[Samba] Migrating, Upgrading & Testing Samba 4 PDC/BDC

Charish Patel charish at bluefountainmedia.com
Thu Sep 29 13:57:39 UTC 2016

If you mean regular Microsoft AD, the reason is simple: cost. Management sadly does not want to shell out the money for it.

If you mean upgrading the Samba PDC to AD, that is what I want to do but on the new servers as opposed to the current set up.


-----Original Message-----
From: Rowland Penny [mailto:rpenny at samba.org] 
Sent: Wednesday, September 28, 2016 12:23 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Migrating, Upgrading & Testing Samba 4 PDC/BDC

On Wed, 28 Sep 2016 16:11:23 +0000
Charish Patel via samba <samba at lists.samba.org> wrote:

> Hi folks,
> I've been tasked with a migration of our servers and, as the subject 
> implies, part of it involves a PDC and BDC that were set up before my 
> time. However, I'm trying to accomplish a little bit more to give 
> myself, the sysadmin, a little bit more automation capability:
> ·         Migrate the PDC and BDC both to new servers (part of this
> I've already done with copying /etc/passwd, group, shadow, and gshadow 
> along with smb.conf, secrets.tdb and passwd.tdb. There is no LDAP 
> and/or Kerberos configuration).
> ·         Upgrade the PDC and BDC to AD Controllers that will work in
> redundancy.
> ·         Updating our netlogon script to mount Samba shares based on
> the user logging in.
> o   Part of this is getting a non-.bat script to work with both
> Windows and Mac (it's mostly a Windows environment, but we have 12 
> Macs as well). I was thinking something along the lines of trying to 
> detect the OS via a fastscan with nmap and, based on the OS, kick off 
> logon.bat (Windows) or login.sh (for Macs) in order to mount the 
> network shares as well as pushing out an agent for that takes an 
> inventory of the workstations logging in.
> §  The Macs haven't been joined to the domain yet, but with the new 
> Samba instances it's something I'm looking into doing.
> ·         The part that has me nervous: actually testing all this
> out. My biggest concern is if I spin up the new Samba AD controllers, 
> it will interfere with the existing ones and thereby causing hell for 
> my users. Is there any way to isolate the set up for testing so that, 
> if it's successful, it'd just be a matter of shutting down the old PDC 
> and BDC, spin up the new redundant AD controllers and have the users 
> be able to continue working seamlessly.
> This is my first time working with Samba to this extent and I've done 
> some reading based on the documentation for Samba (specifically,
> https://www.samba.org/samba/docs/man/Samba-Guide/upgrades.html) and 
> random blogs, but wanted to see if someone could provide a more exact 
> answer. I'm not necessarily looking for the exact commands, just a 
> guideline from some folks who may have done something like this 
> before. What I'm currently working with:
> Old setup
>                 PDC is running on Samba 4.1.17 on top of Debian 8 with 
> bind9 acting as the DNS server BDC is running on Samba 3.6.6 on top of 
> Debian 7 with bind9 running as well, but the configuration seems to be 
> the default
> New setup
>                 Debian 8.6 with Samba 4.2.10 for both servers that the 
> soon-to-be redundant AD Controllers will be sitting on.
> Please let me know if more information is needed and MUCH appreciated 
> in advance to those who can help!
> Charish

Is there some reason why you aren't considering upgrading to AD ?


More information about the samba mailing list