[Samba] move domain member server to new hardware

Rowland Penny rpenny at samba.org
Fri Jun 7 15:11:32 UTC 2024 

On Fri, 7 Jun 2024 16:56:35 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:

> Am 07.06.24 um 15:56 schrieb Rowland Penny via samba:
> 
> >> Could I join the domain with another name and IP now ... to be able
> >> to test things (introducing btrfs snaphots this time) with all
> >> AD-features, but on a "test name"? And then leave the domain,
> >> change FQDN/IP and rejoin?
> > 
> > I would create a 'test' machine and join that, once you are sure
> > that everything is working correctly (and you have documented the
> > procedure), just create a new machine with the correct FQDN/IP and
> > join that.
> > On a Unix domain member, all you need to backup is the smb.conf and
> > the directories you have shared. If you put the shares in /srv ,
> > then all you need to backup is /srv and the smb.conf
> 
> ok ...
> 
> that new server would be my test machine ;-)
> 
> -
> 
> Let me show you the smb.conf
> 
> It has grown over years and was topic in quite a few threads in here.
> I am sure it still needs improvement ;-)
> 
> That "ARBEITSGRUPPE" (german for workgroup) comes from the NT4-domain 
> that was in place earlier (!)
> 
> 
> # cat /etc/samba/smb.conf
> [global]
>          security = ADS
>          workgroup = ARBEITSGRUPPE
>          realm = arbeitsgruppe.sometld.at
>          log file = /var/log/samba/%m.log
>          log level = 2
> 
>          #log level = 5 auth:5 winbind:8
> 
> # template
> winbind nss info = template
> template shell = /bin/bash
> template homedir = /mnt/samba/Daten/%U
> 
>          idmap config * : backend = tdb
>          idmap config * : range = 2000-3999
> 
>          idmap config ARBEITSGRUPPE:backend = rid
>          idmap config ARBEITSGRUPPE:range = 10000-99999
> 
>          username map = /etc/samba/user.map
> 
>          kerberos method = secrets and keytab
>          dedicated keytab file = /etc/krb5.keytab
> 
>          winbind use default domain = Yes
>          winbind refresh tickets = Yes
> 
>          vfs objects = acl_xattr
>          map acl inherit = yes
>          store dos attributes = yes
> 
>          #interfaces = bond0
> 
>          #hosts allow = 10.0.0.22,10.0.0.50
> 
>          printing = CUPS

Nothing wrong there, there are a couple of default settings, but these
will not affect anything.

> 
> At "vfs objects": some shares will also have "shadow_copy2" to use
> btrfs snapshots. I assume (will check in docs...) I have to add
> "acl_xattr" also then (to not toggle off the global setting, right?)

Anytime you set 'vfs objects' in 'global' then in a share, you must
state the vfs objects that will apply to that share.

More information about the samba mailing list