[Samba] No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
Rowland Penny
rpenny at samba.org
Mon Nov 26 15:22:04 UTC 2018
On Mon, 26 Nov 2018 09:32:20 -0500
Glenn Bergeron via samba <samba at lists.samba.org> wrote:
>
> On 2018-11-26, 4:07 AM, "Rowland Penny" <rpenny at samba.org> wrote:
>
> >
> > [global]
> > netbios name = ISOFS2
> > realm = ISO.PRIVATE
> > server role = active directory domain controller
> > workgroup = ISO
> > ldap server require strong auth = no #Was required for
> > FSMO transfer from old server dns forwarder = 1.1.1.1
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > hide dot files = yes
> > store dos attributes = yes
>
> Oh dear, you have confused Samba, 'acl_xattr etc' is built into a
> DC
>
>
> Can I suggest you change the [global] part to just this:
>
> [global]
> netbios name = ISOFS2
> realm = ISO.PRIVATE
> server role = active directory domain controller
> workgroup = ISO
> ldap server require strong auth = no #Was required for
> FSMO transfer from old server dns forwarder = 1.1.1.1
> idmap_ldb:use rfc2307 = yes
>
>
>
> What do you mean by "vfs objects = acl_xattr" is built into a DC?
Just what I said, it is built into a Samba DC:
root at dc4:~# samba-tool testparm -v | grep 'vfs objects'
vfs objects =
> Unless you mean this is something that's changed in a newer version
> of Samba than I originally had this option in. I added " vfs objects
> = acl_xattr" long ago on the original server as a result of pain
> associated with file permissions constantly being reset to only being
> writable by the last person who saved a file on a share. At least, I
> think that was the reason - it was a few years ago. It could have
> also had to do with the fact that, at the time, there was a couple of
> shares that OSX machines had to access as well, and they had their
> own idea of how to implement SMB.
>
> I don't remember why I needed "map acl inherit = yes", and "store dos
> attributes = yes", but they would have been added to solve a problem.
> If they're there, then they seem to have worked. At least back then.
>
> The "hide dot files" also has to do with Macs accessing the shares,
> as they drop a file called ".DS_Store" in every directory it touches.
OK, so you need that one, the others, you do not.
>
> Do you sync idmap.ldb as well ?
>
> I probably did afterwards without implicitly looking for that file,
> by re-synching what's under /var/lib/samba.
You shouldn't have to re-synch /var/lib/samba, in fact you shouldn't,
sam.ldb is in /var/lib/samba/private and this shouldn't be synched
between DC's
>After all, things are
> suddenly working now - after I did those last steps of changing the
> DNS on the workstations to use the new server as its Primary, and
> changing the roaming profile paths to reflect "isofs2".
>
> One thing to add though. Now that I've shut off the old server, I'm
> getting errors in the logs of the new server about not being able to
> connect to - I assume the old server, probably to sync. I thought I
> prevented that but I guess I missed a step. What did I miss?
>
How did you demote the old DC.
Rowland
More information about the samba
mailing list