[Samba] DM 3.6.25 -> 4.x

L.P.H. van Belle belle at bazuin.nl
Wed May 30 07:21:23 UTC 2018 

Hai Stefan, 

Yes, its always better to ask the list, that way everybody can learn from it. ;-) 

> Do you think I will have to rejoin it to the domain?
No i dont think so. 

Please note, o dont know anything about gentoo except that they have a good wiki/info pages.
If this was debian, then in this case, what i would extra do here, run :  
samba -b and backup all folders of samba and any thing samba related.
Export the installed packages list. 

Now if you install a new gentoo, import the packages list, and you need the same hostname and ip and the samba backup.
The files : hosts resolv.conf nsswitch.conf, this is also a bit depending on the use and setup, but review these. 

! Install a the new server, and only pull the packages from the server dont install yet. ! 
On debian thats apt-get install packages -d ( download only ) 

Place the backups on this server and now pull the network connection. 
Install all needed packages, stop samba, put the backup back, start samba.

Reboot the server, "still network detached", review logs and clean up logs, powerdown. 
Power off the old server, so nothing is changed there, change the network cable to the new server, and power up new server.
If the old server is only used for and with samba, above setups will give a clean installed server with an old samba upgraded. 

If moveing to a new isnt an option the make sure you do make a full system backup. 
Clone the harddisk to an other hdd, fasted with minimal chance on error when you restore. 
And this is an fast way to backup, i just attach a bit sata disk and clone the disk. 

The config below is really outdated yes. This is what i would start with. 

 [global]
 	netbios name = U1SECRETCUSTOMER
	netbios aliases = samba
	server string = U1SECRETCUSTOMER
    
	security = ads
	workgroup = SECRETCUSTOMER
	realm = SECRETCUSTOMER.INTRA

	domain master = no
	local master = no
	preferred master = no
 
	interfaces = 192.168.100.4/24
	bind interfaces only = Yes
    	
	idmap config * : backend = tdb
	idmap config * : range = 2000-9999
	idmap config SECRETCUSTOMER : backend = rid
	idmap config SECRETCUSTOMER : range = 10000-20000
	
	# depending on the samba version. You might need these. 
	#idmap config SECRETCUSTOMER : unix_nss_info = yes
	#idmap config SECRETCUSTOMER : unix_primary_group = yes

	winbind use default domain = yes
	
	winbind nss info = template
	template homedir = /mnt/MSA2040/smb/Homes/%D/%U
	template shell = /bin/false

	vfs objects = acl_xattr
	map acl inherit = Yes
	store dos attributes = Yes

	unix extensions = no
	follow symlinks= yes
	wide links= yes
	unix charset = iso8859-15
	force unknown acl user = Yes

	load printers = no
	printcap name = /dev/null
	disable spoolss = yes

 # Audit settings
     vfs objects = full_audit
     full_audit:prefix = %u|%I|%S
     full_audit:failure = connect
     full_audit:success = mkdir rmdir write pwrite rename unlink chmod fchmod chown fchown ftruncate
     full_audit:facility = local5
     full_audit:priority = notice


