[Samba] classicupgrade

Sébastien Le Ray sebastien-samba at orniz.org
Thu Aug 27 08:22:03 UTC 2015


Here's what I noted for my migration 1 year ago:

add unix groups used into samba into samba db in order to get them on AD 
side: net groupmap add unixgroup

You'll have to fix wrong encoded logins too:
sudo pdbedit -L -b tdbsam:/path/to/passdb.tdb | perl -l -ne '/
  ^( ([\x00-\x7F])
   )*$ /x or print'

Stop samba on old DC
backup /etc/samba, /var/lib/samba/ & /var/run/samba
merge old-DC /etc/passwd & /etc/group  to get samba-used users & groups
install samba
stop samba
stop winbind
rm -r /var/lib/samba/private/*
rm -f /etc/samba/*
check acl & xattr support on fs
/root/samba3-files ; cp old-dc/var/run/samba/gencache_notrans.tdb 
/root/samba3-files ; cp old-dc/etc/samba/smb.conf /root/samba3-files
samba-tool domain classicupgrade –verbose –use-xattrs=yes 
–dbdir=/root/samba3-files/ –realm=my.ad.realm 
–dns-backend=SAMBA_INTERNAL /root/samba3-files/smb.conf

check that DNS is ok (you may need to give a delegation on the AD realm, 
depending on how your company DNS is set up). Here we have a dns for 
company.smth who gives a delegation for ad.company.smth to the DCs )

dig -t SRV _ldap._tcp.dc._msdcs.my.ad.realm

Create a domain admin
samba-tool user add i-am-a-domain-admin
samba-tool group addmembers “Domain Admins” i-am-a-domain-admin

clean up /etc/{passwd,group} to remove samba groups & users

Should be a good start :-) Note that any shares will be removed from the 
new generated smb.conf (you may re-add them even if some people tell you 
no to, never had any issue with that)


Le 26/08/2015 22:56, Robert Moskowitz a écrit :
> I have a Samba 3.6 PDC (ClearOS) that I want to migrate to Sernet 
> Samba 4.2 AD on a Centos7-arm box.
> So I am reading:
> https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_domain_to_a_Samba_AD_domain_%28classic_upgrade%29 
> And trying to figure out what files I need.  Note this is a totally 
> NEW box, I need to copy over the needed files.  So do I move all of 
> the .tdb files?  There are actually 2 secrets.tdb:
> /var/clearos/framework/tmp/secrets.tdb
> /var/lib/samba/private/secrets.tdb
> Do I need to stop smb and nmb services on the old server before 
> copying the files?  Going to rsync the files over.
> What about the conf files in /etc/samba?  Do I need my old smb.conf?
> Security on the old system is users (unix login, never really liked 
> that).  Can I change that and to what?
> I assume I need to have BIND set up first.  And DHCPD?
> Definitely need to fix some things on the box before I try the upgrade.
> And if I get it wrong the first time, that is not a problem.  I will 
> be trying this a number of times anyway, as Centos7-arm is not even up 
> to beta yet.  But the beta could go fast once they get the build 
> process working.

More information about the samba mailing list