samba - May 2008 - Migration From 3.0.22 to 3.0.28a on New Hardware

Hey All,

I'm pretty new to complex Samba setups, but have used the more basic 
distro settings a lot over the past few years; many thanks for all the 
solid code.

Anyway, where I work I'm faced with moving a samba PDC from one server 
to another.  The backend password database is in LDAP, so I think that 
makes it easier?  The current server is aging (4-5 years old) and is low 
on disk space, necessitating the move.  However, the old server is still 
used for email and telephony, so it needs to stay on the network with 
the current name (say server1.mycompany.net).  I plan on turning Samba 
off on this server after the migration is complete.

We've got about 25 Windows XP Pro desktops on the domain and obviously I 
don't want to change anything on them.  The users are accessing shares 
on this server with \\server1\sharename and many have different shares 
mapped in their profiles.

So I'm trying to figure out what the easiest way of getting things onto 
the never server are without disrupting users?  My first thought is 
that, while confusing, it should be possible to just move everything 
over to the new server and call it server1 (via NetBIOS/WINS) even 
though it's DNS name is server2.mycompany.net?  That way all the users' 
mapped drives work as they should (as the name is the same), but I hear 
this can cause some name resolution issues?

I suppose the other approach is to call the new samba server something 
different (but of course the same domain name).  Maybe even give it the 
NetBIOS name of FileShare or something else service based so if it ever 
has to move again the naming convention makes sense.  If I went this 
route I'd have to change all the users' mapped drives, and hopefully 
there's a way to do this on the server side?  Will the desktops 
successfully login to the samba server if it's renamed?

Yet another thought is adding the new server as a BDC, moving the share 
data over to it, and either promoting the BDC to a PDC or just let them 
both run with the PDC serving logins but no real data.  Then if the PDC 
dies, I'd presume there is a procedure to promote the BDC to a PDC?

Thanks for the help, I want to make sure I go down the right road on 
this architecturally before I start hacking.

Nick

PS:  I'm using Ubuntu if that helps (migrating from 6.06LTS server to 
8.04LTS).

are you using DHCP?  and net login scripts in samba?  just change the 
WINS server in DHCP.  move over all of the .tdb files, make sure the new 
server has the same domain sid.  have the netlogon scipts unmount their 
shares and remount them to the new server.

Nick Webb wrote:
> Hey All,
>
> I'm pretty new to complex Samba setups, but have used the more basic 
> distro settings a lot over the past few years; many thanks for all the 
> solid code.
>
> Anyway, where I work I'm faced with moving a samba PDC from one server 
> to another.  The backend password database is in LDAP, so I think that 
> makes it easier?  The current server is aging (4-5 years old) and is 
> low on disk space, necessitating the move.  However, the old server is 
> still used for email and telephony, so it needs to stay on the network 
> with the current name (say server1.mycompany.net).  I plan on turning 
> Samba off on this server after the migration is complete.
>
> We've got about 25 Windows XP Pro desktops on the domain and obviously 
> I don't want to change anything on them.  The users are accessing 
> shares on this server with \\server1\sharename and many have different 
> shares mapped in their profiles.
>
> So I'm trying to figure out what the easiest way of getting things 
> onto the never server are without disrupting users?  My first thought 
> is that, while confusing, it should be possible to just move 
> everything over to the new server and call it server1 (via 
> NetBIOS/WINS) even though it's DNS name is server2.mycompany.net?  
> That way all the users' mapped drives work as they should (as the name 
> is the same), but I hear this can cause some name resolution issues?
>
> I suppose the other approach is to call the new samba server something 
> different (but of course the same domain name).  Maybe even give it 
> the NetBIOS name of FileShare or something else service based so if it 
> ever has to move again the naming convention makes sense.  If I went 
> this route I'd have to change all the users' mapped drives, and 
> hopefully there's a way to do this on the server side?  Will the 
> desktops successfully login to the samba server if it's renamed?
>
> Yet another thought is adding the new server as a BDC, moving the 
> share data over to it, and either promoting the BDC to a PDC or just 
> let them both run with the PDC serving logins but no real data.  Then 
> if the PDC dies, I'd presume there is a procedure to promote the BDC 
> to a PDC?
>
> Thanks for the help, I want to make sure I go down the right road on 
> this architecturally before I start hacking.
>
> Nick
>
> PS:  I'm using Ubuntu if that helps (migrating from 6.06LTS server to 
> 8.04LTS).

Adam --

Thanks much for your help, this went off almost without a hitch 
yesterday.  I changed WINS in DHCP and exported/imported the SID, and 
everything came up just fine.  I spent a few hours testing and came 
across a few things that changed between versions (profiles were on by 
default), but was able to quickly correct that.

Now to get ACLs working properly, one step at a time :).


Thanks again!

Nick

Adam Williams wrote:
> yes you can have the same sid, just use net setlocalsid.
> 
> if you know what drive letters they've manually mapped to, you can 
> change those in the login script also.  just use the dos net command to 
> disconnect the share and then map it to the new share.  since you're 
> using LDAP i'd probably keep the PDC for authentication and move the 
> roaming profiles and such to the BDC.
> 
> add this with ldapmodify for your users as an example.  nbailey 
> authenticates to the PDC (10.8.2.3) but his profile and home directory 
> are on 10.8.17.2
> 
> dn: uid=nbailey,ou=People,dc=mdah,dc=state,dc=ms,dc=us-- 
For new, non-urgent, system related requests please email 
it@freelock.com for the best service.  Email dev@freelock.com for 
development requests.


> changetype: modify
> sambaProfilePath: \\10.8.17.2\profiles\nbailey
> sambaHomePath: \\10.8.17.2\nbailey
> sambaLogonScript: scripts\nbailey.bat
> sambaHomeDrive: R:
> 
> 
> 
> Nick Webb wrote:
>>
>> Adam Williams wrote:
>>> are you using DHCP?  and net login scripts in samba?  just change
the
>>> WINS server in DHCP.  move over all of the .tdb files, make sure
the
>>> new server has the same domain sid.  have the netlogon scipts
unmount
>>> their shares and remount them to the new server.
>>>
>>
>> Yes we are using DHCP, so that would be in the plan for the change 
>> over (to switch WINS servers).  I assume we are using net login 
>> scripts for some things, but I know some users have manually added 
>> some shares to their profiles; any way to re point those at the new 
>> server?
>>
>> Do you suggest the new samba instance keeps the old PDC name, or we 
>> change it to the new server name?  Is it possible to have a different 
>> name, but the same SID?
>>
>> Thanks!
>>
>> Nick
> 
> 
> !DSPAM:48370633110589491257663!
>