[Samba] migrating to a new server with LDAP
John Baker
johnnyb at marlboro.edu
Fri Jan 19 15:21:38 GMT 2007
Thanks very much for your reply.
The LDAP server is running Ubuntu breezy and packages are up to date so
it should be ok.
Finding the right section on the Samba3 by example helps. :)
Now according to "replacing a Domain Controller" under "Migrating
Samba-3 to a new server" I can just " Copy the |secrets.tdb| file, the
|smbpasswd| file (if it is used), the |/etc/samba/passdb.tdb| file (only
used by the |tdbsam| backend), and all the tdb control files from the
old system to the correct location on the new system."
But I need to be able to test it in the production environment because I
have to hook it into the current ldap server. (I can't practically
rebuild that in a lab)
So, then for being able to test it in place while the other server
continues to function what would you say is the best strategy? This is
why I was thinking of using the process for making a BDC and then
renaming it and setting all the other configuration parameters to what
the current server has after its been tested and the other one is ready
to come down.
This particular server sits in the middle of the network and hosts
everyone's mail spool and file storage. Samba is just used to allow
users to mount their home directories from other machines. All the other
essential network services take place elsewhere.
So its not a terribly complicated setup. I only need to be sure that I
can create new uses accounts and mount drives via LDAP authentication.
Thanks again
Felipe Augusto van de Wiel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/18/2007 02:52 PM, John Baker escreveu:
>
>> Hello folks.
>>
>
> Hey! :)
>
>
>
>> I need to migrate from an old server still running Debian
>> Woody to a new server running Dapper Drake.
>>
>
> Just to be 100% sure, you are not using LDAP on the
> Woody right? Because the upgrade path from LDAP in Woody to
> LDAP in Sarge (and post-sarge) has a few troubles.
>
>
>
>> The big challenge is turning out to be who to plan out the
>> Samba LDAP migration.
>>
>
> If you have the chance to prepare the new server in
> a lab and try it with a few workstations without mess with
> your production environment, that's a very good thing to do.
>
>
>
>> The current server version is 3.0.20 compiled form source
>> and the Dapper package is 3.0.22 and appears to include
>> ldap support. So I don't think I need to compile or worry
>> about version compatibility troubles.
>>
>
> Probably no, but you still should read the Release
> Notes to see what changes from 3.0.20 to 3.0.22, and if it
> is possible, you should think about migrating to 3.0.23d
> (Samba version in Debian Etch).
>
>
>
>> But how to migrate to a new machine and run the PDC just
>> like on the old one with LDAP is pretty confusing.
>>
>
> smbldap-tools to the rescue. ;)
>
>
>
>> Should I start the new server as a BDC and then take the
>> old one down?
>>
>
> No. You could, but you don't need to.
>
>
>
>> Is there anyway to go about it where I won't have to
>> touch the LDAP server to deal with the SID?
>>
>
> Hmmm... the SID is not that complicated. Once you
> use the right support tools, they will do all the magic.
> What you need to ensure is that you have a sambaDomainName
> in your LDAP tree with the proper SID in it. That also
> means that you need to check the 'net getlocalsid' to see
> if it gives you the same answer that the old server, if not,
> use 'net setlocalsid'.
>
> You will need to create the groupmaps, just use
> 'net groupmap' for that one. There's not much more than
> this, except the account creation of your users and
> machines.
>
> But you don't need to do 'everything at once', if
> you can migrate one user account and one machine account,
> that should be a good start to check the migration,
> specially with regards to Profiles, SID and Domain control.
>
>
>
>> Could anyone give me some ideas on the best way to go
>> about it or point me in the direction of a good
>> migration how to?
>>
>
> If I'm not wrong, the Samba By Example explains
> how to do that, they start with a configuration for a very
> small company and when it gets big, they change from
> smbpasswd to LDAP.
>
> http://samba.org/samba/docs/
>
>
>
>> Thanks
>>
>
> I hope this helps. Kind regards,
>
> - --
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQFFsMkKCj65ZxU4gPQRAjp4AJ44d0A4WGWzYxvIboZIZxjvW7ipcwCfUMdB
> PhjsId1Z3DMdnqpwwB4W5oo=
> =wVpC
> -----END PGP SIGNATURE-----
>
--
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
More information about the samba
mailing list