[Samba] Replace AD DC FS with 2 new servers

Mark Amundsen amundsmark at mail.com
Mon Nov 26 12:13:11 UTC 2018

I inherited an old Samba 4 server that act as both AD DC and fileserver. Hardware is old, need to be replaced.

Plan is to add a second AD DC and join a new fileserver as a domain member, rsync all files from the old file server to the new and map clients to the new one and finally demote the old AD DC.

The old AD DC has this line in smb.conf:
idmap_ldb:use rfc2307 = yes

Because of that my understanding is that I should join the second DC with:
--option='idmap_ldb:use rfc2307 = yes'

Does this also mean that the member server that will act as a file server should have idmap config = ad?

The documentation is not clear to me, in the wiki for setting up a domain controller it is recommended to use rfc2307 but in the wiki on how to set that up it is recommended to _not_ use rfc2307 in a DC.

Samba version in old server is 4.0.14 on debian 7. On new servers I will use 4.9.2 on debian 9

Grateful for comments and suggestions :)


