[Samba] Upgrading from 4.6.x to 4.7.x AD and member server setup - recommended path

Denis Cardon dcardon at tranquil.it
Tue Jan 2 12:40:19 UTC 2018 

Hi Götz,

>> Am 31.12.2017 um 17:32 schrieb Rowland Penny via samba <samba at lists.samba.org>:
>>
>> On Sun, 31 Dec 2017 16:18:27 +0100
>> Götz Reinicke via samba <samba at lists.samba.org> wrote:
>>
>>> Hi,
>>>
>>> we have three 4.6.x AD servers in a cluster
>>
>> What do you mean by 'a cluster' ?
>>
>> If you mean an actual cluster, how are you doing this and why ?
>
> I was a bit misleading, yes, just 3 DCs.
>
>>
>>> and some member
>>> Fileservers. What is the best/savest/recomended upgrade path?
>>>
>>> Can I upgrade the AD servers one by one and run a „mixed“ setup for
>>> some time (minutes) ?
>>
>> Hopefully you mean that you just have 3 DCs, if this is the case then
>> it depends on how you are doing the updates. if you are updating using
>> packages, then the packages should stop Samba before doing the
>> update. If you are going to compile Samba yourself, you will need to
>> use the configure options as originally and stop Samba before running
>> 'make install'.
>> Either way, I would start with the DC holding all the FSMO roles.
>> Then the other two DCs, one by one.
>
> I’d do the upgrade by rpm.
>
> I did find something in the samba wiki as I had time to google, which says the other way round; starting with a server that dose NOT hols a FSMO.
>
>
> https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers <https://wiki.samba.org/index.php/Updating_Samba#Updating_Multiple_Samba_Domain_Controllers>
>
> If you are updating multiple Samba Active Directory (AD) Domain Controllers (DC), the recommended order is:
> Update one Samba AD DC that does not hold any flexible single master operations (FSMO) role.
>
> So thats the way to go ?
>
> And dose all DCs should be shut down at that time?

You can upgrade your DC in-place, just be sure to first make a test 
upgrade in a sandbox and check that everything is fine after upgrade. 
You may want to run a dbcheck --cross-ncs, and use --fix if there are 
any error, and check that you db is fine and that there is no more error 
after the dbcheck.

About the upgrade order, I usually start upgrades with the DC holding 
the FSMO role, I am not aware of any drawbacks.

You may check that you have the latest 4.7.4 rpms. Samba 4.7.4 fixes 
quite a few bugs from the older 4.7 series.

If you are upgrading to 4.7, you might double check in your sandbox that 
you don't have any duplicate forward link or dangling links after 
upgrade (dbcheck will tell you that). If you get this problem, be sure 
to know how to clean that up. Actually this is probably the one case 
where upgrade by joining a new Samba 4.7 server in your 4.6.x domain and 
demoting the 4.6.x afterward might help (I didn't check).

Beware that there are a lot of issues that arise from left-overs after 
demoting a DC. With the recent versions of Samba the command line 
"samba-tool demote --remove-other-dead-server" is doing a much better 
job at cleanup though.

Cheers, happy new year 2018,

Denis

>
> Regards . Götz
>
>
>
>

-- 
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr

More information about the samba mailing list