[Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10

L.P.H. van Belle belle at bazuin.nl
Fri Jun 14 12:06:55 UTC 2019


Hi Sven, 

I had a quick look and its much better. Few small points. 

For the members. 
This might be a choice, but on the fileservers, the loggings is a bit difference still. 
And krb5-locales is on one but not the other. 

Last i see, there is no user mapping file for the members. 
Which normaly have !root = DOM\Administrator
( or BUILTIN\Administrator, depending on you setup )
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User 

On the DC's. 
Turn this off : dsdb:schema update allowed = true 
This is only needed if you change/import the schema. 
And krb5-locales is on one but not the other. 
Or remove from all, or add to all, if you dont use it, i suggest remove it. 

For the upgrade path. 
Read:   https://wiki.samba.org/index.php/Updating_Samba
And this text file shows some good debian specific info
http://downloads.van-belle.nl/samba4/Upgrade-info.txt 
Some parts are already fixed, but its mainly making sure the smb.conf is correct for the version your upgradeing to. 

>From 4.5, i suggest, goto 4.8 then 4.9 then 4.10, if you follow my repo. 
Its the safest upgrade path as far i know. ( official or my repo )

If you want to follow debian official repo, then i suggest, stay on 4.5 or upgrade to 4.8 (my repo) until Debian Buster is released. 
Thats because my 4.9 version is higher then Debian Official. 

I personaly do the DC with FSMO roles always first, after the samba upgrade i wait about 5 min, 
this depends a bit on the AD-DB size/replication time, then reboot the server.
Then i do the other DC, same steps.

One thing i do advice before you upgrade. Stongly adviced.

Backup samba AD-DC and copy : /etc/samba /var/lib/samba /var/cache/samba

On the members, 
If you use backen RID, then do the samba on the members. 
For backen AD i dont do that, but its still adviced to do also. 
You on backend AD with the members, so your choice.. what to backup. 
Paths are the same as the AD-DC folders. (/etc/samba /var/lib/samba /var/cache/samba /etc/krb5.keytab )

If you have these folders, you can always downgrade, stop samba, restore above folders and start again. 

I make snapshots of my complete server, so my backup strategy is a bit different. 


Greetz, 

Louis





> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven 
> Schwedas via samba
> Verzonden: vrijdag 14 juni 2019 12:21
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10
> 
> With some slight delay, we did actually manage to get all our 
> old wonky
> compatibility solutions nuked (turned out there were a few 
> more lurking
> in the shadows than expected?). Mail servers are no longer domain
> joined, and unencrypted LDAP is finally gone, together with 
> the terrible
> PHP scripts that needed it.
> 
> Which allowed me to finally cleanup all the samba setups:
> 
> https://up.tao.at/u/samba/graz-file.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-file.2019-06-14T11:29:02+02:00.txt
> 
> (File servers)
> 
> https://up.tao.at/u/samba/graz-dc-sem.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/graz-dc-1b.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-dc-1a.2019-06-14T11:29:02+02:00.txt
> https://up.tao.at/u/samba/villach-dc-bis.2019-06-14T11:29:02+02:00.txt
> 
> (DCs)
> 
> Hopefully, all the configurations should be clean now, or did I miss
> something?
> 
> As for upgrading to Samba 4.10, in what order should the servers be
> upgraded? Members first? Update DC withous FSMO roles, move FSMO roles
> to one of them, then update the old FSMO holder last?
> 
> -- 
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> ??? sven.schwedas at tao.at | ??? +43 680 301 7167
> TAO Digital   | Teil der TAO Beratungs- & Management GmbH
> Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
> A8020 Graz    | https://www.tao-digital.at
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 




More information about the samba mailing list