[Samba] DM 3.6.25 -> 4.x
L.P.H. van Belle
belle at bazuin.nl
Wed May 30 07:21:23 UTC 2018
Hai Stefan,
Yes, its always better to ask the list, that way everybody can learn from it. ;-)
> Do you think I will have to rejoin it to the domain?
No i dont think so.
Please note, o dont know anything about gentoo except that they have a good wiki/info pages.
If this was debian, then in this case, what i would extra do here, run :
samba -b and backup all folders of samba and any thing samba related.
Export the installed packages list.
Now if you install a new gentoo, import the packages list, and you need the same hostname and ip and the samba backup.
The files : hosts resolv.conf nsswitch.conf, this is also a bit depending on the use and setup, but review these.
! Install a the new server, and only pull the packages from the server dont install yet. !
On debian thats apt-get install packages -d ( download only )
Place the backups on this server and now pull the network connection.
Install all needed packages, stop samba, put the backup back, start samba.
Reboot the server, "still network detached", review logs and clean up logs, powerdown.
Power off the old server, so nothing is changed there, change the network cable to the new server, and power up new server.
If the old server is only used for and with samba, above setups will give a clean installed server with an old samba upgraded.
If moveing to a new isnt an option the make sure you do make a full system backup.
Clone the harddisk to an other hdd, fasted with minimal chance on error when you restore.
And this is an fast way to backup, i just attach a bit sata disk and clone the disk.
The config below is really outdated yes. This is what i would start with.
[global]
netbios name = U1SECRETCUSTOMER
netbios aliases = samba
server string = U1SECRETCUSTOMER
security = ads
workgroup = SECRETCUSTOMER
realm = SECRETCUSTOMER.INTRA
domain master = no
local master = no
preferred master = no
interfaces = 192.168.100.4/24
bind interfaces only = Yes
idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config SECRETCUSTOMER : backend = rid
idmap config SECRETCUSTOMER : range = 10000-20000
# depending on the samba version. You might need these.
#idmap config SECRETCUSTOMER : unix_nss_info = yes
#idmap config SECRETCUSTOMER : unix_primary_group = yes
winbind use default domain = yes
winbind nss info = template
template homedir = /mnt/MSA2040/smb/Homes/%D/%U
template shell = /bin/false
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
unix extensions = no
follow symlinks= yes
wide links= yes
unix charset = iso8859-15
force unknown acl user = Yes
load printers = no
printcap name = /dev/null
disable spoolss = yes
# Audit settings
vfs objects = full_audit
full_audit:prefix = %u|%I|%S
full_audit:failure = connect
full_audit:success = mkdir rmdir write pwrite rename unlink chmod fchmod chown fchown ftruncate
full_audit:facility = local5
full_audit:priority = notice
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Stefan G. Weichinger [mailto:lists at xunil.at]
> Verzonden: dinsdag 29 mei 2018 18:32
> Aan: L.P.H. van Belle
> Onderwerp: DM 3.6.25 -> 4.x
>
>
> (should I ask that on the list?)
>
> thanks for a short feedback on this ->
>
> With june I get the job to admin a gentoo server with an old state of
> software:
>
> samba-3.6.25 domain member server
>
> I told them that I want to update the whole box asap ... and I think
> this won't be that much of a problem.
>
> Do you think I will have to rejoin it to the domain?
