[Samba] samba 4 as a pdc and /etc/passwd

David Bear dwbear75 at gmail.com
Wed Mar 12 11:15:29 MDT 2014 

Thanks --- there is this fearsome warning at that page:

*PLEASE NOTE*: Make sure you thoroughly test your conversion and how your
clients react *before* you activate your new server in your production
environment! Once a Windows client finds and connects to the new server, it
is *not* possible to go back!

This really makes me wonder about even trying. I don't have 10 win7pro
client machines to test with.


On Wed, Mar 12, 2014 at 9:58 AM, Rowland Penny
<rowlandpenny at googlemail.com>wrote:

>  On 12/03/14 16:54, David Bear wrote:
>
> Thank you. So would you suggest a migration from NT4 style domain to AD
> DC? If if so, are there any writeups on how to migration from a samba BDC
> domain to an samba AD DC ?
>
>
> If you feel up to it, then yes, a samba4 AD domain is the way forward, a
> good place to start is here:
>
>
> https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
>
>
> Rowland
>
>
> On Wed, Mar 12, 2014 at 9:51 AM, Rowland Penny <
> rowlandpenny at googlemail.com> wrote:
>
>>  On 12/03/14 16:46, David Bear wrote:
>>
>> but my original question was do I need to duplicate all the accounts in
>> /etc/passwd between the two machines since I did not have ldap installed
>> originally? Will samba 4 and it's built-in ldap stuff capture what I need
>> to get through pdc to bdc replication?
>>
>>   Since samba 3 required each samba user to be also a local user, you
>> will need to create the same users & groups on the new machine as on the
>> old one with the same uid's & gid's. This is where an AD domain is better,
>> users & groups only exist in AD, they cannot be local.
>>
>> Rowland
>>
>>
>>
>> On Wed, Mar 12, 2014 at 9:41 AM, Rowland Penny <
>> rowlandpenny at googlemail.com> wrote:
>>
>>>   On 12/03/14 16:22, David Bear wrote:
>>>
>>> Thanks for the rapid response. Apologies I was not more clear.
>>>
>>>  I want to stick with the standard NT 4 domain contoller style network.
>>> Maybe next years I will think if migration to and ad dc. But for now, I
>>> want the simplest path off the samba 3 domain controller that I have.
>>>
>>>
>>> On Wed, Mar 12, 2014 at 9:18 AM, Rowland Penny <
>>> rowlandpenny at googlemail.com> wrote:
>>>
>>>>  On 12/03/14 16:07, David Bear wrote:
>>>>
>>>>> I am remembering something wrong related to samba 4 and that there is
>>>>> no
>>>>> longer a need to have machine accounts and user accounts exist in
>>>>> /etc/passwd ? I want to set up a samba 4 domain controller as a bdc to
>>>>> a
>>>>> samba 3 domain. Have the domain data base replicate and then shut down
>>>>> the
>>>>> samba 3 pdc and promote the samba 4 to a pdc. It would be nice to
>>>>> ignore
>>>>> having to migrate /etc/passwd because I did not set up ldap for the
>>>>> samba 3
>>>>> domain.
>>>>>
>>>>>   I think that we are going to need a bit more info here. When you
>>>> say 'bdc' & 'pdc' are you referring to the 'classic' samba setup, or do you
>>>> expect to end up with an AD controller?
>>>>
>>>> If you want to end up with an AD controller, then what you are
>>>> proposing will not work, an AD DC will never be a pdc in a NT domain.
>>>>
>>>> I think that you will have to go down the classicupgrade path here, but
>>>> without further info, I cannot be sure.
>>>>
>>>> Rowland
>>>>
>>>
>>>
>>>
>>>  --
>>> David Bear
>>> mobile: (602) 903-6476
>>>
>>>
>>>    Ah, well in that case, I think it is just a case of setting up
>>> samba4 just like the samba3 machine and then syncing the userdatebase etc
>>> from the pdc to the bdc. This is usually just done by copying the samba
>>> directory from one to the other (on Ubuntu this is /var/lib/samba YMMV).
>>>
>>> Start up the new machine, make sure everything is ok and then stop smbd,
>>> nmbd, winbind on the old pdc and everything should just work, or maybe not.
>>> If it doesn't work, restart smbd etc on the original pdc and you should be
>>> back to where you were, you can then check the logs to try and find out
>>> what went wrong.
>>>
>>> This is all from memory, it is a good few years since I last did this
>>> (ok, in fact I only ever did it once ;-) ), so if anybody has a better way,
>>> please chime in.
>>>
>>> Rowland
>>>
>>
>>
>>
>>  --
>> David Bear
>> mobile: (602) 903-6476
>>
>>
>>
>>
>
>
>  --
> David Bear
> mobile: (602) 903-6476
>
>
>
>


-- 
David Bear
mobile: (602) 903-6476

More information about the samba mailing list