[Samba] Upgrading an old server

Rowland Penny rpenny at samba.org
Wed Apr 5 09:38:50 UTC 2023



On 05/04/2023 09:59, Tamás Németh via samba wrote:
> Dear All!
> 
>   (As I wrote earlier) I'm working on removing an ancient (3.2.5) SaMBa
> member server from an Active Directory domain, and replacing it with SaMBa
> 4.16.4 running on AlmaLinux 9. The domain controllers are Windows servers,
> and the old SaMBa is joined to the domain with "security = domain" type of
> security (the old NT4 type).
> 
>   I'm afraid once I remove the old server from the domain, there is now way
> back for it, however it will have to be removed, since the new server has
> to have the same name.

I take that everything is hard wired to the old servers hostname and 
yes, once it has gone, it has gone.

> 
>   There are millions of files on the old server with 8bit encoded filenames
> (pre-UTF8) and UIDs and GIDs stored in local files.
> 
>   The new SaMBa server is already running with RID idmap backend, and I've
> probably found a way to rename all files to have UTF-8 names and remap all
> UIDs and GIDs on the files to the new ones, even in POSIX ACLs, and all the
> necessary user and group names do exist on the new server either locally,
> or in the AD.

It would be better if ALL the users and groups were in AD.

> 
>   My question is the following:
> 
> After removing the old SaMBa server from the domain, do I have to remove,
> rename and rejoin the new one, or is there a way to rename it while being
> part of the domain?

Not that I am aware, part of the join involves creating an AD object for 
the computer, so you have to leave the domain, rename the computer and 
then rejoin the domain. (Hint: do not specify 'netbios name' in the 
smb.conf, Samba will set it for you).

> Either way, what is the correct way to change the name
> of a SaMBa member server in a Windows controlled AD domain?

See above.

< What files do I
> have to delete (if any) during the operation?

You will probably have to modify /etc/hostname and /etc/hosts

> Will the RID backend give me
> a 100% guarantee that Linux UIDs and GIDs will remain unchanged on the new
> server during this "rename" process?

Provided you use the same 'idmap config' lines on a Unix domain member, 
the 'rid' idmap backend will always return the same ID's. This is 
because they are calculated from the AD objects RID and the DOMAIN low 
range.

Rowland



More information about the samba mailing list