[Samba] Migrate from Samba 4 to Samba 4?

Andrew Bartlett abartlet at samba.org
Wed Dec 4 16:08:03 MST 2013

On Wed, 2013-12-04 at 10:40 +0000, Kevin Latimer wrote:
> Hi All,
> Does anyone know if there's a Samba 4 to Samba 4 migration process?
> Sounds weird, but it has a logical reason:
> I've a several-year-old S4 implementation, from an early Alpha (10 I
> think?) that hasn't been in the best of shape of late - when S4 4.0.0
> arrived, I accidentally upgraded using my normal "git
> pull; ./configure; make; make install" procedure and instead of
> getting 4.0 I got 4.1pre.  I hastily installed the 4.0.0 tarball but I
> think I've ended up with a broken schema because of it.

The two trees were not that different at that point, so I don't think
major harm came from this. 

> It's been clunking along okay nontheless with the oddities just
> needing a little manual intervention now and again but last night I
> decided to install the 4.1.2 tarball.
> I wanted to do an "upgradeprovision --full" as I've been missing the
> SFU schema and I need to retain some UID consistency.  My testing on a
> snapshot told me you can't run upgradeprovision with more than one DC
> so last night, I allotted myself a maintenance window and went for it.
> I demoted all the DC's but I had one that wouldn't demote (this DC is
> one of the "manual interventions"...).  I've tried samba-tool domain
> demote, ntdsutil metadata cleanup, ADUC, ADSAS but it just won't
> shift.
> Running out of time, I decided to upgrade to 4.1.2 on these two
> remaining DC's anyway, do a fresh install on the other DC's and rejoin
> them.  They upgraded just fine but I can't join any other DC's,
> samba-tool segfaults after copying the configuration partition.

That's unfortunate.  Can you get us some information on this segfault?

> My directory seems to be in a bit of a mess (dbcheck only shows two,
> albeit uncorrectable errors) so I wonder if there's a procedure (like
> classicupgrade for S3->S4 or vampire for NT4/Windows) to get the users
> and computers from my current provision into a new, fresh one? 

What are the errors, and have you actually run upgradeprovision or not?
(We are trying to avoid folks running that tool, except in the extreme
cases such as an installation of your age, and even then we are trying
to have dbcheck handle it as much as possible. 

>  I'm not bothered about retaining metadata like last login time or
> password history or such, just enough information to allow users to
> login without having to rejoin each machine?  Losing GPO's aren't the
> end of the world either, I don't have many.

If we really had to, we could hack something up via the classicupgrade
code or similar, but I would really rather not. 

Let's try and fix up your directory as-is. 

Andrew Bartlett

Andrew Bartlett
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba mailing list