[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Juan Ignacio juan.ignacio.pazos at gmail.com
Wed Nov 23 18:49:10 UTC 2022 

Thanks Luis and Kris
I already transferred the FSMO roles to the new DC with the commands you
sent me; I have checked and they have been transferred successfully.

Was good that someone mentioned something about FSMO roles, otherwise I
would have passed it on completely.
Thanks for the links you sent me, I was able to understand more about FSMO
roles, this was really necessary to do before demoting the old server.

At the moment I would only have to solve some issues and confusion with a
member fileserver.

One of the member file servers have this on smb.conf

       idmap config * : backend = tdb
>        idmap config * : range = 3000-7999
>
>         username map = /usr/local/samba/etc/user.map
>

If i remember correctly  we used this ranges because de old acdc who also
works as file server didnt have any of that lines and the uid and gid
numbers was really long, when i installed the member server we used that to
make it work better-

I dont know if now, after sync the idmap.ldb from the old ad-dc to the new
ad-dc we will have the same long uid and gid. (Is not really important
because the new ad-dc will not work as file server but anyway)

Maybe it would have been better transferred the idmap of the member server
to the new ad-dc, or not because it is using information stored on the old
ad-dc.

On the member file server i can look owners with names instead of uid and
gid.

I think Rowland know a lot about this because he help me on that thing long
time ago..




El mié, 23 nov 2022 a las 14:20, Luis Peromarta (<lperoma at icloud.com>)
escribió:

> FSMO roles has little to do with sysvol replication.
>
>
> https://wiki.samba.org/index.php/Flexible_Single-Master_Operations_(FSMO)_Roles
>
> https://wiki.samba.org/index.php/Transferring_and_Seizing_FSMO_Roles
>
> Your new DC can own the roles while your old DC still acts as a file
> server.
>
> If you demote your old DC, most likely it will stop acting as a file
> server too, so beware.
>
> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC
>
> idmapping between your actual file server (old DC) and the new-to-be
> member server (file server) is likely to be different.  I don’t have a
> clear simple way to migrate the server from dc to member server.
>
> There’s a lot more knowledge in this list than mine.
>
> LP
> On 23 Nov 2022 at 18:09 +0100, Juan Ignacio <juan.ignacio.pazos at gmail.com>,
> wrote:
>
>
> I wonder if to do:
> samba-tool fsmo transfer --role=all -UAdministrator
>
> Is it the same as doing it with Rsync or if it is better.
> --
>
> I haven't searched for information on how to remove the old server yet, I
> don't know if it's just disconnecting it or if I should run some command on
> the new DC or the old one.
>
> If you have any information on this it would be of great help.
>
>

More information about the samba mailing list