[Samba] Please adwise on classicupgrade process

[Andrey Repin]

Greetings, Denis Cardon!

> Hi Andrey
>> Greetings, All!
>>
>> I'm still on the topic, but probably I read too much stuff lately and can't
>> have my head set straight.
>>
>> Situation: NT4 domain, LDAP+Samba 3.6, running under Ubuntu 12.04.
>> The machine is also a network gateway and access (VPN/ssh) server.
>>
>> Target goals:
>> 1. Upgrade to Samba4 (4.1 seems possible).
>> 2. Convert to ADS.
>> 3. Get rid of PAM-LDAP.
>> 4. Retain ability for domain users to login locally (VPN/ssh) to the system.
>>
>> I've done some experimentation in the virtualized copy of the environment,
>> first with 12.04 and Samba 4.1 from PPA (backport from 14.04 dist), then
>> upgraded to 14.04 due to some conflicting dependencies. (Same 4.1 Samba)
>> classicupgrade seems to be working, so as the bind_dlz and client workstation
>> domain logins.
>>
>> Now, there's a problem:
>> getent passwd doesn't list domain users. Even though winbind is listed in
>> pam-auth-update as part of the authentication stack.
>> Domain users can't connect to SSH - "access denied".
> are you trying to setup pam/nss winbind directly on the samba4 DC?

Of course. I see no reason to not do it. Hardware must work, or it gets
written off the balance.

> From reading your samba3 setup, it looks like you want to have everything on
> the same machine. You should better try to set up all the non DC services on
> a separate member server

Assuming I have a spare server lying around just for the occasion to set up a
DC/winbind on it…
Sorry, but that simply doesn't happen. Not in this country. Not in this life.

> and see if you get the expected result. Winbind is kinda special on a DC in
> 4.0 and 4.1. I guess it will be easier to make your kind of setup on samba
> 4.2, but anyway, it won't be such a great idea, in the time of
> virtualisation and container, it is easier to split up the things.

I'm currently trying to stuff my pipe with LXC/LXD docs.
We'll see how far I can go from here.
If you allow me a question, assuming I set up LXC container on current server
(32-bit), make all the configuration in it, and then reinstall 64-bit OS (same
version of every software) and pull up the configured container, would that
work OOB?


--
WBR,
Andrey Repin (anrdaemon at yandex.ru) 23.02.2015, <01:43>

Sorry for my terrible english...