[Samba] demote old dc

Rowland Penny rpenny at samba.org
Mon Jan 2 15:11:55 UTC 2023 


On 02/01/2023 14:46, Corrado Ravinetto via samba wrote:
> Happy new year at all
> 
> I sould substitute an old dc wiht this parameters in smb.conf

No

> [global]
>          dns forwarder = 192.168.1.1
>          os level = 250
>          passdb backend = samba_dsdb
>          realm = LXCERRUTI.COM
>          server role = active directory domain controller
>          template homedir = //srvcerruti/Cerruti/usr/%U
>          workgroup = LXCERRUTI
>          rpc_server:tcpip = no
>          rpc_daemon:spoolssd = embedded
>          rpc_server:spoolss = embedded
>          rpc_server:winreg = embedded
>          rpc_server:ntsvcs = embedded
>          rpc_server:eventlog = embedded
>          rpc_server:srvsvc = embedded
>          rpc_server:svcctl = embedded
>          rpc_server:default = external
>          winbindd:use external pipes = true
>          idmap_ldb:use rfc2307 = yes
>          idmap config * : backend = tdb

If you do have a DC with all those lines it is wrong, most of them are 
defaults, unless you obtained them with 'testparm -s' rather than 
'samba-tool testparm'.


> 
> the new one have :
> [global]
>          netbios name = DC4
>          realm = LXCERRUTI.COM
>          server role = active directory domain controller
>          workgroup = LXCERRUTI
>          idmap_ldb:use rfc2307 = yes
>          dns update command = /usr/local/samba/sbin/samba_dnsupdate --use-samba-tool
>          os level = 250

You do not use 'os level' on a Samba AD DC, it is an NT4-style parameter.

>          min protocol = NT1
>         client min protocol = NT1

Talking of which, why are you still using 'NT1' ?

>          dns forwarder = 192.168.1.1
>          template homedir = //srvcerruti/Cerruti/usr/%U

That is just wrong, the default is 'template homedir = /home/%D/%U', you 
seem to be trying to use a share on another computer, this will not work.

> 
> my question is : i must merge two smb.conf or i can use the new one ???

As pointed out, it very likely they are using the same basic smb.conf 
files, apart from the mangling you appear to have carried out. I would 
use the new one after you have repaired it.

> Two dc are in replica whitout problem, can i demote old dc or should i expect toruble ??

Provided the 'new' DC now holds the FSMO roles, you should be able to 
demote the old one.

Rowland

More information about the samba mailing list