Kevin
2005-Nov-25  15:56 UTC
[Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
Hi Folks- I'll start by saying thanks to all the people who have made samba and shared it as open source software. Samba is truly an amazing suite of software. I have a small domain of less than 10 clients which is currently being controlled with a Samba 2.2.5 PDC running on a Compaq x86 server with a very old Suse Linux 8.1 OS. Since setting up this Compaq server, my preferred distribution has changed from Suse to Gentoo and my ultimate goal is to upgrade the OS on the Compaq server to Gentoo. Perhaps the biggest reason for the change in preference is the difficulty I've found in upgrading any rpm-based distribution. Because I've tried it so many times and lost days or weeks of time in the process, I don't think I even want to try a direct upgrade of the samba-2.2.5-80 rpm on this Suse 8.1 OS, but I thought that I would instead, install a new server on the network with the Gentoo distribution and all of the latest software in Gentoo portage. With that in place, I figured I would slowly migrate the services currently being provided by the Compaq server to the new server. Since the PDC and other samba services are the most mission-critical components of the network, the biggest step in the process seems like it will be getting the new server set up to do all of the PDC and other functions of the old Compaq server. One important aspect of the migration is that I'd ultimately like to end up using ldap as the backend database. It seems to me that there are at least two ways to go about performing this migration step: 1) make the new server a PDC with the ldap backend; once running, and all other services are unloaded onto the new server, take the Compaq server offline and upgrade it to Gentoo, maybe making it a BDC (or not using a BDC at all). 2) make the new server a BDC (not sure if I would have a choice in the backend here) to the old PDC, then upgrade the old Compaq server from Suse 8.1 to Gentoo, and restore it as the PDC for the domain after upgrading the whole OS and samba to the latest release My first question for the list is: which one of these methods is likely to be least problematic and least time-consuming? My other questions are: a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC? b) If I go with method 2 above, am I right in thinking that I'd have to stay with the smbpasswd backend for the BDC (which is what the PDC uses)? This would only be a very temporary arrangement; I realize that it's discouraged in the docs. If not, and if ldap could be the backend for the BDC somehow, then how would I accomplish this? c) If I go with method 1 above (seems like it might be easier to me right now), what are the key files that need to come over from the old server to the new server? I realize that the contents of (at least some of, and maybe all of) these files would probably need to be revised somehow (maybe putting them in the LDAP Directory), but what information must be preserved from the old machine to make sure that I don't have to go around to all of the clients and add them to a new domain? d) I'd obviously like for it to be a seamless transition as far as the clients go and the fact that the two servers will have different IP addresses is a concern there. And if I go with method 2, will the clients need any reconfiguration to use the BDC for login (until the Compaq server can be upgraded to Gentoo and be back in business as the PDC)? e) Relating to the set of questions in (c), if I have an existing openldap-v2.2.27 server running with a few LDAP Directories (with a domain/contact sort of schema built from LDAP fields in existing schemas like inetperson and courierimap and a few others) in it on a third server, would it be possible to use one of the existing Directories as the ldap backend authentication source for the new samba server or would I need to create a new Directory with a "samba-only" schema to be the ldap backend? Thanks for any replies. -Kevin
Craig White
2005-Nov-25  22:40 UTC
[Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Fri, 2005-11-25 at 10:55 -0500, Kevin wrote:> Hi Folks- > > I'll start by saying thanks to all the people who have made samba and > shared it as open source software. Samba is truly an amazing suite of > software. > > I have a small domain of less than 10 clients which is currently being > controlled with a Samba 2.2.5 PDC running on a Compaq x86 server with a > very old Suse Linux 8.1 OS. > > Since setting up this Compaq server, my preferred distribution has > changed from Suse to Gentoo and my ultimate goal is to upgrade the OS on > the Compaq server to Gentoo. Perhaps the biggest reason for the change > in preference is the difficulty I've found in upgrading any rpm-based > distribution. Because I've tried it so many times and lost days or > weeks of time in the process, I don't think I even want to try a direct > upgrade of the samba-2.2.5-80 rpm on this Suse 8.1 OS, but I thought > that I would instead, install a new server on the network with the > Gentoo distribution and all of the latest software in Gentoo portage. > With that in place, I figured I would slowly migrate the services > currently being provided by the Compaq server to the new server. Since > the PDC and other samba services are the most mission-critical > components of the network, the biggest step in the process seems like it > will be getting the new server set up to do all of the PDC and other > functions of the old Compaq server. One important aspect of the > migration is that I'd ultimately like to end up using ldap as the > backend database. > > It seems to me that there are at least two ways to go about performing > this migration step: > > 1) make the new server a PDC with the ldap backend; once running, and > all other services are unloaded onto the new server, take the Compaq > server offline and upgrade it to Gentoo, maybe making it a BDC (or not > using a BDC at all). > > 2) make the new server a BDC (not sure if I would have a choice in the > backend here) to the old PDC, then upgrade the old Compaq server from > Suse 8.1 to Gentoo, and restore it as the PDC for the domain after > upgrading the whole OS and samba to the latest release > > My first question for the list is: which one of these methods is likely > to be least problematic and least time-consuming?---- least problematic and least time consuming would probably involve making sure that all of the user profiles are set to local, setting up new samba 3/ldap and re-joining the computers to the new domain and then migrating the user profiles back to roaming on the new domain if desired. ----> > My other questions are: > > a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC?---- samba 2.x.x doesn't support BDC ----> > b) If I go with method 2 above, am I right in thinking that I'd have to > stay with the smbpasswd backend for the BDC (which is what the PDC > uses)? This would only be a very temporary arrangement; I realize that > it's discouraged in the docs. If not, and if ldap could be the backend > for the BDC somehow, then how would I accomplish this?---- samba 2.x.x ldap structure is different than samba 3.x.x structure ----> > c) If I go with method 1 above (seems like it might be easier to me > right now), what are the key files that need to come over from the old > server to the new server? I realize that the contents of (at least some > of, and maybe all of) these files would probably need to be revised > somehow (maybe putting them in the LDAP Directory), but what information > must be preserved from the old machine to make sure that I don't have to > go around to all of the clients and add them to a new domain?---- 10 machines, I'd probably opt for joining them to new domain. ----> > d) I'd obviously like for it to be a seamless transition as far as the > clients go and the fact that the two servers will have different IP > addresses is a concern there. And if I go with method 2, will the > clients need any reconfiguration to use the BDC for login (until the > Compaq server can be upgraded to Gentoo and be back in business as the PDC)? > > e) Relating to the set of questions in (c), if I have an existing > openldap-v2.2.27 server running with a few LDAP Directories (with a > domain/contact sort of schema built from LDAP fields in existing schemas > like inetperson and courierimap and a few others) in it on a third > server, would it be possible to use one of the existing Directories as > the ldap backend authentication source for the new samba server or would > I need to create a new Directory with a "samba-only" schema to be the > ldap backend?---- no - you should be able to add samba ldap attributes to existing DSA Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.