[Samba] Join new DC to domain - advice to upgrade Samba 4.
L.P.H. van Belle
belle at bazuin.nl
Tue Apr 7 14:25:48 UTC 2020
What i find the safes path in upgrading.
This is how i upgrade my wheezy servers (samba 4.1.x),
All the way up to now buster samba 4.11 and starting to roll out 4.12.1 (members only at the moment)
So yes, first fix the problems, go through all logs and make sure you dont have any errors.
Reboot the server. Check again, and repeat untill you server is error free.
Remove (if needed) old packages. dpkg -l |grep -e "jessie|wheezy|deb[6-8]"
Do check these before you remove any, if these are replaced with a stretch version.
Samba, your now on 4.5.16. (debian stretch official).
So before you upgrade, check if you smb.conf is compliant with the next samba version(s).
For example these changes.
4.5.x => 4.6.0 : smb.conf changes
https://www.samba.org/samba/history/samba-4.6.0.html
================
Parameter Name Description Default
-------------- ----------- -------
kerberos encryption types New all
inherit owner New option
fruit:resource Spelling correction
lsa over netlogon New (deprecated) no
rpc server port New 0
https://www.samba.org/samba/history/samba-4.7.0.html
4.6.x => 4.7.0 : smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
allow unsafe cluster upgrade New parameter no
auth event notification New parameter no
auth methods Deprecated
client max protocol Effective SMB3_11
default changed
map untrusted to domain New value/ auto
Default changed/
Deprecated
mit kdc command New parameter
profile acls Deprecated
rpc server dynamic port range New parameter 49152-65535
strict sync Default changed yes
password hash userPassword schemes New parameter
ntlm auth New values ntlmv2-only
https://www.samba.org/samba/history/samba-4.8.0.html
4.7.x => 4.8.0 : smb.conf changes
================
smb.conf changes
================
Parameter Name Description Default
-------------- ----------- -------
apply group policies New no
auth methods Removed
binddns dir New
client schannel Default changed/ yes
Deprecated
gpo update command New
ldap ssl ads Deprecated
map untrusted to domain Removed
oplock contention limit Removed
prefork children New 1
mdns name New netbios
fruit:time machine New false
profile acls Removed
use spnego Removed
server schannel Default changed/ yes
Deprecated
unicode Deprecated
winbind scan trusted domains New yes
winbind trusted domains only Removed
! DO READ THE 4.8.x changelogs complete, on the samba site its needed!
https://www.samba.org/samba/history/samba-4.9.0.html
4.8.x => 4.9.0 : smb.conf changes
As the most popular Samba install platforms (Linux and FreeBSD) both
support extended attributes by default, the parameters "map readonly",
"store dos attributes" and "ea support" have had their defaults changed
to allow better Windows fileserver compatibility in a default install.
Parameter Name Description Default
-------------- ----------- -------
map readonly Default changed no
store dos attributes Default changed yes
ea support Default changed yes
full_audit:success Default changed none
full_audit:failure Default changed none
When your sure samba is ready for the next version, now, enable my repo,
wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc | apt-key add -
echo "# AptVanBelle repo for samba." | sudo tee /etc/apt/sources.list.d/van-belle.list
# Samba 4.6.latest
echo "deb http://apt.van-belle.nl/debian stretch-samba46 main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list
With every samba upgrade use : apt-get update && apt-get dist-upgrade --autoremove --purge
Repeat for 4.7 stretch-samba47
Repeat for 4.8 stretch-samba48
Now stop..
Now upgrade stretch to buster.
Change the content in /etc/apt/sources.list file to buster
apt-get update
apt-get dist-upgrade -dy #download only , always do this if your upgrading because if internet drops your in problems.
apt-get dist-upgrade --autoremove --purge
And your automaticly back on the Debian Official 4.9.5.
Which is outdated also, where i advice to upgrade to 4.10 at least better 4.11 but thats totaly up to you.
Good luck, problems, mail the list..
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Rowland penny via samba
> Verzonden: dinsdag 7 april 2020 16:08
> Aan: sambalist
> Onderwerp: Re: [Samba] Join new DC to domain - advice to
> upgrade Samba 4.
>
> On 07/04/2020 14:51, Daniel Lopes de Carvalho wrote:
> > Hi Rowland, thanks for your email.
> >
> > The working DC was installed around 2 years ago. It is the
> reason to
> > stick in Stretch. But if I can upgrade the working DC to Buster and
> > Samba 4.9.5 without any problem, it is OK to me.
> I would upgrade Debian and once you get everything working correctly,
> you can use Louis's repo: http://apt.van-belle.nl/
> >
> >
> > Find below the output of samba-tool join command:
> >
> > samba-tool domain join test.example.domain.br
> > <http://test.example.domain.br> DC -U"test/administrator" -d3
> >
> > Finding a writeable DC for domain 'test.example.domain.br
> > <http://test.example.domain.br>'
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > _ldap._tcp.test.example.domain.br
> <http://tcp.test.example.domain.br><0x0>
> > Found DC adc02.test.example.domain.br
> > <http://adc02.test.example.domain.br>
> > resolve_lmhosts: Attempting lmhosts lookup for name
> > adc02.test.example.domain.br
> <http://adc02.test.example.domain.br><0x20>
> > Password for [test\administrator]:
> > Cannot reach a KDC we require to contact
> > ldap/adc02.test.example.domain.br@ : kinit for administrator at test
> > failed (Cannot contact any KDC for requested realm)
>
> That looks like your problem, for some reason
> 'adc02.example.domain.br'
> cannot be found.
>
> Can you run the attached script on the machine you are trying
> to join as
> a DC and then post the output in a reply to the mailing list, do not
> attach it, this mailing list strips attachments.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list