[Samba] Samba shares and samba server residing on different physical machines

E Kogler igoetrich at yahoo.de
Wed Aug 23 12:04:31 UTC 2023 

 Dear List,finally my new Samba 4.17.9 is up and runnig on the desired machine with all the FSMO roles transferred and the old DC demoted.
What I want to know now is how the smb.conf on my new DC should look like.Is it only copy the smb.conf used so far to the new machine, does it stay on the old machine ??
How do i write the path for the shares ?How are my users transferred ? ( Has it been done with transferring the roles ?)
???
Edgar


    Am Freitag, 21. April 2023 um 16:42:57 MESZ hat Rowland Penny via samba <samba at lists.samba.org> Folgendes geschrieben:  
 
 

On 21/04/2023 15:11, E Kogler via samba wrote:
> Hi fellow Members!I'm Systems administrator at a school using SAMBA 4 as AD DC.
> As you know, WIN11 is at the doorstep and my "old" Samba4 Server (4.9) doesn't serve Windows Servers (Server 2019) very well,
> e.g. the latest issue is that the domain administrator cannot access the GPO's or other informations from the Samba-LDAP (authentication failure ?).

Probably the new 'date' feature (where it went from 2038 to sometime 
never), you need Samba >= 4.16.0 running as a DC.

> I think that it has possibly to do with the version of kerberos SAMBA 4.9 uses.I installed SAMBA 4.9 on debian using its package.Now I want to upgrade to SAMBA 4.latest manually to be able to use patch-files being always up-to-date.

It sounds like you need to upgrade your version of Debian as well, if 
you use Debian 11 and Samba from backports, this will get you 4.17.7

> I was told to install SAMBA 4.latest on a different machine, join the domain, do the provisioning, 

No, you cannot join as a DC AND provision, the latter will get you an 
entirely new AD domain

> and shut down the old
> server.

Install the latest Debian 11 and use backports, install Samba, configure 
the machine to be a DC and then join it to your existing AD domain as a 
DC, transfer the FSMO roles from the existing DC to the new DC, demote 
the old DC and turn it off.

> My question is if I can keep all the shares and the respective data (we have around 1200 users, using about 370 GB) on the "old" machine,

Anything in the AD database should be replicated to the new DC, but it 
also sounds like you have been using the existing DC as a fileserver, 
something that Samba (or Microsoft) does not recommend.

My advice, if this is the case, join another new DC (for failover, the 
more DC's the better), then reconfigure the old, original DC as a Unix 
domain member and use it as a fileserver.

> running only the AD DC and the new kerberos version compatible to WIN11 on the "new" machine.
> In future, I'd like to transfer SAMBA 4.latest back to the original machine, restoring the status quo.

 From the sound of it, the 'status quo' isn't really good enough.

We will probably need more info to advise further.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list