010 21:11, Andrew Bartlett wrote:
> On Wed, 2010-09-29 at 11:59 +0200, Michael Wood wrote:
>> On 29 September 2010 08:48, Matthieu Patou<mat at>  wrote:
>>>   On 29/09/2010 10:44, Daniel Müller wrote:
>>>> Hi to all,
>>>> ist a little bit confusing for me. How are the steps I must do to update a
>>>> working samba 12 ads with repl. partner (samba 4 12) to samba 13 alpha?
>>> Hey I'm a bit confused by your question ;-) !
>>> Do you mean how do we do the update from alpha12.git something to alpha13
>>> when you have more than 1 DC ?
>> I believe that is what he is asking, yes.  I have also wondered the
>> same thing, but have not needed to do that yet.
>> i.e. can you just do an upgradeprovision on one machine?  Will it
>> automatically replicate the changes to the other one(s)?  Or will you
>> have to run upgradeprovision on them too?  Do you have to take them
>> all down at the same time to run upgradeprovision on them?  Does any
>> of the above change if one of the machines is running Windows?
> For safety, upgradeprovision will refuse to run if it thinks there is
> more than one DC in the domain.
Exactly we have a test for it. But back at the beginning of the year I 
started to implement drs-meta driven version (already in the master tree).
When in this mode upgradeprovision will only update stuff that have been 
created/modified during a provision or an upgradeprovision and only if 
it's on the same server where the object has been created. So basically 
we should be able to uprgadeprovision safely on a multi dc setup (that 
was the goal of this add-on).

That said : I didn't test it in real multi-dc situation, so do NOT try 
it unless you are ready to debug it and have your provision crunched, I 
repeat this might be safe, if you try then come back here shouting.

I might most probably add a force-multiple-dc flag to bypass the check 1 
DC test soon once I would have done the reasonable amount of tests.

Nevertheless this would apply to users who have provisionned for the 
first time less than 6 months ago because before we didn't track which 
usn where modified by (upgrade)provision. For others I have a test 
script that is trying to make some educated guess and propose to 
populate this information but it won't be always accurate.

The idea would be then to run upgradeprovision on the master DC (the one 
where you first provisionned), after I will eventually relax a bit the 
rule of the same server if the object is related to a role (ie. a class 
or attribute for the schema master) and the upgraded server has this role.

> Currently, this requires that you remove any other DC from the domain
> (and their entries in the sam - the NTDS Settings, object in
> particular).  This is to ensure that we don't cause inconsistancies in
> the replicated domain.
Yeah for the moment a dcunpromo is needed ...
> As to what to do if there were windows DCs in the domain, it matters
> here if we were added first, or second.  If Windows started the domain,
> is is unlikely that an upgrade is required, but if an older Samba
> version started the domain, then an upgrade may be required.
Well even on a windows originated domain you might want to run 
upgradeprovision, if you vampired a w2k3 domain and you want to be a 
full w2k8. For this we will end doing it mostly the windows way I guess 
but still it will be needed to be done.

Matthieu Patou
Samba Team

More information about the samba-technical mailing list