Migrating S4 DC

Andrew Bartlett abartlet at samba.org
Fri Dec 30 01:34:41 MST 2011

On Thu, 2011-12-29 at 20:34 -0800, Matthieu Patou wrote:
> On 28/12/2011 20:41, titantoppler at gmail.com wrote:
> > Hi list,
> >
> > Have been running S4 (alpha 14, if memory serves) since last Aug 2010.
> > Everything has been good so far, but I've been looking at virtualizing the
> > set up for portability's sake. This is especially so because all my eggs
> > are in one basket - this particular machine is running as a file server, a
> > domain controller, a DNS server and a VPN server. I want to separate their
> > roles into different virtual machines.
> >
> > So what I want to do is to re-install S4 on my DC, after first putting
> > XenServer on it.
> >
> > Problems:
> > 1) It's the only DC right now, so I need to set up another DC before I can
> > safely bring the existing S4 installation down. How good/reliable is the
> > replication feature in S4?
> Quite good, I mean a couple of production sites use a multi DC setup 
> without too much bad news.
> > 2) My users are using roaming profiles, stored on the DC. Will this be
> > replicated, or do I have to manually do it?
> Not replicated you have to do it on you own, pay attention to the fact 
> that the UID/GID of the users are not necessarily the same across all 
> the DC as S4 for the moment allocate UID when needed.
> > 3) My users have mapped drives that they use to access their files from;
> > these are also put on the S4 DC. Is there any way that I can transparently
> > shift it over to another server?
> Not in Samba 4 for the moment, one way to do it is to use DFS with 
> domain DFS (ie \\my.domain.tld\users_home) but for the moment samba 4 
> only support DFS referral for sysvol and netlogon shares.
> > 4) Extra difficulty - due to a design decision early on, I used ReiserFS,
> > which did not support extended attributes properly. I ended up having to
> > use the "posix:eadb" option in my smb.conf to store the permissions.
> > Assuming I now have an ext4 data partition, how can I "restore" the
> > permissions?
> It's not a definite guide, the way I would search is to to use 
> samba-tool ntacl get <file> --as-sddl on all your files/dirs shared by 
> the current DC, then change your smb.conf to remove the posix:eadb 
> option and use samba-tool ntacl set sddl_of_the_file <file>
> > 5) After splitting the roles, does the file server VM need to run S4, or
> > will S3 do? How should I go about the configuration (esp. the permissions
> > portion)?
> Well depending your needs you might want to keep the fileserver stuff in 
> the S4 DC, if not then S3 will work as a domain member for the UID/GID 
> you'll have to handle it manually.

For all of these tasks, it may work best to use a windows file copy tool
preserving permissions to move the files.  That way, moving s4 -> s3, or
s4 -> s4 will keep permissions, ownerships etc correct without major

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list