[Samba] migrate DC from very old version of samba
Rémi
sambalist at lybrafox.be
Thu Apr 3 18:12:14 UTC 2025
Rowland Penny via samba <samba at lists.samba.org> writes:
>> > This may work, but you may have to it two stages, add a machine
>> > running Debian buster, then bookworm.
>>
>> any specific reason ?
>>
>
> From memory, there were problems upgrading/joining such old versions of
> Samba, these were addressed around Samba 4.8.0 . there have also been
> major changes since 4.8.0 , so doing it in two stages might be the best
> idea, of course making a major jump to the latest version might work,
> but I would test it first.
For the record, I backed up the complete old server, and tried the join
at night to minimize my risks, and it worked :-)
I just encountered one error:
ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
But it's documented here:
https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting#Issues_with_DNS_during_DC_join
So I wiped samba's db files on the new server, and restarted the join
while following the instructions on the wiki, and all went well.
I also made the new server the dns server for that network, then stopped
the old samba server, and tried multiple things on the client machines
(login with a new user, nltest things, Test-ComputerSecureChannel), and
everything worked.
So I think that globally I'm good, or at least not worse than before,
and I'll try to transfer FSMO to the new server, then remove the old one
from the AD.
The only thing that I noticed is these in the new server's logs:
Apr 03 09:20:43 dc1 samba[637]: [2025/04/03 09:20:43.624984, 0] source4/kdc/pac-glue.c:2402(samba_kdc_verify_pac)
Apr 03 09:20:43 dc1 samba[637]: samba_kdc_verify_pac: PAC_TYPE_REQUESTER_SID missing
Could they indicate a problem ? Or is it just something that the old dc
cannot do and it will disappear with the old dc ?
Thanks a lot,
--
Rémi
More information about the samba
mailing list