[Samba] Upgrade Samba 4
Marcio Demetrio Bacci
marciobacci at gmail.com
Fri Aug 30 12:07:09 UTC 2019
Hi,
I was able to update.
Apparently everything is OK.
Is it safe to transfer FSMO rols to DC2 (samba 4.10.7) to upgrade DC1
(Samba 4.5.16)?
Below are the tests I did:
Checking smb.conf with testparm
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC
Done
Checking smb.conf with samba-tool
INFO 2019-08-30 08:46:53,674 pid:6665
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #96: Loaded smb
config files from /etc/samba/smb.conf
INFO 2019-08-30 08:46:53,675 pid:6665
/usr/lib/python3/dist-packages/samba/netcmd/testparm.py #97: Loaded
services file OK.
Done
Setting up winbind (2: 4.10.7-0.1 ~ deb9) ...
Samba is being run as an AD Domain Controller: Masking winbind.service
Please ignore the following error about deb-systemd-helper not finding
those services.
(winbind.service already masked)
Setting up samba (2: 4.10.7-0.1 ~ deb9) ...
Samba is being run as an AD Domain Controller: Masking smbd.service
nmbd.service
Please ignore the following error about deb-systemd-helper not finding
those services.
(smbd.service already masked)
(nmbd.service already masked)
Processing triggers for libc-bin (2.24-11 + deb9u4) ...
root at samba4-dc2:~# samba -V
Version 4.10.7-Debian
root at samba4-dc2:~# systemctl status samba-ad-dc
● samba-ad-dc.service - Samba AD Daemon
Loaded: loaded (/lib/systemd/system/samba-ad-dc.service; enabled; vendor
preset: enabled)
Active: active (running) since Fri 2019-08-30 08:48:26 -03; 21s ago
Docs: man:samba(8)
man:samba(7)
man:smb.conf(5)
Main PID: 6992 (samba)
Status: "smbd: ready to serve connections..."
Tasks: 23 (limit: 4915)
CGroup: /system.slice/samba-ad-dc.service
├─6992 samba: root process
├─6993 samba: task[s3fs_parent]
├─6994 samba: task[dcesrv]
├─6995 samba: task[nbtd]
├─6996 samba: task[wrepl]
├─6997 samba: task[ldapsrv]
├─6998 samba: tfork waiter process
├─6999 samba: task[cldapd]
├─7000 samba: conn[kdc_tcp] c[ipv4:192.168.91.14:59442] s[ipv4:
192.168.1.22:88] server_id[7000.40]
├─7001 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7002 samba: task[dreplsrv]
├─7003 samba: task[winbindd_parent]
├─7004 samba: task[ntp_signd]
├─7005 samba: task[kccsrv]
├─7006 samba: task[dnsupdate]
├─7007 samba: task[dns]
├─7008 samba: tfork waiter process
├─7009 /usr/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─7017 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7018 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7019 /usr/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
├─7022 winbindd: domain child [EMPRESA]
└─7023 winbindd: idmap child
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]: [2019/08/30
08:48:26.873694, 0]
../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]:
/usr/sbin/samba_dnsupdate: GENSEC backend 'http_ntlm' registered
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]: [2019/08/30
08:48:26.873741, 0]
../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]:
/usr/sbin/samba_dnsupdate: GENSEC backend 'http_negotiate' registered
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]: [2019/08/30
08:48:26.873788, 0]
../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]:
/usr/sbin/samba_dnsupdate: GENSEC backend 'krb5' registered
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]: [2019/08/30
08:48:26.873837, 0]
../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
ago 30 08:48:26 samba4-dc2 samba[7006]: task[dnsupdate][7006]:
/usr/sbin/samba_dnsupdate: GENSEC backend 'fake_gssapi_krb5' registered
ago 30 08:48:40 samba4-dc2 samba[7005]: task[kccsrv][7005]: [2019/08/30
08:48:40.887442, 0]
../../lib/util/util_runcmd.c:327(samba_runcmd_io_handler)
ago 30 08:48:40 samba4-dc2 samba[7005]: task[kccsrv][7005]:
/usr/sbin/samba_kcc: ldb_wrap open of secrets.ldb
root at samba4-dc2:~# samba-tool drs showrepl
ldb_wrap open of secrets.ldb
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Using binding ncacn_ip_tcp:samba4-dc2.empresa.com.br[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc2.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc2.empresa.com.br<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name
samba4-dc2.empresa.com.br<0x20>
Default-First-Site-Name\SAMBA4-DC2
DSA Options: 0x00000001
DSA object GUID: 45b5b534-9bcc-483c-8f6d-5bbc37dc35e9
DSA invocationId: f621cfd8-7f92-48be-84d9-daa14ef20c05
==== INBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ Fri Aug 30 08:48:40 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Aug 30 08:48:40 2019 -03
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ Fri Aug 30 08:48:40 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Aug 30 08:48:40 2019 -03
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ Fri Aug 30 08:50:16 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Aug 30 08:50:16 2019 -03
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ Fri Aug 30 08:48:40 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Aug 30 08:48:40 2019 -03
DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ Fri Aug 30 08:50:36 2019 -03 was successful
0 consecutive failure(s).
