[Samba] Upgrading Samba
Henri Transfert
hb.transfert at gmail.com
Wed Feb 6 13:18:05 UTC 2019
Thank you Rowland for your answer .
I reply inline.
>
> On Wed, 6 Feb 2019 15:20:56 +0400
> henri transfert via samba <samba at lists.samba.org> wrote:
>
> > Hello all,
> >
> > I've planned to upgrade a Samba DC from 4.6.7 to 4.9.4 .
>
> STOP!
>
> Do not do this directly, reports on here have shown that this will not work.
>
> You will have to 'walk' up the versions, it may work if you go to 4.8.3, then to
> 4.9.4, but you may have to go to 4.7.2 first.
Ok thanks for the warning . What will not work exactly ?
So , what is the recommended path to upgrade ?
1) from 4.6.7 to 4.7.2
2) then 4.7.2 to 4.8.3
3) then 4.8.3 to 4.9.4 ?
Is there a doc on the wiki about this ?
>
>
> > For that I will use the following method :
> >
> > - build a new DC from 4.9.4 sources (on CentOS 7)
>
> Make sure you use Heimdal kerberos. not the Centos default MIT.
I assume Heimdal Kerberos is the one used in 4.6.7 .
So I guess I will have to enforced Heimdal at compilation time (--with-system-heimdalkrb5 ?) .
>
> > - join this new DC to the domain
> > - transfer the FSMO roles from the old DC (4.6.7) to the new DC
> > (4.9.4)
> > - replicate the sysvoldir from old DC to new DC
> > - demote the old DC
> > - switch off the old DC
> >
> > Since I prefer to ask before facing any problems, is there any issue I
> > should take care about ? Especially from 4.6 to 4.9 release , is there
> > any big changes or incompatibility that could be a potential source of
> > troubles (Kerberos ? default values ?) ?
> > Would 4.8.8 a better seamless option ?
> >
> > The smb.conf of the old DC is :
> > # Global parameters
> > [global]
> > netbios name = OLD-DC
> > realm = MYDOM.MYCOMP.COM
> > workgroup = MYDOM
> > dns forwarder = 1.2.3.4
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > ldap server require strong auth = no
> > ntlm auth = yes
> > raw NTLMv2 auth = yes
>
> Why are you still using the very insecure NTLMv1 ?
An old requirement due to old XP clients. I guess I could remove it.
>
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol2/mydom.mycomp.com/scripts
> > read only = No
> > browseable = no
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol2
> > read only = No
> > browseable = no
>
> Does anybody know where setting 'browseable = no' on 'netlogon' & 'sysvol'
> came from ?
> totally redundant, there is no netbios browsing on a Samba AD DC, it isn't in
> 'nbt'.
If I remove "browsable=no" , I can see shares netlogon and sysvol if I go to \\MY-SAMBA-DC .
I want them to be hidden. Something wrong here ?
Thanks.
Henri
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list