[Samba] Migrating, Upgrading & Testing Samba 4 PDC/BDC
Charish Patel
charish at bluefountainmedia.com
Thu Sep 29 13:57:39 UTC 2016
If you mean regular Microsoft AD, the reason is simple: cost. Management sadly does not want to shell out the money for it.
If you mean upgrading the Samba PDC to AD, that is what I want to do but on the new servers as opposed to the current set up.
Charish
-----Original Message-----
From: Rowland Penny [mailto:rpenny at samba.org]
Sent: Wednesday, September 28, 2016 12:23 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Migrating, Upgrading & Testing Samba 4 PDC/BDC
On Wed, 28 Sep 2016 16:11:23 +0000
Charish Patel via samba <samba at lists.samba.org> wrote:
> Hi folks,
>
> I've been tasked with a migration of our servers and, as the subject
> implies, part of it involves a PDC and BDC that were set up before my
> time. However, I'm trying to accomplish a little bit more to give
> myself, the sysadmin, a little bit more automation capability:
>
>
> · Migrate the PDC and BDC both to new servers (part of this
> I've already done with copying /etc/passwd, group, shadow, and gshadow
> along with smb.conf, secrets.tdb and passwd.tdb. There is no LDAP
> and/or Kerberos configuration).
>
> · Upgrade the PDC and BDC to AD Controllers that will work in
> redundancy.
>
> · Updating our netlogon script to mount Samba shares based on
> the user logging in.
>
> o Part of this is getting a non-.bat script to work with both
> Windows and Mac (it's mostly a Windows environment, but we have 12
> Macs as well). I was thinking something along the lines of trying to
> detect the OS via a fastscan with nmap and, based on the OS, kick off
> logon.bat (Windows) or login.sh (for Macs) in order to mount the
> network shares as well as pushing out an agent for that takes an
> inventory of the workstations logging in.
>
> § The Macs haven't been joined to the domain yet, but with the new
> Samba instances it's something I'm looking into doing.
>
> · The part that has me nervous: actually testing all this
> out. My biggest concern is if I spin up the new Samba AD controllers,
> it will interfere with the existing ones and thereby causing hell for
> my users. Is there any way to isolate the set up for testing so that,
> if it's successful, it'd just be a matter of shutting down the old PDC
> and BDC, spin up the new redundant AD controllers and have the users
> be able to continue working seamlessly.
>
> This is my first time working with Samba to this extent and I've done
> some reading based on the documentation for Samba (specifically,
> https://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html) and
> random blogs, but wanted to see if someone could provide a more exact
> answer. I'm not necessarily looking for the exact commands, just a
> guideline from some folks who may have done something like this
> before. What I'm currently working with:
>
> Old setup
> PDC is running on Samba 4.1.17 on top of Debian 8 with
> bind9 acting as the DNS server BDC is running on Samba 3.6.6 on top of
> Debian 7 with bind9 running as well, but the configuration seems to be
> the default
>
> New setup
> Debian 8.6 with Samba 4.2.10 for both servers that the
> soon-to-be redundant AD Controllers will be sitting on.
>
> Please let me know if more information is needed and MUCH appreciated
> in advance to those who can help!
>
> Charish
>
Is there some reason why you aren't considering upgrading to AD ?
Rowland
More information about the samba
mailing list