Neil
2020-May-27 14:53 UTC
[Samba] Upgrading from old 4.1 sernet-samba AD to source release with AD
Hi guys, I have sernet-samba-client-4.1.21-11.el6.x86_64 with 5 DC's running in AD mode and I need to look at upgrading them to the latest source version of Samba with AD support. All servers are running Centos 6.x and the same Samba release. I see the Wiki mentions "Upgrade A DC and join it to the domain again" however I'm not sure in terms of upgrading how this process will take place considering I'm going from the old sernet package to the source compiled version, what version should I be upgrading to from 4.1.x etc? Do I rather somehow install new DC's running the latest release, and then join them to the domain and then demote the old ones and then finally decommission them? Alternatively if I compile a similar 4.1.x source version onto the existing VM's and then upgrade through all the source versions one by one from there on all 5 of my VM's? EG: 4.1 to 4.2 to 4.3 to 4.4... etc? Any suggestions on this is hugely appreciated. Thank you Regards. Neil Wilson.
Andrew Bartlett
2020-May-27 15:05 UTC
[Samba] Upgrading from old 4.1 sernet-samba AD to source release with AD
On Wed, 2020-05-27 at 16:53 +0200, Neil via samba wrote:> Hi guys, > > I have sernet-samba-client-4.1.21-11.el6.x86_64 with 5 DC's running > in AD > mode and I need to look at upgrading them to the latest source > version of > Samba with AD support. All servers are running Centos 6.x and the > same > Samba release. > > I see the Wiki mentions "Upgrade A DC and join it to the domain > again" > however I'm not sure in terms of upgrading how this process will take > place > considering I'm going from the old sernet package to the source > compiled > version, what version should I be upgrading to from 4.1.x etc? > > Do I rather somehow install new DC's running the latest release, and > then > join them to the domain and then demote the old ones and then finally > decommission them? > > Alternatively if I compile a similar 4.1.x source version onto the > existing > VM's and then upgrade through all the source versions one by one from > there > on all 5 of my VM's? EG: 4.1 to 4.2 to 4.3 to 4.4... etc? > > Any suggestions on this is hugely appreciated.I would install by package or source Samba 4.5 onto one of the hosts, pointing at the same paths, then join a modern Samba version to that domain from another host. That much should work. You won't get a modern Samba to directly join Samba 4.1 unless you are very lucky with the ordering of your objects (see the other thread on this). Andrew Bartlett> Thank you > > Regards. > > Neil Wilson.-- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba
Neil
2020-Jun-08 11:59 UTC
[Samba] Upgrading from old 4.1 sernet-samba AD to source release with AD
Hi Andrew, Sorry for the late reply. Thank you for the assistance. I'm starting to get going on this this week. Just to clarify a few things please... You said... "I would install by package or source Samba 4.5 onto one of the hosts, pointing at the same paths, then join a modern Samba version to that domain from another host. That much should work." When you say install it onto a host, you mean an existing 4.1 VM? Also the paths do you mean specify /var/lib/samba ? Will this not overwrite or change any of my data currently in this folder? It currently looks as follows... -rw------- 1 root root 421888 Aug 19 2014 account_policy.tdb drwxr-xr-x 4 root root 4096 Aug 19 2014 data drwxr-xr-x 11 root root 4096 Oct 13 2015 drivers drwxr-xr-x 2 root root 4096 Oct 13 2015 netlogon drwxr-x--- 2 root ntp 4096 Jun 8 00:00 ntp_signd drwxr-xr-x 2 root root 4096 Oct 13 2015 printing drwxr-x--- 6 root root 4096 Jun 8 13:55 private drwxr-xr-x 2 root root 4096 Oct 13 2015 profiles -rw------- 1 root root 528384 Aug 19 2014 registry.tdb -rw------- 1 root root 421888 May 5 11:03 share_info.tdb drwxrwx---+ 3 root 544 4096 Mar 9 2017 sysvol drwxr-x--- 2 root root 4096 Jun 8 00:00 winbindd_privileged All 5 of my DC's are all part of the same domain, so I'm confused how I can choose to join this one with a modern Samba version. Apologies for all the questions. Thank you. Regards. Neil Wilson. On Wed, May 27, 2020 at 5:05 PM Andrew Bartlett <abartlet at samba.org> wrote:> On Wed, 2020-05-27 at 16:53 +0200, Neil via samba wrote: > > Hi guys, > > > > I have sernet-samba-client-4.1.21-11.el6.x86_64 with 5 DC's running > > in AD > > mode and I need to look at upgrading them to the latest source > > version of > > Samba with AD support. All servers are running Centos 6.x and the > > same > > Samba release. > > > > I see the Wiki mentions "Upgrade A DC and join it to the domain > > again" > > however I'm not sure in terms of upgrading how this process will take > > place > > considering I'm going from the old sernet package to the source > > compiled > > version, what version should I be upgrading to from 4.1.x etc? > > > > Do I rather somehow install new DC's running the latest release, and > > then > > join them to the domain and then demote the old ones and then finally > > decommission them? > > > > Alternatively if I compile a similar 4.1.x source version onto the > > existing > > VM's and then upgrade through all the source versions one by one from > > there > > on all 5 of my VM's? EG: 4.1 to 4.2 to 4.3 to 4.4... etc? > > > > Any suggestions on this is hugely appreciated. > > I would install by package or source Samba 4.5 onto one of the hosts, > pointing at the same paths, then join a modern Samba version to that > domain from another host. That much should work. > > You won't get a modern Samba to directly join Samba 4.1 unless you are > very lucky with the ordering of your objects (see the other thread on > this). > > Andrew Bartlett > > > Thank you > > > > Regards. > > > > Neil Wilson. > -- > Andrew Bartlett https://samba.org/~abartlet/ > Authentication Developer, Samba Team https://samba.org > Samba Developer, Catalyst IT > https://catalyst.net.nz/services/samba > > > >
Possibly Parallel Threads
- Upgrading from old 4.1 sernet-samba AD to source release with AD
- debian wheezy, sernet samba 4.1.3 join Windows 2008R2 AD as DC. Success ( basic Howto included )
- Samba 4 AD - Samba Fails to Start, hdb_samba4_create_kdc (setup KDC database) failed
- Winbind / Samba auth problem after username change
- Possible small bug discovered in Samba4 dc sernet + bind9 (Debian)