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: Stefan G. Weichinger [mailto:lists at xunil.at] 
> Verzonden: dinsdag 29 mei 2018 18:32
> Aan: L.P.H. van Belle
> Onderwerp: DM 3.6.25 -> 4.x
> 
> 
> (should I ask that on the list?)
> 
> thanks for a short feedback on this ->
> 
> With june I get the job to admin a gentoo server with an old state of
> software:
> 
> samba-3.6.25 domain member server
> 
> I told them that I want to update the whole box asap ... and I think
> this won't be that much of a problem.
> 
> Do you think I will have to rejoin it to the domain?
> 
> I see some errors in the smb.conf already:
> 
> 
> [global]
>         unix charset = iso8859-15
> 
>         security = ads
>         realm = SECRETCUSTOMER.INTRA
>         #password server = 192.168.100.32
>         workgroup = SECRETCUSTOMER
>         idmap uid = 10000 - 20000
>         idmap gid = 10000 - 20000
>         winbind enum users = yes
>         winbind enum groups = yes
>         winbind cache time = 10
>         winbind use default domain = yes
>         template homedir = /mnt/MSA2040/smb/Homes/%D/%U
>         template shell = /bin/false
>         client use spnego = yes
>         client ntlmv2 auth = yes
>         encrypt passwords = yes
>         restrict anonymous = 2
>         domain master = no
>         local master = no
>         preferred master = no
>         os level = 0
>         invalid users = root bin daemon adm sync shutdown 
> halt mail news
> uucp
>         obey pam restrictions = yes
>         debug level = 5
> 
>         netbios name = U1SECRETCUSTOMER
>         netbios aliases = samba
>         server string = U1SECRETCUSTOMER
>         interfaces = 192.168.100.4/24
>         bind interfaces only = Yes
>         map to guest = Bad User
>         name resolve order = wins lmhosts hosts bcast
>         wins support = Yes
> #       idmap config * : range =
> #       idmap config * : backend = tdb
>         force unknown acl user = Yes
>         hosts allow = 10.98.1., 10.0.8., 192.168.1., 192.168.90.,
> 192.168.101, 192.168.100.5, 192.168.100.11, 192.168.100.13,
> 192.168.100.30, 192.168.100.31, 192.168.100.32, 192.168.100.33,
> 192.168.100.34, 192.168.100.35, 192.168.100.36, 192.168.100.37,
> 192.168.100.38, 192.168.100.39, 192.168.100.50, 192.168.100.51,
> 192.168.100.52, 192.168.100.53, 192.168.100.54, 192.168.100.55,
> 192.168.100.56, 192.168.100.57, 192.168.100.58, 192.168.100.59,
> 192.168.100.60, 192.168.100.61, 192.168.100.62, 192.168.100.63,
> 192.168.100.64, 192.168.100.65, 192.168.100.66, 192.168.100.67,
> 192.168.100.68, 192.168.100.69, 192.168.100.70, 192.168.100.71,
> 192.168.100.72, 192.168.100.73, 192.168.100.74, 192.168.100.75,
> 192.168.100.76, 192.168.100.77, 192.168.100.78, 192.168.100.79,
> 192.168.100.80, 192.168.100.81, 192.168.100.82, 192.168.100.83,
> 192.168.100.84, 192.168.100.85, 192.168.100.86, 192.168.100.87,
> 192.168.100.88, 192.168.100.89, 192.168.100.90, 192.168.100.91,
> 192.168.100.92, 192.168.100.93, 192.168.100.94, 192.168.100.95,
> 192.168.100.96, 192.168.100.97, 192.168.100.98, 192.168.100.99,
> 192.168.100.100, 192.168.100.101, 192.168.100.102, 192.168.100.103,
> 192.168.100.104, 192.168.100.105, 192.168.100.106, 192.168.100.107,
> 192.168.100.108, 192.168.100.109, 192.168.100.110, 192.168.100.111,
> 192.168.100.112, 192.168.100.113, 192.168.100.114, 192.168.100.115,
> 192.168.100.116, 192.168.100.117, 192.168.100.118, 192.168.100.119,
> 192.168.100.120, 192.168.100.121, 192.168.100.122, 192.168.100.123,
> 192.168.100.124, 192.168.100.125, 192.168.100.126, 192.168.100.127,
> 192.168.100.128, 192.168.100.129, 192.168.100.130, 192.168.100.131,
> 192.168.100.132, 192.168.100.133, 192.168.100.134, 192.168.100.135,
> 192.168.100.136, 192.168.100.137, 192.168.100.138, 192.168.100.139,
> 192.168.100.140, 192.168.100.141, 192.168.100.142, 192.168.100.143,
> 192.168.100.144, 192.168.100.145, 192.168.100.146, 192.168.100.147,
> 192.168.100.148, 192.168.100.149, 192.168.100.200, 192.168.100.203,
> 192.168.100.204
>         nt acl support = No
>         unix extensions = no
>         follow symlinks= yes
>         wide links= yes
> 
> ##########################################
> ## changes since 2016-02-11 ##############
> ##########################################
> # log level = 2
>         load printers = no
>         printcap name = /dev/null
> # Audit settings
>         vfs objects = full_audit
>         full_audit:prefix = %u|%I|%S
>         full_audit:failure = connect
> #full_audit:success = connect disconnect opendir mkdir rmdir closedir
> open close read pread write pwrite sendfile rename unlink chmod fchmod
> chown fchown chdir ftruncate lock symlink readlink link mknod realpath
>         full_audit:success = mkdir rmdir write pwrite rename unlink
> chmod fchmod chown fchown ftruncate
>         full_audit:facility = local5
>         full_audit:priority = notice
> 
>

More information about the samba mailing list