[Samba] DCs & subnets
perttu.aaltonen at mac.com
Mon Mar 13 11:11:05 UTC 2023
> On 10. Mar 2023, at 17.53, Rowland Penny via samba <samba at lists.samba.org> wrote:
> Ah, managers, those people who, mostly, haven't got a clue and just get in the way LOL
I think there’s also a fallacy where updates might be put back because of the perceived risk or amount of work. For example updating Samba when having good backups and possibility to rollback easily might be viewed as more risky than some appliance with one-click update procedure but no way to rollback if something goes wrong with the update process.
Anyway, I tested the update in an isolated environment with a copy of the current DC. I discovered there have been two other DCs long gone now that were still holding some of the FSMO roles. So I seized the roles to the current DC, joined a new DC with 4.17.5 from bullseye-backports, transferred roles again to the new DC, demoted all other DCs and ran dbcheck —fix to remove the stale information about the old DCs.
Seems to be working fine, I can’t see anything wrong with it and luckily AD is only used for authentication, no GPOs needed although I copied sysvol as well.
I’ll poke around a bit more before doing the same in production, but went easier than I would’ve imagined for such a big jump.
More information about the samba