[Samba] DM 3.6.25 -> 4.x

Stefan G. Weichinger lists at xunil.at
Wed May 30 07:48:04 UTC 2018


Am 2018-05-30 um 09:21 schrieb L.P.H. van Belle:
> Hai Stefan, 
> 
> Yes, its always better to ask the list, that way everybody can learn from it. ;-) 
> 
>> Do you think I will have to rejoin it to the domain?
> No i dont think so. 

Good, I don't have the ADS-Admin-password (yet) ;-)
I could ask them but for now it's better to not have to.

> Please note, o dont know anything about gentoo except that they have a good wiki/info pages.
> If this was debian, then in this case, what i would extra do here, run :  
> samba -b and backup all folders of samba and any thing samba related.
> Export the installed packages list. 
> 
> Now if you install a new gentoo, import the packages list, and you need the same hostname and ip and the samba backup.
> The files : hosts resolv.conf nsswitch.conf, this is also a bit depending on the use and setup, but review these. 
> 
> ! Install a the new server, and only pull the packages from the server dont install yet. ! 
> On debian thats apt-get install packages -d ( download only ) 
> 
> Place the backups on this server and now pull the network connection. 
> Install all needed packages, stop samba, put the backup back, start samba.
> 
> Reboot the server, "still network detached", review logs and clean up logs, powerdown. 
> Power off the old server, so nothing is changed there, change the network cable to the new server, and power up new server.
> If the old server is only used for and with samba, above setups will give a clean installed server with an old samba upgraded. 
> 
> If moveing to a new isnt an option the make sure you do make a full system backup. 
> Clone the harddisk to an other hdd, fasted with minimal chance on error when you restore. 
> And this is an fast way to backup, i just attach a bit sata disk and clone the disk. 

This will happen in place, no new hardware.
We have backups on tapes everyday, that is part of my job as well.


> The config below is really outdated yes. This is what i would start with. 
> 
>  [global]
>  	netbios name = U1SECRETCUSTOMER
> 	netbios aliases = samba
> 	server string = U1SECRETCUSTOMER
>     
> 	security = ads
> 	workgroup = SECRETCUSTOMER
> 	realm = SECRETCUSTOMER.INTRA
> 
> 	domain master = no
> 	local master = no
> 	preferred master = no
>  
> 	interfaces = 192.168.100.4/24
> 	bind interfaces only = Yes
>     	
> 	idmap config * : backend = tdb
> 	idmap config * : range = 2000-9999
> 	idmap config SECRETCUSTOMER : backend = rid
> 	idmap config SECRETCUSTOMER : range = 10000-20000
> 	
> 	# depending on the samba version. You might need these. 
> 	#idmap config SECRETCUSTOMER : unix_nss_info = yes
> 	#idmap config SECRETCUSTOMER : unix_primary_group = yes
> 
> 	winbind use default domain = yes
> 	
> 	winbind nss info = template
> 	template homedir = /mnt/MSA2040/smb/Homes/%D/%U
> 	template shell = /bin/false
> 
> 	vfs objects = acl_xattr
> 	map acl inherit = Yes
> 	store dos attributes = Yes
> 
> 	unix extensions = no
> 	follow symlinks= yes
> 	wide links= yes
> 	unix charset = iso8859-15
> 	force unknown acl user = Yes
> 
> 	load printers = no
> 	printcap name = /dev/null
> 	disable spoolss = yes
> 
>  # Audit settings
>      vfs objects = full_audit
>      full_audit:prefix = %u|%I|%S
>      full_audit:failure = connect
>      full_audit:success = mkdir rmdir write pwrite rename unlink chmod fchmod chown fchown ftruncate
>      full_audit:facility = local5
>      full_audit:priority = notice

Yes, thanks.
The idmap stuff scares me the most ;-)

I will see when to start that, I have to keep the downtime at minimum etc

Would it make sense to do some intermediate step to a lower 4.x version
or go straight from 3.6.25 to 4.8.2 ?

Thanks, Stefan





More information about the samba mailing list