[Samba] LDAP/PDC migration to Samba4

Davor Vusir davortvusir at gmail.com
Sat Jul 19 22:47:21 MDT 2014 

Den 20 jul 2014 03:44 skrev "Marc Muehlfeld" <mmuehlfeld at samba.org>:
>
> Am 20.07.2014 03:05, schrieb Andrey Repin:
> > Yes, I'm running over LDAP backend. (Made my life alot easier, allowing
me
> > transparent authentication in many places beside Samba!)
> >
> >> You could install a new machine with x86_64 and tell it to use your
LDAP
> >> again. If it was on the old 32-bit host, then export it (slapcat) and
> >> import it on the new one (slapadd).
> >
> >> Depending on what else was in your 32-bit Samba installation, you maybe
> >> don't have to do much more. The TDBs on the new host will be recreated.
> >> If your old Samba server wasn't acting as a printserver with
> >> preconfigured drivers, this shouldn't be a big problem. Because in that
> >> case the settings are stored in the registry.tdb.
> >
> > So, what you suggest, is... dump LDAP database, import it on the new
server,
> > and just switch cases?
> > That won't work, I'm afraid. The server constantly in use, including
remote
> > clients. I want the downtime to be as low as possible.
>
> You could do a two step switch:
>
> 1) Install Samba on the new 64-Bit server, copy your configs and change
> them to use the LDAP on your old host. Stop Samba on the old host and
> start on the new one. Samba hostname (netbios name) must be the same.
> The real hostname and IP can differ. This should be a minimal downtime
> (but of course has to be tested before).
>
>
> 2) Prepare an LDAP server on the new host. Export on the old, import on
> the new. Adapt the LDAP server IP in smb.conf. This should also be a
> short downtime.
>
>

Or you could create a new Samba AD DC domain, exploit the trust
capabilities, copy the user accounts SID to the corresponding accounts
SID-history in the new domain. Create appropriate access groups and apply
them on the resources.

When all is tested and set you migrate the computers.

No downtime.

Regards
Davor

>
> But if the system is so high-critical, that these two steps (I guess
> max. 20 minutes if prepared and good tested before) are to long, then
> you shouln't run with just a single PDC at all.
>
>
>
>
>
> >> BTW: What Samba version do you run on your old host?
> >
> > # smbd --version
> > Version 3.0.28a
> >
> > ....it's REALLY old system.
>
> If switching from such an old installation, good testing is really
> important. There were huge changes in the last 6.5 years since that
release.
>
> Once you are using Samba AD you're having the benefit, that it's easy to
> add more DCs. And all DCs are doing multi-master replication. You can
> shutdown a DC and upgrade, while the other(s) is/are up and serving.
> This allows easier to stay current (I know that it's not always possible
> to stay up to date in production).
>
>
>
> Regards,
> Marc
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list