[Samba] PDC migration from suse 8.2 - samba 2.2.7 ldap - to latest versions on ubuntu 8.04

Vladimir Psenicka vladimir.psenicka at prodeco.cz
Fri Mar 26 06:42:01 MDT 2010 

Dne 26.3.2010 10:59, GG napsal(a):
> Hi!
> 
> I'll be at it in a few minutes installing samba client / net command :-)
> 
> I have a question about the samba sernet repos:
> Shall I apt-get remove samba and use
> http://enterprisesamba.com/index.php?id=148 +
> http://enterprisesamba.com/index.php?id=56
>  instead from start?
> 

Yes, you should remove Debian samba packages and install sernet-samba
packages.

> What is the real advantage of sernet? What about installing official
> samba.org packages, are there differences with sernet (stability?) or
> is it just a more liberal repository?

I don't know how much are samba.org repositories updated, but sernet
repos seems to be updated often. Maybe somebody can explain this better.

> 
> Also I read
>>>> Ensure that all local user and group accounts that are used by samba
>>>> have the same uid/gid.
> 
> Shall I copy /etc/shadow and /etc/passwd over? other files for groups
> and users?
> 
> I use rsync --verbose  --progress --stats --compress --rsh=ssh \
>       --recursive --times --perms --links  \
>       --owner --group --devices --specials \
>       --exclude-from '/root/exclude.txt (if any, not in this case as
> I'm only syncing data dir)' \
>       root at old_PDC:/DATA /DATA
> 
> This should bring over every attribute set on files... correct?

