[Samba] LDAP/PDC migration to Samba4

Marc Muehlfeld mmuehlfeld at samba.org
Sat Jul 19 19:43:53 MDT 2014

Am 20.07.2014 03:05, schrieb Andrey Repin:
> Yes, I'm running over LDAP backend. (Made my life alot easier, allowing me
> transparent authentication in many places beside Samba!)
>> You could install a new machine with x86_64 and tell it to use your LDAP
>> again. If it was on the old 32-bit host, then export it (slapcat) and
>> import it on the new one (slapadd).
>> Depending on what else was in your 32-bit Samba installation, you maybe
>> don't have to do much more. The TDBs on the new host will be recreated.
>> If your old Samba server wasn't acting as a printserver with
>> preconfigured drivers, this shouldn't be a big problem. Because in that
>> case the settings are stored in the registry.tdb.
> So, what you suggest, is... dump LDAP database, import it on the new server,
> and just switch cases?
> That won't work, I'm afraid. The server constantly in use, including remote
> clients. I want the downtime to be as low as possible.

You could do a two step switch:

1) Install Samba on the new 64-Bit server, copy your configs and change
them to use the LDAP on your old host. Stop Samba on the old host and
start on the new one. Samba hostname (netbios name) must be the same.
The real hostname and IP can differ. This should be a minimal downtime
(but of course has to be tested before).

2) Prepare an LDAP server on the new host. Export on the old, import on
the new. Adapt the LDAP server IP in smb.conf. This should also be a
short downtime.

But if the system is so high-critical, that these two steps (I guess
max. 20 minutes if prepared and good tested before) are to long, then
you shouln't run with just a single PDC at all.

>> BTW: What Samba version do you run on your old host?
> # smbd --version
> Version 3.0.28a
> ....it's REALLY old system.

If switching from such an old installation, good testing is really
important. There were huge changes in the last 6.5 years since that release.

Once you are using Samba AD you're having the benefit, that it's easy to
add more DCs. And all DCs are doing multi-master replication. You can
shutdown a DC and upgrade, while the other(s) is/are up and serving.
This allows easier to stay current (I know that it's not always possible
to stay up to date in production).


More information about the samba mailing list