[Samba] Sanity Check my upgrade: Samba AD Domain from 4.7.6 to 4.13.17 (Ubuntu 18.04 to 20.04)

Holan defactoman at gmail.com
Fri Sep 23 19:34:47 UTC 2022


Ha! good catch on the 10s (manual re-ordering gone bad).  Thanks for
reminding me on the idmap.ldb and sysvol! replication.

On Fri, Sep 23, 2022 at 11:11 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:

>
>
> On 23/09/2022 18:47, Holan via samba wrote:
> > I know a few of these have been posted and reading them has helped me
> craft
> > the update method I will use.  As my moment draws near I'm hoping someone
> > can  let me know if I have the right idea on how to perform the update to
> > my domain.
> >
> > I have two domain controllers running on Ubuntu 18.04 with Samba
> > 4.7.6~dfsg. If anyone has any suggestions or common pitfalls they would
> > like to share I would be grateful as I'm hoping to make this smooth and
> > there are some smart people on this listserv.  Here is my plan.
> >
> > The plan:  update two Samba AD DCs running on Ubuntu 18.04 to 20.04 using
> > BIND as a DNS backend.  Changing the version from 4.7.6 to 4.13.17.
> >
> > The steps:
> > PRE-STEP 0) read all the patch notes from 4.7.6 to 4.13.17.  REQUEST:  If
> > anyone has any common areas of concern jumping from 4.7.6 to 4.13.17 I
> > would love to hear them.  I have domain members on Windows, Mac and Linux
> > (RHEL/Ubuntu) with a mix of Winbind and SSSD depending on the server
> owners
> > preference on the Linux side.   I try to use Winbind whenever possible.
>  I
> > run BIND DNS as the backend on the DCs.
> >
> > 1) Run dbcheck on current 4.7.6 domain and ensure it is in good health.
> > 2) Create a new server running on Ubuntu 20.04 (not using 22.04 to avoid
> > making the samba version jump too big - is my reasoning okay?).
> > 3) Install samba ad according to normal installation methods (get DNS
> > setup...etc.) and join it to the existing domain running on 4.7.6.
> > 4) Verify the new domain controller is working and replicating okay.
> Give
> > it 30 minutes to stabilize and ensure operation.
> > 5) Transfer the FSMO role from the 4.7.6 DC that holds it to the new
> > 4.13.17 DC I just setup.
> > 6) Demote the 4.7.6 DC I just transferred the FSMO from.
> > 7) Verify that the domain is still working.
> > 8) Start replacement of the second 4.7.6 DC.  Create a new server running
> > on Ubuntu 20.04.
> > 9) Install Samba AD the same way per my environment.
> > 10) Join to the domain.
> > 10) Verify it is functional and replicating
> > 11) Demote the remaining 4.7.6 DC it is replacing.
> > 12) re-verify everything is working, check replication, run dbcheck
> again,
> > and then drink a beer either way.
> >
> > This should then leave me with two new Domain Controllers running
> 4.13.17.
> > Both 4.7.6 would be demoted and everything should be happy.
> >
> > Does this sound correct?   Any suggestions are appreciated as I really
> > don't want to screw this up.  Thanks and I really appreciate everyone's
> > efforts on this listserv.  I've been using it as a resource for what
> feels
> > like a decade at this point.
>
> First, you have two number ten's
> That sound okay, but you have forgotten Sysvol, you will need to sync
> this (along idmap.ldb) to each new DC.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Daryl Lee
defactoman at gmail.com


More information about the samba mailing list