[Samba] Best procedure for migration?

[Tom Robinson]

Sherwood Botsford wrote:
> Looking in both Samba3 by example and in Samba HowTo has come up empty. 
> There is a chapter in Howto on migrating from 2.2.8, but it mostly 
> describes the changes in 3 from 2.  Nothing on best practices on how to 
> do it.
> 
> I have two servers running samba 2.2.8a. on FreeBSD 4.5  I have two new 
> (new to me anyway... 2nd hand netfinity boxes) running FreeBSD 6.1 along 
> with a fresh install from packages of samba 3.0.21b.
> 
> Now I have a task that I think is akin to changing the spark plugs 
> without turning off the engine.
> 
> Q1.  Has anyone produced a guide on how to migrate samba gracefully to 
> another machine?
> 
> Q2.  Is it a bad idea to couple the machine migration along with the 
> samba upgrade?
> 
> Heres how I see the problems:

0. make a backup

> 1.  Move files.
> This would be done using rsync, so that the new server would remain 
> consistent with the old server.
tar would be another method. scp would also suffice. at least tar makes 
a backup as you go 8P

> 
> 2.  Move unix logins.  Fairly easy.  The PDC is also the YP server.  
> Make the new server a ypslave.  Later we can reverse the two roles.
if you're not running NIS then you would have to copy the file logins
/etc/{passwd,group,shadow,gshadow} and filter out the system users

> 
> 3.  Move the samba logins.  Initially do this by copying over the 
>  smbpasswd file.  Later convert to LDAP or TDBsam.
sure

> 
> Now it starts getting tricky:
> What do I need to do so that the new server appears as the PDC of my 
> domain?
> 
> What do I need to do so that the users don't notice the switch.
> At present there are a whole bunch of shares that are mapped via a logon 
> script.  The shares will map the same way, except that \\conan will be 
> replaced by \\peon.
change your logon.bat script
you probably need to retain the old PDC/DOMAIN SID information from the
secrets.tdb. I think that gets set into the new PDC secrets.tdb with
net setlocalsid.

> 
> What happens to memories of the old shares?
> 
the logon.bat can delete share mappings with something like
net use f: /delete

> I'm sure there are a million gotchas in here.

probably a few more now!



-- 
Tom Robinson
Systems Adminstrator



Intelligent Space
Parchment House
13 Northburgh Street
London
EC1V 0JP
t: 020 7014 5980
f: 020 7014 5981
e: gtempleton at intelligentspace.com
w: http://www.intelligentspace.com

The information in this e-mail and any attachment is confidential. It 
isintended only for the named recipient(s). If you are not a named 
recipient please notify the sender immediately and then delete it 
without disclosing the contents to another person or taking copies.