Migrating S4 DC

Matthieu Patou mat at samba.org
Thu Dec 29 21:34:52 MST 2011

On 28/12/2011 20:41, titantoppler at gmail.com wrote:
> Hi list,
> Have been running S4 (alpha 14, if memory serves) since last Aug 2010.
> Everything has been good so far, but I've been looking at virtualizing the
> set up for portability's sake. This is especially so because all my eggs
> are in one basket - this particular machine is running as a file server, a
> domain controller, a DNS server and a VPN server. I want to separate their
> roles into different virtual machines.
> So what I want to do is to re-install S4 on my DC, after first putting
> XenServer on it.
> Problems:
> 1) It's the only DC right now, so I need to set up another DC before I can
> safely bring the existing S4 installation down. How good/reliable is the
> replication feature in S4?
Quite good, I mean a couple of production sites use a multi DC setup 
without too much bad news.
> 2) My users are using roaming profiles, stored on the DC. Will this be
> replicated, or do I have to manually do it?
Not replicated you have to do it on you own, pay attention to the fact 
that the UID/GID of the users are not necessarily the same across all 
the DC as S4 for the moment allocate UID when needed.
> 3) My users have mapped drives that they use to access their files from;
> these are also put on the S4 DC. Is there any way that I can transparently
> shift it over to another server?
Not in Samba 4 for the moment, one way to do it is to use DFS with 
domain DFS (ie \\my.domain.tld\users_home) but for the moment samba 4 
only support DFS referral for sysvol and netlogon shares.
> 4) Extra difficulty - due to a design decision early on, I used ReiserFS,
> which did not support extended attributes properly. I ended up having to
> use the "posix:eadb" option in my smb.conf to store the permissions.
> Assuming I now have an ext4 data partition, how can I "restore" the
> permissions?
It's not a definite guide, the way I would search is to to use 
samba-tool ntacl get <file> --as-sddl on all your files/dirs shared by 
the current DC, then change your smb.conf to remove the posix:eadb 
option and use samba-tool ntacl set sddl_of_the_file <file>
> 5) After splitting the roles, does the file server VM need to run S4, or
> will S3 do? How should I go about the configuration (esp. the permissions
> portion)?
Well depending your needs you might want to keep the fileserver stuff in 
the S4 DC, if not then S3 will work as a domain member for the UID/GID 
you'll have to handle it manually.
> Cheers!


Matthieu Patou
Samba Team

More information about the samba-technical mailing list