Glenn Bergeron
2018-Nov-25 09:29 UTC
[Samba] No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
After many, many, many hours of trying, and lots of research both on this list, the Samba Wiki and elsewhere, I think I’ve finally come to the conclusion that there is no way to seamlessly migrate between servers. Backing up and restoring (using samba_backup) doesn’t work. Permissions hell with Windows. Joining the new 4.7.7 server to the old 4.1 DC server, waiting for replication, then demoting the old server doesn’t work. It’s missing all the GPO files, RSAT utils either don’t work or barely work (no computer accounts listed for example), and workstations have their System Events log filled with not being able to find or connect to the domain server, DCOM errors relating to permissions, etc. I’m trying to not have to tell all the users that they’re going to have whole new Windows profiles and lose all their settings, because I can’t port anything and I have to start the AD server from scratch. Hasn’t anyone done this with any success? And if so, why isn’t there a solid document somewhere? I’m sorry I sound frustrated, but I’m at my limit with this what should have been a simple migration from old dying server to new server. Can anyone help?
Rowland Penny
2018-Nov-25 10:23 UTC
[Samba] No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
On Sun, 25 Nov 2018 04:29:26 -0500 Glenn Bergeron via samba <samba at lists.samba.org> wrote:> After many, many, many hours of trying, and lots of research both on > this list, the Samba Wiki and elsewhere, I think I’ve finally come to > the conclusion that there is no way to seamlessly migrate between > servers. > > > > Backing up and restoring (using samba_backup) doesn’t work. > Permissions hell with Windows.The old samba_backup script wasn't very good and there wasn't actually a restore script. The latest Samba versions have a new way of backing up and restoring Samba through samba-tools.> Joining the new 4.7.7 server to the old 4.1 DC server, waiting for > replication, then demoting the old server doesn’t work. It’s missing > all the GPO files, RSAT utils either don’t work or barely work (no > computer accounts listed for example), and workstations have their > System Events log filled with not being able to find or connect to > the domain server, DCOM errors relating to permissions, etc.When you join a new DC, quite a lot of the required DNS records are not created until you restart Samba or until samba_dnsupdate runs. As for the GPO problems, They will not be on the new DC until you copy them there, this is because Sysvol is not replicated between DC's> I’m trying to not have to tell all the users that they’re going to > have whole new Windows profiles and lose all their settings, because > I can’t port anything and I have to start the AD server from scratch.> > Hasn’t anyone done this with any success? And if so, why isn’t there > a solid document somewhere? I’m sorry I sound frustrated, but I’m at > my limit with this what should have been a simple migration from old > dying server to new server. >I am sure that this has been done successfully, otherwise this list would have been full of posts similar to yours. Samba is a rapidly changing target and part of your problem could be the large jump between your versions, 4.1 to 4.7 What OS are you using ? Rowland
Glenn Bergeron
2018-Nov-25 23:04 UTC
[Samba] No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
Hi Rowland, The old server is Debian 3.2.101-1 running a compiled-from-source Samba 4.1.0. The new server I'm trying to migrate to is Ubuntu Server 18.04LTS, running a package-installed (apt) Samba 4.7.7. Old server name: isofs 10.4.0.2 New server name: isofs2 10.4.0.3 Domain: ISO.PRIVATE smb.conf: [global] netbios name = ISOFS2 realm = ISO.PRIVATE server role = active directory domain controller workgroup = ISO ldap server require strong auth = no #Was required for FSMO transfer from old server dns forwarder = 1.1.1.1 vfs objects = acl_xattr map acl inherit = yes hide dot files = yes store dos attributes = yes idmap_ldb:use rfc2307 = yes mangled names = no oplocks = no [netlogon] path = /var/lib/samba/sysvol/iso.private/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No Where it's at now: - FSMO transferred to new server. I used Migrate, not Seize, as I hope I can roll back to the original server if I can't get things working on the new server by Monday morning. - GPO manually rsync'd to new server. - "samba-tool ntacl sysvolreset" then run on new server, as well as "samba-tool dbcheck --cross-ncs --reset-well-known-acls --fix --yes". - Old server demoted via "samba-tool domain demote -Uadministrator" - Based on your comment below re: DNS updating, I just ran "samba_dnsupdate" on the both old and new servers. It returned "No DNS updates needed". What's happening: Errors in log.samba on new server: ../source4/librpc/rpc/dcerpc_util.c:737(dcerpc_pipe_auth_recv) Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for ncacn_ip_tcp:10.4.0.3[49152,seal,krb5,target_hostname=d4c15af5-dfd5-4650-95de-c354a7256d15._msdcs.iso.private,abstract_syntax=e3514235-4b06-11d1-ab04-00c04fc2dcd2/0x00000004,localaddress=10.4.0.3] NT_STATUS_UNSUCCESSFUL On Windows: Can only log into DOMAIN\administrator. I can run "Active Directory Users and Computers", add a new user. But cannot log in as a user. Get error "The trust relationship between this workstation and the primary domain failed". RSAT: Group Policy Management says is can't contact the domain controller. -Glenn On 2018-11-25, 5:23 AM, "Rowland Penny" <rpenny at samba.org> wrote: On Sun, 25 Nov 2018 04:29:26 -0500 Glenn Bergeron via samba <samba at lists.samba.org> wrote: > After many, many, many hours of trying, and lots of research both on > this list, the Samba Wiki and elsewhere, I think I’ve finally come to > the conclusion that there is no way to seamlessly migrate between > servers. > > > > Backing up and restoring (using samba_backup) doesn’t work. > Permissions hell with Windows. The old samba_backup script wasn't very good and there wasn't actually a restore script. The latest Samba versions have a new way of backing up and restoring Samba through samba-tools. > Joining the new 4.7.7 server to the old 4.1 DC server, waiting for > replication, then demoting the old server doesn’t work. It’s missing > all the GPO files, RSAT utils either don’t work or barely work (no > computer accounts listed for example), and workstations have their > System Events log filled with not being able to find or connect to > the domain server, DCOM errors relating to permissions, etc. When you join a new DC, quite a lot of the required DNS records are not created until you restart Samba or until samba_dnsupdate runs. As for the GPO problems, They will not be on the new DC until you copy them there, this is because Sysvol is not replicated between DC's > I’m trying to not have to tell all the users that they’re going to > have whole new Windows profiles and lose all their settings, because > I can’t port anything and I have to start the AD server from scratch. > > Hasn’t anyone done this with any success? And if so, why isn’t there > a solid document somewhere? I’m sorry I sound frustrated, but I’m at > my limit with this what should have been a simple migration from old > dying server to new server. > I am sure that this has been done successfully, otherwise this list would have been full of posts similar to yours. Samba is a rapidly changing target and part of your problem could be the large jump between your versions, 4.1 to 4.7 What OS are you using ? Rowland
Possibly Parallel Threads
- No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
- No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
- No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
- No good way to migrate 4.1 on Server A to 4.7.6 on New Server B
- Issues demoting a samba DC.