[Samba] Samba on Debian 8; NT4 domain, win10

Rowland Penny rpenny at samba.org
Wed Dec 14 11:25:18 UTC 2016 

On Wed, 14 Dec 2016 10:50:22 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 2016-12-12 um 15:37 schrieb Stefan G. Weichinger via samba:
> 
> > I just moved all the configs etc over to another VM, and started
> > over, looks better now. No clue ... thanks anyway :-)
> 
> I am sure that all of you wait thrilled for the next news from my
> migration(s) ;-)
> 
> Yesterday we did tests with 2 Win7-Test-VMs and the migrated
> Debian-ADS-PDC. Looks good to me.
> 
> We were able to login with old and new users, access shares on the
> pdc, join a new client, and even deploy the first GPOs to the
> clients. RSAT access works so far ... feels good to me.
> 
> As you may assume new questions arised:
> 
> * kinit: Do I have to run that after every reboot of the PDC? I don't
> plan to do that all the time but we have to *know* what to do in case.
> In my tests I had the impression that this wasn't kept up by itself.

No you don't and please stop calling it a PDC, your old domain
controller was a PDC, your new one is just a DC. All AD DCs are equal
except for the FSMO roles and these can be on any DC.

> 
> * we had to change the IP of the Test-PDC after classicupgrade, I then
> noticed some loglines around samba_dnsupdate trying to contact the DNS
> under the old IP. How can I fix that? yesterday I reran classicupgrade
> as we hadn't done any new work yet, but that is no solution for
> production ;-)

There is a wiki page for this:
https://wiki.samba.org/index.php/Change_IP_address_of_an_Samba_AD_DC

> 
> * I have to move over the test-config to another VM then for
> production, this also means changing the IP and maybe the
> linux-hostname. Is that a problem, should that be avoided?

Whilst I have never done this, changing the hostname should be fairly
easy, do the classicupgrade on the machine that has the hostname you
require and then change to the 'netbios name' in smb.conf to reflect
the new hostname.
 
> 
> * What is the recommended way to pull backups of the PDC? Just tar up
> /var/lib/samba ? Run some export script or so?

The best way of doing backups is not to do them ;-)
Add a second DC and replication will do it for you. There is a script
that comes with Samba, but it is a bit basic, you will find a better
one here:

https://github.com/thctlo/samba4/tree/master/backup-script

> 
> * and what is the recommended way of actually swapping PDC from NT4
> to ADS?
> 
> turn down all clients, and NT4-PDC, then turn up ADS-PDC, and client
> after client?

If you have done it correctly, your windows clients shouldn't really
notice the difference, but there is a gotcha, it appears that once your
windows clients connect an AD domain, they will never go back to the
NT4-style domain.

> 
> Thanks a lot, I am looking forward to actually rolling this out in
> january ...
> 
> 

Hope everything goes all right for you.

Rowland

More information about the samba mailing list