[Samba] samba 4 as a pdc and /etc/passwd

Rowland Penny rowlandpenny at googlemail.com
Wed Mar 12 11:22:53 MDT 2014 

On 12/03/14 17:15, David Bear wrote:
> Thanks --- there is this fearsome warning at that page:
>
> *PLEASE NOTE*: Make sure you thoroughly test your conversion and how 
> your clients react /before/ you activate your new server in your 
> production environment! Once a Windows client finds and connects to 
> the new server, it is *not* possible to go back!
>
> This really makes me wonder about even trying. I don't have 10 win7pro 
> client machines to test with.
>

You can do all of the testing in VM's and if you do have problems these 
can be sorted before you do go live.
I am sure that any problems can be sorted, and that some of the admins 
that have done this upgrade will be willing to offer help and advice.

Rowland

>
> On Wed, Mar 12, 2014 at 9:58 AM, Rowland Penny 
> <rowlandpenny at googlemail.com <mailto:rowlandpenny at googlemail.com>> wrote:
>
>     On 12/03/14 16:54, David Bear wrote:
>>     Thank you. So would you suggest a migration from NT4 style domain
>>     to AD DC? If if so, are there any writeups on how to migration
>>     from a samba BDC domain to an samba AD DC ?
>>
>
>     If you feel up to it, then yes, a samba4 AD domain is the way
>     forward, a good place to start is here:
>
>     https://wiki.samba.org/index.php/Samba4/samba-tool/domain/classicupgrade/HOWTO
>
>
>
>     Rowland
>
>>
>>     On Wed, Mar 12, 2014 at 9:51 AM, Rowland Penny
>>     <rowlandpenny at googlemail.com
>>     <mailto:rowlandpenny at googlemail.com>> wrote:
>>
>>         On 12/03/14 16:46, David Bear wrote:
>>>         but my original question was do I need to duplicate all the
>>>         accounts in /etc/passwd between the two machines since I did
>>>         not have ldap installed originally? Will samba 4 and it's
>>>         built-in ldap stuff capture what I need to get through pdc
>>>         to bdc replication?
>>>
>>         Since samba 3 required each samba user to be also a local
>>         user, you will need to create the same users & groups on the
>>         new machine as on the old one with the same uid's & gid's.
>>         This is where an AD domain is better, users & groups only
>>         exist in AD, they cannot be local.
>>
>>         Rowland
>>
>>
>>>
>>>         On Wed, Mar 12, 2014 at 9:41 AM, Rowland Penny
>>>         <rowlandpenny at googlemail.com
>>>         <mailto:rowlandpenny at googlemail.com>> wrote:
>>>
>>>             On 12/03/14 16:22, David Bear wrote:
>>>>             Thanks for the rapid response. Apologies I was not more
>>>>             clear.
>>>>
>>>>             I want to stick with the standard NT 4 domain contoller
>>>>             style network. Maybe next years I will think if
>>>>             migration to and ad dc. But for now, I want the
>>>>             simplest path off the samba 3 domain controller that I
>>>>             have.
>>>>
>>>>
>>>>             On Wed, Mar 12, 2014 at 9:18 AM, Rowland Penny
>>>>             <rowlandpenny at googlemail.com
>>>>             <mailto:rowlandpenny at googlemail.com>> wrote:
>>>>
>>>>                 On 12/03/14 16:07, David Bear wrote:
>>>>
>>>>                     I am remembering something wrong related to
>>>>                     samba 4 and that there is no
>>>>                     longer a need to have machine accounts and user
>>>>                     accounts exist in
>>>>                     /etc/passwd ? I want to set up a samba 4 domain
>>>>                     controller as a bdc to a
>>>>                     samba 3 domain. Have the domain data base
>>>>                     replicate and then shut down the
>>>>                     samba 3 pdc and promote the samba 4 to a pdc.
>>>>                     It would be nice to ignore
>>>>                     having to migrate /etc/passwd because I did not
>>>>                     set up ldap for the samba 3
>>>>                     domain.
>>>>
>>>>                 I think that we are going to need a bit more info
>>>>                 here. When you say 'bdc' & 'pdc' are you referring
>>>>                 to the 'classic' samba setup, or do you expect to
>>>>                 end up with an AD controller?
>>>>
>>>>                 If you want to end up with an AD controller, then
>>>>                 what you are proposing will not work, an AD DC will
>>>>                 never be a pdc in a NT domain.
>>>>
>>>>                 I think that you will have to go down the
>>>>                 classicupgrade path here, but without further info,
>>>>                 I cannot be sure.
>>>>
>>>>                 Rowland
>>>>
>>>>
>>>>
>>>>
>>>>             -- 
>>>>             David Bear
>>>>             mobile: (602) 903-6476
>>>>
>>>>
>>>             Ah, well in that case, I think it is just a case of
>>>             setting up samba4 just like the samba3 machine and then
>>>             syncing the userdatebase etc from the pdc to the bdc.
>>>             This is usually just done by copying the samba directory
>>>             from one to the other (on Ubuntu this is /var/lib/samba
>>>             YMMV).
>>>
>>>             Start up the new machine, make sure everything is ok and
>>>             then stop smbd, nmbd, winbind on the old pdc and
>>>             everything should just work, or maybe not. If it doesn't
>>>             work, restart smbd etc on the original pdc and you
>>>             should be back to where you were, you can then check the
>>>             logs to try and find out what went wrong.
>>>
>>>             This is all from memory, it is a good few years since I
>>>             last did this (ok, in fact I only ever did it once ;-)
>>>             ), so if anybody has a better way, please chime in.
>>>
>>>             Rowland
>>>
>>>
>>>
>>>
>>>         -- 
>>>         David Bear
>>>         mobile: (602) 903-6476
>>>
>>>
>>
>>
>>
>>
>>     -- 
>>     David Bear
>>     mobile: (602) 903-6476
>>
>>
>
>
>
>
> -- 
> David Bear
> mobile: (602) 903-6476
>
>

More information about the samba mailing list