[Samba] migrating to a new server with LDAP
John Baker
johnnyb at marlboro.edu
Fri Jan 19 17:14:23 GMT 2007
Okay, I think I see.
Let me just clarify , I think the problem is that I don't fully
understand the role of a PDC and what it does.
But, being that that we are just using a workgroup setup we don't have
any complicated domain wide setup to deal with. LDAP does all our
directory stuff and it only cares about Samba in Sambas need for LDAP
authentication.
So if I just route another subnet to cut of the broadcasts I can use the
exact same Samba set up as is on the current server and they will not
interfere with each other. I can test to my heart's delight on the new
subnet as long as it can communicate with the LDAP server it should work?
Thanks
Felipe Augusto van de Wiel wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/19/2007 01:21 PM, John Baker escreveu:
>
>> Thanks very much for your reply.
>>
>
> You are welcome.
>
>
>
>> The LDAP server is running Ubuntu breezy and packages are
>> up to date so it should be ok.
>>
>> Finding the right section on the Samba3 by example helps. :)
>>
>
> :-)
>
>
>
>> Now according to "replacing a Domain Controller" under
>> "Migrating Samba-3 to a new server" I can just " Copy
>> the |secrets.tdb| file, the |smbpasswd| file (if it is
>> used), the |/etc/samba/passdb.tdb| file (only used by
>> the |tdbsam| backend), and all the tdb control files
>> from the old system to the correct location on the new
>> system."
>>
>
> Yep, sounds like what you have to do.
>
>
>
>> But I need to be able to test it in the production
>> environment because I have to hook it into the current
>> ldap server. (I can't practically rebuild that in a lab)
>>
>
> Hmmmm, don't get me wrong. When I say lab, I do
> not mean it phisically. If you are able to isolate the
> new server and one workstation on a VLAN or on a small
> hub, you can test it on a "lab". ;)
>
>
>
>> So, then for being able to test it in place while the
>> other server continues to function what would you say
>> is the best strategy?
>>
>
> I still think, that if you can get a notebook
> from your company and connect it using a cross cable
> to the new server, or something like that, you really
> have the chance to do the best test, or if you can do
> that at night or at the weekend, that's the best way
> to be sure that the new server will work smoothly.
>
>
>
>> This is why I was thinking of using the process for
>> making a BDC and then renaming it and setting all
>> the other configuration parameters to what the
>> current server has after its been tested and the
>> other one is ready to come down.
>>
>
> Technically speaking, there is a practical
> difference between PDC and BDC, and considering the
> entire set of Murphy's Laws, it could not work the
> way you expect.
>
>
>
>> This particular server sits in the middle of the
>> network and hosts everyone's mail spool and file
>> storage. Samba is just used to allow users to
>> mount their home directories from other machines.
>> All the other essential network services take
>> place elsewhere.
>>
>> So its not a terribly complicated setup. I only
>> need to be sure that I can create new uses accounts
>> and mount drives via LDAP authentication.
>>
>
> I think you will get that pretty easily. It's
> just a matter to do a few tests, check the logs and
> get everything running on your new shiny setup.
>
>
>
>> Thanks again
>>
>
> Kind regards,
>
> - --
> Felipe Augusto van de Wiel <felipe at paranacidade.org.br>
> Coordenadoria de Tecnologia da Informação (CTI) - SEDU/PARANACIDADE
> http://www.paranacidade.org.br/ Phone: (+55 41 3350 3300)
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
>
> iD8DBQFFsPWTCj65ZxU4gPQRAu9nAJ9wMvP7cB526Z5YM82Vr1nuGgA6cQCgppc6
> HI+a4DiruMda56Lz7Z4lPWA=
> =kmfw
> -----END PGP SIGNATURE-----
>
--
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus
More information about the samba
mailing list