[Samba] Change the IP/name of the domain member server - upgrading the server

Piotr Legiecki piotrlg at pum.edu.pl
Tue Aug 16 03:18:06 MDT 2011 

Gaiseric Vandal pisze:
> Maybe you should also copy the "private" directory from the old to the 
> new server.   That may include the machine password used by the samba 
> server to connect to the domain.
> 
> 
> Run "testparm -v" on both servers.  Are both servers samba version of 
> samba?

So maybe I will answer to my own question sharing my little knowledge.

The old server has Samba 3.0.14 and the new one 3.5.6.
What worked for me?
1. Migrated the group/user id mappings (winbind) from old to new server
on old server:
net idmap dump /var/lib/samba/winbindd_idmap.tdb > idmap_dump.txt
on new one:
net idmap restore idmap_dump.txt
net cache flush
restart samba/winbindd
Now I have the same mappings on both servers, so I don't care about 
migrating them. Just simple cp/tar or whatever.
2. Copy smb.conf (check it, it is upgrade anyway)
3. Copy the files
tar cf - . | ssh root at xx.xx.xx.xx 'cd /home/samba; tar xf -'
3.a surfing the web/watching films....
4. For the purpose of international characters only
convmv -f iso-8859-2 -t utf8 --notest -r user_files
5. Prepare the actual join of new server.
on old server:
net ads leave -U Administrator
(as of samba 3.0.14 I had to delete the machine AD account manually)
shutdown
on new one:
change its name (/etc/hostname, mailname...)
update DHCP server (if in use)
restart
net ads join -U Administrator
(if failed, try kdestroy its Kerberos stuff)
net ads testjoin

It should work.
Now check (double check) if  the ACLs are ok. I had some minor (quickly 
repaired it) problems with group rights. somehow instead of rwx I had rx 
only. But users had problems so the bothered me with phones ;-).

The windows disk mappings  worked fine if they were mapped in AD login 
scripts like that (most of the mapping in my situation):
net use m: \\server\%UserName% /PERSISTENT:NO
if they were manually mapped it required manual intervention

So as you can see the only mysterious thing is transfering the 
group/user id mappings, and fortunately it worked as expected.

I hope the it would help others with similar task.

Regards
P.

More information about the samba mailing list