[Samba] Upgrade old infrastructure running 4.3 (and 4.13)

Rowland Penny rpenny at samba.org
Wed Sep 1 15:45:48 UTC 2021


On Wed, 2021-09-01 at 17:16 +0200, Lorenzo Milesi via samba wrote:
> > I hope this helps you out.
> 
> Thank you very much for the detailed explaination!
> 
> I'm just wondering, what's the purpose of seizing fsmo roles and then
> do step upgrades of Samba? Once it's cut off, I can delete
> everything, install 4.14 straight and join it back as suggested
> here[1].

There is no point in doing step upgrades if 4.3.x is removed.

> 
> As per OS I need to remain on Ubuntu 18.04 as there's another
> application which doesn't support 20.04. So I was going to use
> LinuxSchools PPA [2].

What application will not work on 20.04 ?

> 
> What concerns me the most is the head note of the upgrade page, given
> I'm currently on 4.3:
> You should only consider using this method if you are running a
> modern Samba installation (i.e. v4.7 release or later, with a minimum
> 2008R2 base schema). It is better to use this method for major Samba
> version upgrades (e.g. v4.10 to v4.11).
> My schema is ok (47), but the version is not.

Once you get up to a recent Samba version, you can upgrade the schema.

> 
> Two further notes:
> 1. dbcheck returns no error on 4.3, while on 4.13 shows:
> root at landc:~# samba-tool dbcheck --cross-ncs
> Checking 3534 objects
> NOTE: old (due to rename or delete) DN string component for
> fromServer in object CN=5ba66c59-f19c-4b5d-b565-3ff8d03c6562,CN=NTDS
> Settings,CN=LANDC,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=contoso,DC=lan - CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=contoso,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for
> fSMORoleOwner in object
> CN=Infrastructure,DC=DomainDnsZones,DC=contoso,DC=lan - CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=contoso,DC=lan
> Not fixing old string component
> NOTE: old (due to rename or delete) DN string component for
> fSMORoleOwner in object
> CN=Infrastructure,DC=ForestDnsZones,DC=contoso,DC=lan - CN=NTDS
> Settings,CN=DC1,CN=Servers,CN=Default-First-Site-
> Name,CN=Sites,CN=Configuration,DC=contoso,DC=lan
> Not fixing old string component
> Checked 3534 objects (0 errors)

Once you remove the first DC (which I presume is called DC1), you
should be able to remove the above errors from AD
 
> 2. transfering roles throws an error (as I wrote in the first email),
> is seizing them "safer"? :)

Not safer as such, just a different way of doing it, but you will have
to use '--force' as well or it will try to transfer the roles first.

Rowland





More information about the samba mailing list