[Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10

L.P.H. van Belle belle at bazuin.nl
Fri Jun 14 12:42:55 UTC 2019 

Hai, 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Sven 
> Schwedas via samba
> Verzonden: vrijdag 14 juni 2019 14:38
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Spring Cleanup / Migrating Samba 4.5 to 4.10
> 
> On 14.06.19 14:06, L.P.H. van Belle via samba wrote:
> > Hi Sven, 
> > 
> > I had a quick look and its much better. Few small points. 
> > 
> > For the members. 
> > This might be a choice, but on the fileservers, the 
> loggings is a bit difference still. 
> > And krb5-locales is on one but not the other. 
> > 
> > Last i see, there is no user mapping file for the members. 
> > Which normaly have !root = DOM\Administrator
> > ( or BUILTIN\Administrator, depending on you setup )
> > 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_
> Member#Mapping_the_Domain_Administrator_Account_to_the_Local_r
> oot_User 
> 
> I'll take a look at that.
> 
> > On the DC's. 
> > Turn this off : dsdb:schema update allowed = true 
> > This is only needed if you change/import the schema. 
> 
> We did do changes to schema, to allow handling advanced mailing
> configurations for our Cyrus setup, but we don't plan any further
> changes now. So we can disable it without touching these changes?

Yes, correct. 

> 
> > And krb5-locales is on one but not the other. 
> > Or remove from all, or add to all, if you dont use it, i 
> suggest remove it. 
> 
> Right, that's just an artifact of how the servers were set up. Will
> clean that up.
> 
> > For the upgrade path. 
> > Read:   https://wiki.samba.org/index.php/Updating_Samba
> > And this text file shows some good debian specific info
> > http://downloads.van-belle.nl/samba4/Upgrade-info.txt 
> > Some parts are already fixed, but its mainly making sure 
> the smb.conf is correct for the version your upgradeing to. 
> > 
> > From 4.5, i suggest, goto 4.8 then 4.9 then 4.10, if you 
> follow my repo. 
> > Its the safest upgrade path as far i know. ( official or my repo )
> 
> Alright, sounds good. Will probably stick with your repo, 
> might as well. 
> 
> > If you want to follow debian official repo, then i suggest, 
> stay on 4.5 or upgrade to 4.8 (my repo) until Debian Buster 
> is released. 
> > Thats because my 4.9 version is higher then Debian Official. 
> > 
> > I personaly do the DC with FSMO roles always first, after 
> the samba upgrade i wait about 5 min, 
> > this depends a bit on the AD-DB size/replication time, then 
> reboot the server.
> > Then i do the other DC, same steps.
> 
> How would I make sure that the AD DB is replicated? Check the time
> stamps of `samba-tool drs showrepl` ?

Yes, just run the replication check, and i often just watch "top" 
And wait untill samba its CPU load drops to 0. then i do the other. 
And before you start, as shown on the wiki page, samba-tool dbcheck 
First fix things then upgrade. 

> 
> > One thing i do advice before you upgrade. Stongly adviced.
> > 
> > Backup samba AD-DC and copy : /etc/samba /var/lib/samba 
> /var/cache/samba
> > 
> > On the members, 
> > If you use backen RID, then do the samba on the members. 
> > For backen AD i dont do that, but its still adviced to do also. 
> > You on backend AD with the members, so your choice.. what 
> to backup. 
> > Paths are the same as the AD-DC folders. (/etc/samba 
> /var/lib/samba /var/cache/samba /etc/krb5.keytab )
> > 
> > If you have these folders, you can always downgrade, stop 
> samba, restore above folders and start again. 
> > 
> > I make snapshots of my complete server, so my backup 
> strategy is a bit different. 
> 
> We use ZFS snapshots for backups and replication, so we have 
> those anyway.

Ah, thats good, that saves time if things go wrong.

Greetz, 

Louis

More information about the samba mailing list