[Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC

[Craig White]

On Fri, 2005-11-25 at 10:55 -0500, Kevin wrote:
> Hi Folks-
> 
> I'll start by saying thanks to all the people who have made samba and
> shared it as open source software.  Samba is truly an amazing suite of
> software.
> 
> I have a small domain of less than 10 clients which is currently being
> controlled with a Samba 2.2.5 PDC running on a Compaq x86 server with a
> very old Suse Linux 8.1 OS.
> 
> Since setting up this Compaq server, my preferred distribution has
> changed from Suse to Gentoo and my ultimate goal is to upgrade the OS on
> the Compaq server to Gentoo.  Perhaps the biggest reason for the change
> in preference is the difficulty I've found in upgrading any rpm-based
> distribution.  Because I've tried it so many times and lost days or
> weeks of time in the process, I don't think I even want to try a direct
> upgrade of the samba-2.2.5-80 rpm on this Suse 8.1 OS, but I thought
> that I would instead, install a new server on the network with the
> Gentoo distribution and all of the latest software in Gentoo portage.
> With that in place, I figured I would slowly migrate the services
> currently being provided by the Compaq server to the new server.  Since
> the PDC and other samba services are the most mission-critical
> components of the network, the biggest step in the process seems like it
> will be getting the new server set up to do all of the PDC and other
> functions of the old Compaq server.  One important aspect of the
> migration is that I'd ultimately like to end up using ldap as the
> backend database.
> 
> It seems to me that there are at least two ways to go about performing
> this migration step:
> 
> 1) make the new server a PDC with the ldap backend; once running, and
> all other services are unloaded onto the new server, take the Compaq
> server offline and upgrade it to Gentoo, maybe making it a BDC (or not
> using a BDC at all).
> 
> 2) make the new server a BDC (not sure if I would have a choice in the
> backend here) to the old PDC, then upgrade the old Compaq server from
> Suse 8.1 to Gentoo, and restore it as the PDC for the domain after
> upgrading the whole OS and samba to the latest release
> 
> My first question for the list is: which one of these methods is likely
> to be least problematic and least time-consuming?
----
least problematic and least time consuming would probably involve making
sure that all of the user profiles are set to local, setting up new
samba 3/ldap and re-joining the computers to the new domain and then
migrating the user profiles back to roaming on the new domain if
desired.
----
> 
> My other questions are:
> 
> a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC?
----
samba 2.x.x doesn't support BDC
----
> 
> b) If I go with method 2 above, am I right in thinking that I'd have to
> stay with the smbpasswd backend for the BDC (which is what the PDC
> uses)?  This would only be a very temporary arrangement; I realize that
> it's discouraged in the docs.  If not, and if ldap could be the backend
> for the BDC somehow, then how would I accomplish this?
----
samba 2.x.x ldap structure is different than samba 3.x.x structure
----
> 
> c) If I go with method 1 above (seems like it might be easier to me
> right now), what are the key files that need to come over from the old
> server to the new server?  I realize that the contents of (at least some
> of, and maybe all of) these files would probably need to be revised
> somehow (maybe putting them in the LDAP Directory), but what information
> must be preserved from the old machine to make sure that I don't have to
> go around to all of the clients and add them to a new domain?
----
10 machines, I'd probably opt for joining them to new domain.
----
> 
> d) I'd obviously like for it to be a seamless transition as far as the
> clients go and the fact that the two servers will have different IP
> addresses is a concern there.  And if I go with method 2, will the
> clients need any reconfiguration to use the BDC for login (until the
> Compaq server can be upgraded to Gentoo and be back in business as the PDC)?
> 
> e) Relating to the set of questions in (c), if I have an existing
> openldap-v2.2.27 server running with a few LDAP Directories (with a
> domain/contact sort of schema built from LDAP fields in existing schemas
> like inetperson and courierimap and a few others) in it on a third
> server, would it be possible to use one of the existing Directories as
> the ldap backend authentication source for the new samba server or would
> I need to create a new Directory with a "samba-only" schema to be the
> ldap backend?
----
no - you should be able to add samba ldap attributes to existing DSA

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.