Last success @ Fri Aug 30 08:50:36 2019 -03
==== OUTBOUND NEIGHBORS ====
DC=ForestDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=DomainDnsZones,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
CN=Schema,CN=Configuration,DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
DC=empresa,DC=com,DC=br
Default-First-Site-Name\SAMBA4-DC1 via RPC
DSA object GUID: a1ab021c-0ef7-4fd3-a69d-28afc7c1260a
Last attempt @ NTTIME(0) was successful
0 consecutive failure(s).
Last success @ NTTIME(0)
==== KCC CONNECTION OBJECTS ====
Connection --
Connection name: 3135cf0d-0109-4a40-be6f-44e1eca5b5d2
Enabled : TRUE
Server DNS name : samba4-dc1.empresa.com.br
Server DN name : CN=NTDS
Settings,CN=SAMBA4-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=empresa,DC=com,DC=br
TransportType: RPC
options: 0x00000001
Warning: No NC replicated for Connection!
root at samba4-dc2:~# samba-tool ldapcmp ldap://SAMBA4-DC1 ldap://SAMBA4-DC2
-UAdministrator
resolve_lmhosts: Attempting lmhosts lookup for name SAMBA4-DC1<0x20>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Password for [EMPRESA\Administrador]:
resolve_lmhosts: Attempting lmhosts lookup for name SAMBA4-DC2<0x20>
* Comparing [DOMAIN] context...
* Objects to be compared: 1869
* Result for [DOMAIN]: SUCCESS
* Comparing [CONFIGURATION] context...
* Objects to be compared: 1640
* Result for [CONFIGURATION]: SUCCESS
* Comparing [SCHEMA] context...
* Objects to be compared: 1518
* Result for [SCHEMA]: SUCCESS
* Comparing [DNSDOMAIN] context...
* Objects to be compared: 565
* Result for [DNSDOMAIN]: SUCCESS
* Comparing [DNSFOREST] context...
* Objects to be compared: 31
* Result for [DNSFOREST]: SUCCESS
Regards,
Márcio Bacci
Em sex, 30 de ago de 2019 às 08:44, L.P.H. van Belle <belle at bazuin.nl>
escreveu:
> No, thats also correct.
>
> Because in 4.10 new packages are added and removed.
>
> you need to run : apt-get dist-upgrade
>
> Small note, i always run : apt-get dist-upgrade -y
> -dy , download and yes.
>
> then run : apt-get dist-upgrade -y
>
> that makes sure you always have all the needed packages on you server
> before you upgrade.
>
> Greetz,
>
> Louis
>
>
> ------------------------------
> *Van:* Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
> *Verzonden:* vrijdag 30 augustus 2019 13:40
> *Aan:* L.P.H. van Belle
> *CC:* samba at lists.samba.org
> *Onderwerp:* Re: [Samba] Upgrade Samba 4
>
> Hi,
>
> Really, version 4.9-12 solved the DBCHECK problem.
>
> Apparently, in version 4.9-12 everything is OK, just not being able to
> upgrade to version 4.10, as follows:
>
> Reading package lists ... Ready
> Building dependency tree
> Reading status info ... Ready
> 10 packages can be upgraded. Run 'apt list --upgradable' to see them.
> Reading package lists ... Ready
> Building dependency tree
> Reading status info ... Ready
> Calculating update ... Ready
> The following packages have been installed automatically and are no longer
> required:
> libfile-copy-recursive-perl update-inetd
> Use 'apt autoremove' to remove them.
> The following packages will be kept in their current versions:
> libldb1 libwbclient0 samba samba common samba common bin samba dsdb
> modules samba libs samba vfs modules winbind
> 0 updated packages, 0 new packages installed, 0 to be removed and 9 not
> updated.
>
> I'm using Debian 9.9.
>
> Regards,
>
> Márcio Bacci
>
> Em sex, 30 de ago de 2019 às 06:51, L.P.H. van Belle <belle at bazuin.nl>
> escreveu:
>
>> Hai,
>>
>> You can safely ignore that mesage.
>>
>> If both servers are done and running 4.8. procede to 4.9
>>
>> >> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
>> element'
>> is fixed in later samba versions
>>
>> Greetz,
>>
>> Louis
>>
>>
>>
>>
>> ------------------------------
>> *Van:* Marcio Demetrio Bacci [mailto:marciobacci at gmail.com]
>> *Verzonden:* vrijdag 30 augustus 2019 11:39
>> *Aan:* L.P.H. van Belle
>> *CC:* samba at lists.samba.org
>> *Onderwerp:* Re: [Samba] Upgrade Samba 4
>>
>> Hi,
>>
>> I upgraded to Samba 4.8-12 as follows:
>>
>> Checking smb.conf with testparm
>> Load smb config files from /etc/samba/smb.conf
>> Loaded services file OK.
