[Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10

L.P.H. van Belle belle at bazuin.nl
Fri Jun 14 12:06:55 UTC 2019

Hi Sven, 

I had a quick look and its much better. Few small points. 

For the members. 
This might be a choice, but on the fileservers, the loggings is a bit difference still. 
And krb5-locales is on one but not the other. 

Last i see, there is no user mapping file for the members. 
Which normaly have !root = DOM\Administrator
( or BUILTIN\Administrator, depending on you setup )

On the DC's. 
Turn this off : dsdb:schema update allowed = true 
This is only needed if you change/import the schema. 
And krb5-locales is on one but not the other. 
Or remove from all, or add to all, if you dont use it, i suggest remove it. 

For the upgrade path. 
Read:   https://wiki.samba.org/index.php/Updating_Samba
And this text file shows some good debian specific info
Some parts are already fixed, but its mainly making sure the smb.conf is correct for the version your upgradeing to. 

>From 4.5, i suggest, goto 4.8 then 4.9 then 4.10, if you follow my repo. 
Its the safest upgrade path as far i know. ( official or my repo )

If you want to follow debian official repo, then i suggest, stay on 4.5 or upgrade to 4.8 (my repo) until Debian Buster is released. 
Thats because my 4.9 version is higher then Debian Official. 

I personaly do the DC with FSMO roles always first, after the samba upgrade i wait about 5 min, 
this depends a bit on the AD-DB size/replication time, then reboot the server.
Then i do the other DC, same steps.

One thing i do advice before you upgrade. Stongly adviced.

Backup samba AD-DC and copy : /etc/samba /var/lib/samba /var/cache/samba

On the members, 
If you use backen RID, then do the samba on the members. 
For backen AD i dont do that, but its still adviced to do also. 
You on backend AD with the members, so your choice.. what to backup. 
Paths are the same as the AD-DC folders. (/etc/samba /var/lib/samba /var/cache/samba /etc/krb5.keytab )

If you have these folders, you can always downgrade, stop samba, restore above folders and start again. 

I make snapshots of my complete server, so my backup strategy is a bit different. 



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven 
> Schwedas via samba
> Verzonden: vrijdag 14 juni 2019 12:21
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10
> With some slight delay, we did actually manage to get all our 
> old wonky
> compatibility solutions nuked (turned out there were a few 
> more lurking
> in the shadows than expected?). Mail servers are no longer domain
> joined, and unencrypted LDAP is finally gone, together with 
> the terrible
> PHP scripts that needed it.
> Which allowed me to finally cleanup all the samba setups:
> https://up.tao.at/u/samba/graz-file.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-file.2019-06-14T11:29:02+02:00.txt
> (File servers)
> https://up.tao.at/u/samba/graz-dc-sem.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/graz-dc-1b.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-dc-1a.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-dc-bis.2019-06-14T11:29:02+02:00.txt
> (DCs)
> Hopefully, all the configurations should be clean now, or did I miss
> something?
> As for upgrading to Samba 4.10, in what order should the servers be
> upgraded? Members first? Update DC withous FSMO roles, move FSMO roles
> to one of them, then update the old FSMO holder last?
> -- 
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> ??? sven.schwedas at tao.at | ??? +43 680 301 7167
> TAO Digital   | Teil der TAO Beratungs- & Management GmbH
> Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
> A8020 Graz    | https://www.tao-digital.at
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list