[Samba] Migrating, Upgrading & Testing Samba 4 PDC/BDC

Rowland Penny rpenny at samba.org
Wed Sep 28 16:22:37 UTC 2016

On Wed, 28 Sep 2016 16:11:23 +0000
Charish Patel via samba <samba at lists.samba.org> wrote:

> Hi folks,
> I've been tasked with a migration of our servers and, as the subject
> implies, part of it involves a PDC and BDC that were set up before my
> time. However, I'm trying to accomplish a little bit more to give
> myself, the sysadmin, a little bit more automation capability:
> ·         Migrate the PDC and BDC both to new servers (part of this
> I've already done with copying /etc/passwd, group, shadow, and
> gshadow along with smb.conf, secrets.tdb and passwd.tdb. There is no
> LDAP and/or Kerberos configuration).
> ·         Upgrade the PDC and BDC to AD Controllers that will work in
> redundancy.
> ·         Updating our netlogon script to mount Samba shares based on
> the user logging in.
> o   Part of this is getting a non-.bat script to work with both
> Windows and Mac (it's mostly a Windows environment, but we have 12
> Macs as well). I was thinking something along the lines of trying to
> detect the OS via a fastscan with nmap and, based on the OS, kick off
> logon.bat (Windows) or login.sh (for Macs) in order to mount the
> network shares as well as pushing out an agent for that takes an
> inventory of the workstations logging in.
> §  The Macs haven't been joined to the domain yet, but with the new
> Samba instances it's something I'm looking into doing.
> ·         The part that has me nervous: actually testing all this
> out. My biggest concern is if I spin up the new Samba AD controllers,
> it will interfere with the existing ones and thereby causing hell for
> my users. Is there any way to isolate the set up for testing so that,
> if it's successful, it'd just be a matter of shutting down the old
> PDC and BDC, spin up the new redundant AD controllers and have the
> users be able to continue working seamlessly.
> This is my first time working with Samba to this extent and I've done
> some reading based on the documentation for Samba (specifically,
> https://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html) and
> random blogs, but wanted to see if someone could provide a more exact
> answer. I'm not necessarily looking for the exact commands, just a
> guideline from some folks who may have done something like this
> before. What I'm currently working with:
> Old setup
>                 PDC is running on Samba 4.1.17 on top of Debian 8
> with bind9 acting as the DNS server BDC is running on Samba 3.6.6 on
> top of Debian 7 with bind9 running as well, but the configuration
> seems to be the default
> New setup
>                 Debian 8.6 with Samba 4.2.10 for both servers that
> the soon-to-be redundant AD Controllers will be sitting on.
> Please let me know if more information is needed and MUCH appreciated
> in advance to those who can help!
> Charish

Is there some reason why you aren't considering upgrading to AD ?


More information about the samba mailing list