thr3ads.net - samba - [Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server). [Dec 2022]

If this information is useful, please help other people find it:
Share via:

Juan Ignacio

2022-Dec-01 13:08 UTC

[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Thx for all the info Rowland;
I tried to read everything carefully..
I managed to make an offline domain backup in the new ad-dc without
apparently major complications.

But not being able to do the online backup, I got an exception and isn't on
the wiki.

root at DC2:/domain/samba/domainBackups# samba-tool domain backup online
--targetdir=/domain/samba/domainBackups --server=DC2 -UAdministrator
ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout} The
specified I/O operation on %hs was not completed before the time-out period
expired.')
  File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py", line
186,
in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py",
line
261, in run
    ctx = join_clone(logger=logger, creds=creds, lp=lp,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1552, in
join_clone
    ctx = DCCloneContext(logger, server, creds, lp, targetdir=targetdir,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 1576, in
__init__
    super(DCCloneContext, ctx).__init__(logger, server, creds, lp,
  File "/usr/lib/python3/dist-packages/samba/join.py", line 101, in
__init__
    ctx.site = ctx.find_dc_site(ctx.server)
  File "/usr/lib/python3/dist-packages/samba/join.py", line 363, in
find_dc_site
    cldap_ret = ctx.net.finddc(address=server,

El jue, 1 dic 2022 a las 7:15, Rowland Penny via samba (<
samba at lists.samba.org>) escribi?:
>
>
> On 01/12/2022 02:11, Andrew Bartlett via samba wrote:
> > On Wed, 2022-11-30 at 23:03 -0300, Juan Ignacio via samba wrote:
> >> Already checked that on 4.1 and samba-tool doesn't have that
options.
> >> root at DC1:/usr/sbin# samba-tool domain backup online
> >> Usage: samba-tool domain <subcommand>
> >>>
> >
> > Correct.  For such an old version just shut Samba down and back up the
> > files 'normally'.  Restoration will be a challenge, the only
option will
> be to force destroy any other DCs and then start back from the backed up
> files.
> >
> > Andrew Bartlett
> >
> >
>
> Wrong, the OP now has a much later Samba DC and that will have the
'new'
> backup tools.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

Juan Ignacio

2022-Dec-01 17:28 UTC

head link

[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Another thing I wonder about demoting the Original DC.
The smb.conf files look different on the original DC than the new one.
I would appreciate it if we could take a look before to know if there is
anything missing on the new DC, I don't remember installing kerberos on the
new one which is now primary. I don't know if it's necessary either.
Looks like the smb.conf does not have all the services who are in the
original?
Neither the idmap_ldb:use rfc2307 = yes

Original DC smb.conf
[global]
        workgroup = OURDOMAIN
        realm = OURDOMAIN.ORG
        netbios name = DC1
        server role = active directory domain controller
        dns forwarder = **********
        allow dns updates = nonsecure and secure
        #server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate, dns, smb
        dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, winreg, srvsvc
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl,winbind, ntp_signd, kcc, dnsupdate, dns
        idmap_ldb:use rfc2307 = yes
        #winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        #winbind nested groups = yes
        log level = 3
        log file = /var/log/samba/samba.log


New DC smb.conf

[global]
        netbios name = DC2
        realm = OURDOMAIN.ORG
        server role = active directory domain controller
        dns forwarder = *********
        workgroup = OURDOMAIN
        allow dns updates = nonsecure and secure
        ldap server require strong auth = no

El jue, 1 dic 2022 a las 10:08, Juan Ignacio (<juan.ignacio.pazos at
gmail.com>)
escribi?:
> Thx for all the info Rowland;
> I tried to read everything carefully..
> I managed to make an offline domain backup in the new ad-dc without
> apparently major complications.
>
> But not being able to do the online backup, I got an exception and
isn't
> on the wiki.
>
> root at DC2:/domain/samba/domainBackups# samba-tool domain backup online
> --targetdir=/domain/samba/domainBackups --server=DC2 -UAdministrator
> ERROR(runtime): uncaught exception - (3221225653, '{Device Timeout} The
> specified I/O operation on %hs was not completed before the time-out period
> expired.')
>   File "/usr/lib/python3/dist-packages/samba/netcmd/__init__.py",
line
> 186, in _run
>     return self.run(*args, **kwargs)
>   File
"/usr/lib/python3/dist-packages/samba/netcmd/domain_backup.py",
> line 261, in run
>     ctx = join_clone(logger=logger, creds=creds, lp=lp,
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 1552,
in
> join_clone
>     ctx = DCCloneContext(logger, server, creds, lp, targetdir=targetdir,
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 1576,
in
> __init__
>     super(DCCloneContext, ctx).__init__(logger, server, creds, lp,
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 101,
in
> __init__
>     ctx.site = ctx.find_dc_site(ctx.server)
>   File "/usr/lib/python3/dist-packages/samba/join.py", line 363,
in
> find_dc_site
>     cldap_ret = ctx.net.finddc(address=server,
>
> El jue, 1 dic 2022 a las 7:15, Rowland Penny via samba (<
> samba at lists.samba.org>) escribi?:
>
>>
>>
>> On 01/12/2022 02:11, Andrew Bartlett via samba wrote:
>> > On Wed, 2022-11-30 at 23:03 -0300, Juan Ignacio via samba wrote:
>> >> Already checked that on 4.1 and samba-tool doesn't have
that options.
>> >> root at DC1:/usr/sbin# samba-tool domain backup online
>> >> Usage: samba-tool domain <subcommand>
>> >>>
>> >
>> > Correct.  For such an old version just shut Samba down and back up
the
>> > files 'normally'.  Restoration will be a challenge, the
only option
>> will be to force destroy any other DCs and then start back from the
backed
>> up files.
>> >
>> > Andrew Bartlett
>> >
>> >
>>
>> Wrong, the OP now has a much later Samba DC and that will have the
'new'
>> backup tools.
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

samba - Dec 2022 - Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).