Yes

> 
> [[[did only partially in one case: I set up a twin install (fresh
> install then live cd and full rsync and after that I kept mbr, but
> changed /boot and the /ect/fstab settings) and the server started
> etc.. LDAP did not work though: authentication was not available...
> So I must be missing something or this rsync parameter set must be
> missing something.. I had disconnected old PDC, set same IP and
> hostname to the VM well this worked well for other virtualizations and
> in this PDC I need to upgrade to win7 compatible samba version anyway
> :-)
> This was another story but just to share it as it is an excellent way
> of migrating sometimes specially for machines you do not master and
> this is my case very often.]]]
> 
> Cheers,
> Giorgio
> 
> On Fri, Mar 26, 2010 at 9:14 AM, Vladimir Psenicka
> <vladimir.psenicka at prodeco.cz> wrote:
>> Hi
>>
>> Dne 25.3.2010 17:41, GG napsal(a):
>>> Hello Vladimir, John and all the NG :-)
>>> Thanks so much for answering. I really hoped someone would :-)
>>>
>>> So I installed Debian latest stable netinst on the future production
>>> server and here are my issues in the quotes :-( no net command on my
>>> suse 8.2
>>>
>>> Cheers :-)
>>> Giorgio
>>>
>>>
>>>> On Thu, Mar 25, 2010 at 14:00, John H Terpstra <*@samba.org> wrote:
>>>>> On 03/25/2010 03:33 AM, Vladimir Psenicka wrote:
>>>>> What about Debian Stable with Sernet samba repo, where you can choose
>>>>> Samba 3.4.x or 3.5.x
>>>>>
>>>>> My hints on migrating to new server:
>>>>>
>>>>> 1. install new server (Samba,ldap etc.)
>>>
>>> done :-) Debian Stable netinst
>>>
>>>>> 2. set same hostname on new server
>>> My ignorance comes out :-)
>>> Must I set it different from the production server as FW points
>>> production.domain.com - I have clients using DNS=oldPDC and PDC
>>> forwards queries to FW. FW has pdc.domain.com defined to point to lan
>>> ip.
>>>
>>
>> Ok, can be changed later
>>
>>>>> 3. export ldap data from old server and import them to new server
>>>
>>> slapcat -f /etc/openldap/ldap.conf -l /ldap.ldif
>>> OK
>>>
>>>> Ensure that all local user and group accounts that are used by samba
>>>> have the same uid/gid.
>>> my ignorance again... another hint?
>>>>
>>>>> 4. export SID (net getlocalsid) and set it on new server (net
>>>>> setlocalsid oldsid)
>>>>
>>>> Note:
>>>>  net getdomainsid (on old server)
>>>>  net setdomainsid (on new server)
>>> thanks :-)
>>>
>>> # net getdomainsid
>>> -bash: net: command not found :-( and not found in yast
>>>
>>> I understand it has to do with extracting the sid from
>>> /etc/samba/secrets.tdb but how do I install the command? suse 8.2 yast
>>> has now net package and googling net is.. well wow!
>>>
>>
>> Have you samba-client package installed?
>>
>> PAVOUK\psenicka at psenicka:~> rpm -qf `which net`
>> samba-client-3.5.1-4.1.x86_64
>>
>> or you can dig domainsid from ldap
>>
>>>>> 5. configure samba on new server as PDC with ldap and shares in smb.conf
>>>>> from old samba smb.conf (check with testparm)
>>>
>>> I see it only contains shares so I bet smb.conf would just keep all
>>> the old settings rigth? /DATA will be rsynced
>>>
>>
>> Maybe smb.conf from Samba2 is too different from Samba 3. I will keep
>> current smb.conf on new server and add only shares from old smb.conf to
>> new smb.conf.
>>
>>>>> 6. stop samba on old server
>>>>> 7. copy all data (with perms) and netlogon share to new server
>>>>> 8. stop old server
>>>>> 9. start samba on new server a check everything is working fine (domain
>>>>> logon from windows box, shares and perms)
>>>>>
>>>>> This can be done best when no users are logged in samba (maybe at weekend?)
>>>>>
>>>>> P.S. We have ubuntu 8.04 as PDC and Windows 7 can't join to domain
>>>
>>> thanks I move to Debian with ease :-) ubuntu is a great deb derived right?
>>>
>> Ubuntu 8.04 LTS is now older than Debian Stable. When Ubuntu 10.04 LTS
>> comes out this will be no longer truth.
>>
>>>> Check http://wiki.samba.org for info regarding Windows 7.
>>>>
>>>> Cheers,
>>>> John T.
>>>>
>>>>> Dne 25.3.2010 01:05, GG napsal(a):
>>>>>> Hello Vladimir and hi all,
>>>>>>
>>>>>> Thanks very much for replying!
>>>>>>
>>>>>> Any suggested os? I'd go for debian or what advised, I just happen to
>>>>>> know ubuntu more...
>>>>>>
>>>>>>
>>>>>> Any strategy or hint on migrating from ancient ldap + samba to a new server?
>>>>>> Already tried rsyncing (using all options to keep perms and attributes
>>>>>> grp  own mod etc) on a twin v-machine but server starts and the ldap
>>>>>> auth fails to work :-(
>>>>>>
>>>>>> I'm a bit stuck at the moment :-( and I have posponed the problem for
>>>>>> too long grrr
>>>>>>
>>>>>> Giorgio
>>>>>>
>>>>>> On Wed, Mar 24, 2010 at 9:20 AM, Vladimir Psenicka
>>>>>> <vladimir.psenicka at prodeco.cz> wrote:
>>>>>>> Dne 23.3.2010 15:48, Giorgio napsal(a):
>>>>>>>> Hello,
>>>>>>>> Hopefully I'm in the right place asking for help :-)
>>>>>>>>
>>>>>>>> I need to move from an old physical Suse 8.2 - samba 2.2.7 + ldap - to
>>>>>>>> latest samba versions, I would like to use an ubuntu 8.04 virtual machine.
>>>>>>>>
>>>>>>>> The domain is in production on the physical server, to be dismissed after
>>>>>>>> migration. It is also the file server!!! so /DATA/ has all shared and
>>>>>>>> permission driven file access..
>>>>>>>>
>>>>>>>> I was following https://help.ubuntu.com/8.10/serverguide/C/samba-dc.html but
>>>>>>>> I realize I am in a different scenario...
>>>>>>>>
>>>>>>>> Production so no errors are admitted :-(, migration to new os and versions..
>>>>>>>> all at once?
>>>>>>>>
>>>>>>>> I have a dump of the physical server (dd sda mbr and single partitions :)
>>>>>>>> plus an rsync with all permissions daily backup, just to be safe ;)
>>>>>>>>
>>>>>>>>
>>>>>>>> What would you guru's suggest as a strategy?
>>>>>>>>
>>>>>>>> Can I create a new server and add it as secondary domain controller and then
>>>>>>>> once the replica is up? I'd feel quite comfortable with this method.
>>>>>>>>
>>>>>>>> BTW I need a new version of samba as they have already bought Windows 7
>>>>>>>> boxes (without asking if they were supported arrgh).
>>>>>>>>
>>>>>>>> Thanks to all of you who read or answered :-)
>>>>>>>>
>>>>>>>> Gio
>>>>>>>
>>>>>>> Hi.
>>>>>>>
>>>>>>> Ubuntu 8.10 is bad idea if you will be connecting Windows 7 into domain,
>>>>>>> because of old Samba version. Samba 3.4.x or 3.5.x is recommended for
>>>>>>> Win7. Wait for Ubuntu 10.04 LTS (next month) if you want Ubuntu.
>>>>>>>
>>>>>>> --
>>>>>>> Vladimir Psenicka
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> To unsubscribe from this list go to the following URL and read the
>>>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
>> --
>> Vladimir Psenicka
>> IT system engineer
>> PRODECO, a.s.
>> Tel.: 417 633 762
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>


-- 
Vladimir Psenicka
IT system engineer
PRODECO, a.s.
Tel.: 417 633 762

More information about the samba mailing list