[Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10

Sven Schwedas sven.schwedas at tao.at
Fri Jun 14 12:37:49 UTC 2019 

On 14.06.19 14:06, L.P.H. van Belle via samba wrote:
> Hi Sven, 
> 
> I had a quick look and its much better. Few small points. 
> 
> For the members. 
> This might be a choice, but on the fileservers, the loggings is a bit difference still. 
> And krb5-locales is on one but not the other. 
> 
> Last i see, there is no user mapping file for the members. 
> Which normaly have !root = DOM\Administrator
> ( or BUILTIN\Administrator, depending on you setup )
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Mapping_the_Domain_Administrator_Account_to_the_Local_root_User 

I'll take a look at that.

> On the DC's. 
> Turn this off : dsdb:schema update allowed = true 
> This is only needed if you change/import the schema. 

We did do changes to schema, to allow handling advanced mailing
configurations for our Cyrus setup, but we don't plan any further
changes now. So we can disable it without touching these changes?

> And krb5-locales is on one but not the other. 
> Or remove from all, or add to all, if you dont use it, i suggest remove it. 

Right, that's just an artifact of how the servers were set up. Will
clean that up.

> For the upgrade path. 
> Read:   https://wiki.samba.org/index.php/Updating_Samba
> And this text file shows some good debian specific info
> http://downloads.van-belle.nl/samba4/Upgrade-info.txt 
> Some parts are already fixed, but its mainly making sure the smb.conf is correct for the version your upgradeing to. 
> 
> From 4.5, i suggest, goto 4.8 then 4.9 then 4.10, if you follow my repo. 
> Its the safest upgrade path as far i know. ( official or my repo )

Alright, sounds good. Will probably stick with your repo, might as well.

> If you want to follow debian official repo, then i suggest, stay on 4.5 or upgrade to 4.8 (my repo) until Debian Buster is released. 
> Thats because my 4.9 version is higher then Debian Official. 
> 
> I personaly do the DC with FSMO roles always first, after the samba upgrade i wait about 5 min, 
> this depends a bit on the AD-DB size/replication time, then reboot the server.
> Then i do the other DC, same steps.

How would I make sure that the AD DB is replicated? Check the time
stamps of `samba-tool drs showrepl` ?

> One thing i do advice before you upgrade. Stongly adviced.
> 
> Backup samba AD-DC and copy : /etc/samba /var/lib/samba /var/cache/samba
> 
> On the members, 
> If you use backen RID, then do the samba on the members. 
> For backen AD i dont do that, but its still adviced to do also. 
> You on backend AD with the members, so your choice.. what to backup. 
> Paths are the same as the AD-DC folders. (/etc/samba /var/lib/samba /var/cache/samba /etc/krb5.keytab )
> 
> If you have these folders, you can always downgrade, stop samba, restore above folders and start again. 
> 
> I make snapshots of my complete server, so my backup strategy is a bit different. 

We use ZFS snapshots for backups and replication, so we have those anyway.

> 
> 
> Greetz, 
> 
> Louis
> 
> 
> 
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven 
>> Schwedas via samba
>> Verzonden: vrijdag 14 juni 2019 12:21
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10
>>
>> With some slight delay, we did actually manage to get all our 
>> old wonky
>> compatibility solutions nuked (turned out there were a few 
>> more lurking
>> in the shadows than expected?). Mail servers are no longer domain
>> joined, and unencrypted LDAP is finally gone, together with 
>> the terrible
>> PHP scripts that needed it.
>>
>> Which allowed me to finally cleanup all the samba setups:
>>
>> https://up.tao.at/u/samba/graz-file.2019-06-14T11:29:02+02:00.txt
>> https://up.tao.at/u/samba/villach-file.2019-06-14T11:29:02+02:00.txt
>>
>> (File servers)
>>
>> https://up.tao.at/u/samba/graz-dc-sem.2019-06-14T11:29:02+02:00.txt
>> https://up.tao.at/u/samba/graz-dc-1b.2019-06-14T11:29:02+02:00.txt
>> https://up.tao.at/u/samba/villach-dc-1a.2019-06-14T11:29:02+02:00.txt
>> https://up.tao.at/u/samba/villach-dc-bis.2019-06-14T11:29:02+02:00.txt
>>
>> (DCs)
>>
>> Hopefully, all the configurations should be clean now, or did I miss
>> something?
>>
>> As for upgrading to Samba 4.10, in what order should the servers be
>> upgraded? Members first? Update DC withous FSMO roles, move FSMO roles
>> to one of them, then update the old FSMO holder last?
>>
>> -- 
>> Mit freundlichen Grüßen, / Best Regards,
>> Sven Schwedas, Systemadministrator
>> ??? sven.schwedas at tao.at | ??? +43 680 301 7167
>> TAO Digital   | Teil der TAO Beratungs- & Management GmbH
>> Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
>> A8020 Graz    | https://www.tao-digital.at
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
> 
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas at tao.at | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190614/92323b67/signature.sig>

More information about the samba mailing list