>
> I see some errors in the smb.conf already:
>
>
> [global]
> unix charset = iso8859-15
>
> security = ads
> realm = SECRETCUSTOMER.INTRA
> #password server = 192.168.100.32
> workgroup = SECRETCUSTOMER
> idmap uid = 10000 - 20000
> idmap gid = 10000 - 20000
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 10
> winbind use default domain = yes
> template homedir = /mnt/MSA2040/smb/Homes/%D/%U
> template shell = /bin/false
> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes
> restrict anonymous = 2
> domain master = no
> local master = no
> preferred master = no
> os level = 0
> invalid users = root bin daemon adm sync shutdown
> halt mail news
> uucp
> obey pam restrictions = yes
> debug level = 5
>
> netbios name = U1SECRETCUSTOMER
> netbios aliases = samba
> server string = U1SECRETCUSTOMER
> interfaces = 192.168.100.4/24
> bind interfaces only = Yes
> map to guest = Bad User
> name resolve order = wins lmhosts hosts bcast
> wins support = Yes
> # idmap config * : range =
> # idmap config * : backend = tdb
> force unknown acl user = Yes
> hosts allow = 10.98.1., 10.0.8., 192.168.1., 192.168.90.,
> 192.168.101, 192.168.100.5, 192.168.100.11, 192.168.100.13,
> 192.168.100.30, 192.168.100.31, 192.168.100.32, 192.168.100.33,
> 192.168.100.34, 192.168.100.35, 192.168.100.36, 192.168.100.37,
> 192.168.100.38, 192.168.100.39, 192.168.100.50, 192.168.100.51,
> 192.168.100.52, 192.168.100.53, 192.168.100.54, 192.168.100.55,
> 192.168.100.56, 192.168.100.57, 192.168.100.58, 192.168.100.59,
> 192.168.100.60, 192.168.100.61, 192.168.100.62, 192.168.100.63,
> 192.168.100.64, 192.168.100.65, 192.168.100.66, 192.168.100.67,
> 192.168.100.68, 192.168.100.69, 192.168.100.70, 192.168.100.71,
> 192.168.100.72, 192.168.100.73, 192.168.100.74, 192.168.100.75,
> 192.168.100.76, 192.168.100.77, 192.168.100.78, 192.168.100.79,
> 192.168.100.80, 192.168.100.81, 192.168.100.82, 192.168.100.83,
> 192.168.100.84, 192.168.100.85, 192.168.100.86, 192.168.100.87,
> 192.168.100.88, 192.168.100.89, 192.168.100.90, 192.168.100.91,
> 192.168.100.92, 192.168.100.93, 192.168.100.94, 192.168.100.95,
> 192.168.100.96, 192.168.100.97, 192.168.100.98, 192.168.100.99,
> 192.168.100.100, 192.168.100.101, 192.168.100.102, 192.168.100.103,
> 192.168.100.104, 192.168.100.105, 192.168.100.106, 192.168.100.107,
> 192.168.100.108, 192.168.100.109, 192.168.100.110, 192.168.100.111,
> 192.168.100.112, 192.168.100.113, 192.168.100.114, 192.168.100.115,
> 192.168.100.116, 192.168.100.117, 192.168.100.118, 192.168.100.119,
> 192.168.100.120, 192.168.100.121, 192.168.100.122, 192.168.100.123,
> 192.168.100.124, 192.168.100.125, 192.168.100.126, 192.168.100.127,
> 192.168.100.128, 192.168.100.129, 192.168.100.130, 192.168.100.131,
> 192.168.100.132, 192.168.100.133, 192.168.100.134, 192.168.100.135,
> 192.168.100.136, 192.168.100.137, 192.168.100.138, 192.168.100.139,
> 192.168.100.140, 192.168.100.141, 192.168.100.142, 192.168.100.143,
> 192.168.100.144, 192.168.100.145, 192.168.100.146, 192.168.100.147,
> 192.168.100.148, 192.168.100.149, 192.168.100.200, 192.168.100.203,
> 192.168.100.204
> nt acl support = No
> unix extensions = no
> follow symlinks= yes
> wide links= yes
>
> ##########################################
> ## changes since 2016-02-11 ##############
> ##########################################
> # log level = 2
> load printers = no
> printcap name = /dev/null
> # Audit settings
> vfs objects = full_audit
> full_audit:prefix = %u|%I|%S
> full_audit:failure = connect
> #full_audit:success = connect disconnect opendir mkdir rmdir closedir
> open close read pread write pwrite sendfile rename unlink chmod fchmod
> chown fchown chdir ftruncate lock symlink readlink link mknod realpath
> full_audit:success = mkdir rmdir write pwrite rename unlink
> chmod fchmod chown fchown ftruncate
> full_audit:facility = local5
> full_audit:priority = notice
>
>
More information about the samba
mailing list