[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Wed Nov 30 19:30:50 UTC 2022

Excellent.
Thx, for your explanation Rowland, now I can understand lots better.
I'm close to shutting down the old primary ad-dc to test if everyone can
login and next try to demote it.

Some things I want to know before demoting.

I need to make a backup of the old samba 4.1 ad-dc on the old server "DC1".
I backed up manually all the /usr/local/samba/ directory

I was thinking of using this script of samba4 on GIT, which is more updated
than the one I was using.
https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4

I already transferred  FSMO roles to the new server "DC2" . Is there any
other thing I need to do before demoting the primary DC.
Anything else I must check or be careful with?

About the NEW ad-dc "DC2"
I have 4 full server backups a day on that server, do you think I need to
backup samba anyway or is this enough if something fails.

Thx in advance.

El lun, 28 nov 2022 a las 13:45, Rowland Penny via samba (<
samba at lists.samba.org>) escribió:

>
>
> On 28/11/2022 16:11, Juan Ignacio wrote:
> > I didn't log into unix directly, I logged on a windows machine.
> > The problem is I needed the administrator account to manage some gpos
> > and move the files from one member server to another and rewrite the
> > permissions, timestamp and file ownership on windows.
> > If I write a file on the member it shows as root what seems correct for
> > me because I don't want anyone accessing that share right now.
> > At least until I finish migrating the files.
> >
> >     Administrator is the Windows
> >     administrator with thr RID '500', so with your DOMAIN low range it
> will
> >     have the Unix ID 10500, it is just a normal Unix user.
> >
> >
> > How can I know that?
> >
> > We are not mapping administrator to root?
> >
> > OURDOMAIN\administrator is not equal to root and the uid=0?
> >
> > Sorry im trying to understand better.
> >
>
> You are (or were) mapping Administrator to root, you had in smb.conf
> this line:
>
> username map = /etc/samba/user.map
>
> which should contain one line:
>
> !root = OURDOMAIN\Administrator
>
> This would, when Administrator connects via Samba have mapped the
> Windows user 'Administrator' to the Unix user 'root'
> However, due to a recent change, any RID under '1000' is ignored unless
> you also set 'min uid = 0' in smb.conf
>
> If you run 'getent passwd Administrator' on a Unix machine, you should
> get something like this:
>
> administrator:*:10500:10513::/home/administrator:/bin/bash
>
> This is using the 'rid' idmap backend.
>
> As you can see, Unix knows 'Administrator by the ID '10500'. '10500' !=
> '0' ('0' being the Unix ID for 'root')
>
> Do not do anything directly on Unix as Administrator, If you want to use
> Administrator on Unix, use the 'root' user instead.
>
> I hope this helps.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>