>> Server role: ROLE_ACTIVE_DIRECTORY_DC
>>
>> Done
>> Checking smb.conf with samba-tool
>> Done
>> Configurando samba-dsdb-modules:amd64 (2:4.8.12-1~deb9) ...
>> Configurando winbind (2:4.8.12-1~deb9) ...
>> Instalando nova versão do arquivo de configuração /etc/init.d/winbind ...
>> Instalando nova versão do arquivo de configuração
>> /etc/logrotate.d/winbind ...
>> Samba is being run as an AD Domain Controller: Masking winbind.service
>> Please ignore the following error about deb-systemd-helper not finding
>> those services.
>> (winbind.service masked)
>> Removing obsolete conffile /etc/init/winbind.conf ...
>> Configurando samba (2:4.8.12-1~deb9) ...
>> Instalando nova versão do arquivo de configuração /etc/init.d/nmbd ...
>> Instalando nova versão do arquivo de configuração /etc/init.d/samba-ad-dc
>> ...
>> Instalando nova versão do arquivo de configuração /etc/init.d/smbd ...
>> Instalando nova versão do arquivo de configuração /etc/logrotate.d/samba
>> ...
>> Samba is being run as an AD Domain Controller: Masking smbd.service
>> nmbd.service
>> Please ignore the following error about deb-systemd-helper not finding
>> those services.
>> (smbd.service masked)
>> (nmbd.service masked)
>> Removing obsolete conffile /etc/init.d/samba ...
>> Removing obsolete conffile /etc/init/nmbd.conf ...
>> Removing obsolete conffile /etc/init/reload-smbd.conf ...
>> Removing obsolete conffile /etc/init/samba-ad-dc.conf ...
>> Removing obsolete conffile /etc/init/smbd.conf ...
>> A processar 'triggers' para libc-bin (2.24-11+deb9u4) ...
>> A processar 'triggers' para systemd (232-25+deb9u11) ...
>>
>> Replication looks OK (samba-tool drs showrepl), but dbcheck does not.
>>
>> samba-tool dbcheck --cross-ncs
>> ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such
>> element'
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
>> 177, in _run
>> return self.run(*args, **kwargs)
>> File "/usr/lib/python2.7/dist-packages/samba/netcmd/dbcheck.py", line
>> 142, in run
>> check_expired_tombstones=selftest_check_expired_tombstones)
>> File "/usr/lib/python2.7/dist-packages/samba/dbchecker.py", line 200,
>> in __init__
>> self.tombstoneLifetime = int(res[0]["tombstoneLifetime"][0])
>>
>> Regards,
>>
>> Márcio Bacci
>>
>> Em sex, 30 de ago de 2019 às 06:18, L.P.H. van Belle via samba <
>> samba at lists.samba.org> escreveu:
>>
>>> Hai,
>>>
>>> No, keep everything as is.
>>>
>>> Since your upgrading from 4.5 ( and this is probely why your upgrade to
>>> 4.7 broke )
>>> Make sure you settings are respecting config requirements of 4.8.
>>>
>>> If you do hit an error.
>>> Read : http://downloads.van-belle.nl/samba4/Upgrade-info.txt
>>> And if needed mail the list, im buzy with some servers atm, but i'll
>>> keep an eye on the list.
>>>
>>>
>>> Greetz,
>>>
>>> Louis
>>>
>>>
>>>
>>> > -----Oorspronkelijk bericht-----
>>> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>>> > Marcio Demetrio Bacci via samba
>>> > Verzonden: vrijdag 30 augustus 2019 11:13
>>> > Aan: sambalist
>>> > Onderwerp: [Samba] Upgrade Samba 4
>>> >
>>> > Hi,
>>> >
>>> > To upgrade my secondary DC Samba 4.5-16 to 4.8 should I
>>> > remove the smb.conf
>>> > file in /etc/samba first? I remember I tried last month to
>>> > upgrade from
>>> > 4.5-16 to 4.7 and broke the installation.
>>> >
>>> > Or are just the procedures below enough?
>>> >
>>> > Create this file repo file for apt.
>>> > echo "deb http://apt.van-belle.nl/debian stretch-samba48 main contrib
>>> > non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list
>>> >
>>> > Import my key.
>>> > wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc
>>> > | apt-key add
>>> > -
>>> >
>>> > apt update -y && apt upgrade -y
>>> > Remove the 4.8 line from the repo, enable 4.9 repeat apt update && apt
>>> > upgrade
>>> > systemctl stop samba-ad-dc && systemctl start samba-ad-dc
>>> >
>>> > Then I will upgrade to 4.9 and 4.10.
>>> >
>>> > If all goes well, I'll do it for DC Samba 4 Master.
>>> >
>>> > Regards,
>>> >
>>> > Márcio Bacci
>>> > --
>>> > To unsubscribe from this list go to the following URL and read the
>>> > instructions: https://lists.samba.org/mailman/options/samba
>>> >
>>> >
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
More information about the samba
mailing list