[Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10
L.P.H. van Belle
belle at bazuin.nl
Fri Jun 14 12:06:55 UTC 2019
Hi Sven,
I had a quick look and its much better. Few small points.
For the members.
This might be a choice, but on the fileservers, the loggings is a bit difference still.
And krb5-locales is on one but not the other.
Last i see, there is no user mapping file for the members.
Which normaly have !root = DOM\Administrator
( or BUILTIN\Administrator, depending on you setup )
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User
On the DC's.
Turn this off : dsdb:schema update allowed = true
This is only needed if you change/import the schema.
And krb5-locales is on one but not the other.
Or remove from all, or add to all, if you dont use it, i suggest remove it.
For the upgrade path.
Read: https://wiki.samba.org/index.php/Updating_Samba
And this text file shows some good debian specific info
http://downloads.van-belle.nl/samba4/Upgrade-info.txt
Some parts are already fixed, but its mainly making sure the smb.conf is correct for the version your upgradeing to.
>From 4.5, i suggest, goto 4.8 then 4.9 then 4.10, if you follow my repo.
Its the safest upgrade path as far i know. ( official or my repo )
If you want to follow debian official repo, then i suggest, stay on 4.5 or upgrade to 4.8 (my repo) until Debian Buster is released.
Thats because my 4.9 version is higher then Debian Official.
I personaly do the DC with FSMO roles always first, after the samba upgrade i wait about 5 min,
this depends a bit on the AD-DB size/replication time, then reboot the server.
Then i do the other DC, same steps.
One thing i do advice before you upgrade. Stongly adviced.
Backup samba AD-DC and copy : /etc/samba /var/lib/samba /var/cache/samba
On the members,
If you use backen RID, then do the samba on the members.
For backen AD i dont do that, but its still adviced to do also.
You on backend AD with the members, so your choice.. what to backup.
Paths are the same as the AD-DC folders. (/etc/samba /var/lib/samba /var/cache/samba /etc/krb5.keytab )
If you have these folders, you can always downgrade, stop samba, restore above folders and start again.
I make snapshots of my complete server, so my backup strategy is a bit different.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven
> Schwedas via samba
> Verzonden: vrijdag 14 juni 2019 12:21
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10
>
> With some slight delay, we did actually manage to get all our
> old wonky
> compatibility solutions nuked (turned out there were a few
> more lurking
> in the shadows than expected?). Mail servers are no longer domain
> joined, and unencrypted LDAP is finally gone, together with
> the terrible
> PHP scripts that needed it.
>
> Which allowed me to finally cleanup all the samba setups:
>
> https://up.tao.at/u/samba/graz-file.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-file.2019-06-14T11:29:02+02:00.txt
>
> (File servers)
>
> https://up.tao.at/u/samba/graz-dc-sem.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/graz-dc-1b.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-dc-1a.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-dc-bis.2019-06-14T11:29:02+02:00.txt
>
> (DCs)
>
> Hopefully, all the configurations should be clean now, or did I miss
> something?
>
> As for upgrading to Samba 4.10, in what order should the servers be
> upgraded? Members first? Update DC withous FSMO roles, move FSMO roles
> to one of them, then update the old FSMO holder last?
>
> --
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> ??? sven.schwedas at tao.at | ??? +43 680 301 7167
> TAO Digital | Teil der TAO Beratungs- & Management GmbH
> Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach
> A8020 Graz | https://www.tao-digital.at
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list