[Samba] No good way to migrate 4.1 on Server A to 4.7.6 on New Server B

Glenn Bergeron glenn at gbitservices.ca
Mon Nov 26 14:32:20 UTC 2018


On 2018-11-26, 4:07 AM, "Rowland Penny" <rpenny at samba.org> wrote:

    > 
    > [global]
    > 	netbios name = ISOFS2
    > 	realm = ISO.PRIVATE
    > 	server role = active directory domain controller
    > 	workgroup = ISO
    > 	ldap server require strong auth = no #Was required for FSMO
    > transfer from old server dns forwarder = 1.1.1.1
    > 	vfs objects = acl_xattr
    > 	map acl inherit = yes
    > 	hide dot files = yes
    > 	store dos attributes = yes
    
    Oh dear, you have confused Samba, 'acl_xattr etc' is built into a DC

    
    Can I suggest you change the [global] part to just this:
    
    [global]
    	netbios name = ISOFS2
    	realm = ISO.PRIVATE
    	server role = active directory domain controller
    	workgroup = ISO
    	ldap server require strong auth = no #Was required for FSMO transfer from old server
    	dns forwarder = 1.1.1.1
    	idmap_ldb:use rfc2307 = yes



What do you mean by "vfs objects = acl_xattr" is built into a DC? Unless you mean this is something that's changed in a newer version of Samba than I originally had this option in. I added " vfs objects = acl_xattr" long ago on the original server as a result of pain associated with file permissions constantly being reset to only being writable by the last person who saved a file on a share. At least, I think that was the reason - it was a few years ago. It could have also had to do with the fact that, at the time, there was a couple of shares that OSX machines had to access as well, and they had their own idea of how to implement SMB. 

I don't remember why I needed "map acl inherit = yes", and "store dos attributes = yes", but they would have been added to solve a problem. If they're there, then they seem to have worked. At least back then.

The "hide dot files" also has to do with Macs accessing the shares, as they drop a file called ".DS_Store" in every directory it touches.
    
    
    Do you sync idmap.ldb as well ?

I probably did afterwards without implicitly looking for that file, by re-synching what's under /var/lib/samba. After all, things are suddenly working now - after I did those last steps of changing the DNS on the workstations to use the new server as its Primary, and changing the roaming profile paths to reflect "isofs2". 

One thing to add though. Now that I've shut off the old server, I'm getting errors in the logs of the new server about not being able to connect to - I assume the old server, probably to sync. I thought I prevented that but I guess I missed a step. What did I miss?


    
    Rowland
    
    
    





More information about the samba mailing list