[Samba] move domain member server to new hardware
Rowland Penny
rpenny at samba.org
Fri Jun 7 15:11:32 UTC 2024
On Fri, 7 Jun 2024 16:56:35 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 07.06.24 um 15:56 schrieb Rowland Penny via samba:
>
> >> Could I join the domain with another name and IP now ... to be able
> >> to test things (introducing btrfs snaphots this time) with all
> >> AD-features, but on a "test name"? And then leave the domain,
> >> change FQDN/IP and rejoin?
> >
> > I would create a 'test' machine and join that, once you are sure
> > that everything is working correctly (and you have documented the
> > procedure), just create a new machine with the correct FQDN/IP and
> > join that.
> > On a Unix domain member, all you need to backup is the smb.conf and
> > the directories you have shared. If you put the shares in /srv ,
> > then all you need to backup is /srv and the smb.conf
>
> ok ...
>
> that new server would be my test machine ;-)
>
> -
>
> Let me show you the smb.conf
>
> It has grown over years and was topic in quite a few threads in here.
> I am sure it still needs improvement ;-)
>
> That "ARBEITSGRUPPE" (german for workgroup) comes from the NT4-domain
> that was in place earlier (!)
>
>
> # cat /etc/samba/smb.conf
> [global]
> security = ADS
> workgroup = ARBEITSGRUPPE
> realm = arbeitsgruppe.sometld.at
> log file = /var/log/samba/%m.log
> log level = 2
>
> #log level = 5 auth:5 winbind:8
>
> # template
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /mnt/samba/Daten/%U
>
> idmap config * : backend = tdb
> idmap config * : range = 2000-3999
>
> idmap config ARBEITSGRUPPE:backend = rid
> idmap config ARBEITSGRUPPE:range = 10000-99999
>
> username map = /etc/samba/user.map
>
> kerberos method = secrets and keytab
> dedicated keytab file = /etc/krb5.keytab
>
> winbind use default domain = Yes
> winbind refresh tickets = Yes
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> #interfaces = bond0
>
> #hosts allow = 10.0.0.22,10.0.0.50
>
> printing = CUPS
Nothing wrong there, there are a couple of default settings, but these
will not affect anything.
>
> At "vfs objects": some shares will also have "shadow_copy2" to use
> btrfs snapshots. I assume (will check in docs...) I have to add
> "acl_xattr" also then (to not toggle off the global setting, right?)
Anytime you set 'vfs objects' in 'global' then in a share, you must
state the vfs objects that will apply to that share.
More information about the samba
mailing list