Hi Andrew, I can't shutdown the old samba box as it will still be hosting the shares. Can I do any of the following? Would it make sense for me to migrate the backend to LDAP ? Or following your first comment, can I setup rysnc every 5 minutes to replicate data. You're right it is a migration path but I can't migrate until this works in the test environment Thank you RT On Wed, Feb 21, 2018 at 4:04 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Wed, 2018-02-21 at 15:06 +1000, Rob Thoman wrote: > > Hi Andrew, > > > > I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. > I have the following > > > > Just to clarify, sam3DC is the current DC with samba 3.6.3 > > > > smb.conf > > > > [global] > > workgroup = STEST > > netbios name = Sam4DC > > password server = Sam3DC (This is the current DC) > > security = user > > > > resolv.conf > > nameserver = 192.168.10.1 (IP of Sam3DC) > > > > I can ping the sam3dc from the sam4dc box using fqdn. > > > > When I try to join sam4dc into stest domain I get: > > net rpc join -U dadmin > > cannot join as standalone machine > > > > If I add the server role = member server , I get the same error message. > > If I add the security = domain , it asks me DO you really want to join > an Active Directory Domain. If I put the password in, I get > smb_signing_good: BAD SIG : seq 1 > > > > Do I copy the smb.conf file from sam3dc and change the bit about domain > master = no ? Or do I have join the machine to the domain as DC using > server role = DC in smb.conf? > > If you are trying to change which machine is the DC of the old > 'classic' domain, then just move the files and turn off the old server. > You can't join the BDC to the domain in the way you would with Active > Directory, as we don't have any replication support in the classic DC. > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >
On Wed, 2018-02-21 at 16:27 +1000, Rob Thoman wrote:> Hi Andrew, > I can't shutdown the old samba box as it will still be hosting the shares.I think you need to split that off sooner rather than later. Your first step needs to be to make it a domain member server.> Can I do any of the following? > Would it make sense for me to migrate the backend to LDAP ?Probably, particularly if you can't split the server from being a DC in the short term.> Or following your first comment, can I setup rysnc every 5 minutes to replicate data.You can't do that with TDB files, that would be very unsafe.> You're right it is a migration path but I can't migrate until this works in the test environmentOK. Either work in on a copy (taken when Samba is stopped on the server) or use LDAP if you need it 'live'. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi Andrew, I was able to domain join the server to the domain, had to add in client ipc signing = auto security = domain Then it comes up with Joined "sam4Dc" to the domain. What does that step actually do? Coming back to your comments. At a point in time both servers will be DCs. The plan is that after that point Samba3 box will cease to become a DC and act as a file server only. So can we do the following? - Stop the smbd/nmbd/winbind services in both servers, this cause the shares to drop. Copy the .tdb/etc (passwd) and smb.conf file from 3 to 4 - Change smb.conf file in the 3 server and remove the bits about it being the Domain Master, - Not a lot to change smb.conf in 4 - Start the services in both the servers - Hope as hell that we got it right :) - Having Bind9 running on both servers won't be an issue? Have I got it correct? RT On Wed, Feb 21, 2018 at 5:04 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Wed, 2018-02-21 at 16:27 +1000, Rob Thoman wrote: > > Hi Andrew, > > I can't shutdown the old samba box as it will still be hosting the > shares. > > I think you need to split that off sooner rather than later. Your > first step needs to be to make it a domain member server. > > > Can I do any of the following? > > Would it make sense for me to migrate the backend to LDAP ? > > Probably, particularly if you can't split the server from being a DC in > the short term. > > > Or following your first comment, can I setup rysnc every 5 minutes to > replicate data. > > You can't do that with TDB files, that would be very unsafe. > > > You're right it is a migration path but I can't migrate until this works > in the test environment > > OK. Either work in on a copy (taken when Samba is stopped on the > server) or use LDAP if you need it 'live'. > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >