Holan
2022-Sep-23 17:47 UTC
[Samba] Sanity Check my upgrade: Samba AD Domain from 4.7.6 to 4.13.17 (Ubuntu 18.04 to 20.04)
I know a few of these have been posted and reading them has helped me craft the update method I will use. As my moment draws near I'm hoping someone can let me know if I have the right idea on how to perform the update to my domain. I have two domain controllers running on Ubuntu 18.04 with Samba 4.7.6~dfsg. If anyone has any suggestions or common pitfalls they would like to share I would be grateful as I'm hoping to make this smooth and there are some smart people on this listserv. Here is my plan. The plan: update two Samba AD DCs running on Ubuntu 18.04 to 20.04 using BIND as a DNS backend. Changing the version from 4.7.6 to 4.13.17. The steps: PRE-STEP 0) read all the patch notes from 4.7.6 to 4.13.17. REQUEST: If anyone has any common areas of concern jumping from 4.7.6 to 4.13.17 I would love to hear them. I have domain members on Windows, Mac and Linux (RHEL/Ubuntu) with a mix of Winbind and SSSD depending on the server owners preference on the Linux side. I try to use Winbind whenever possible. I run BIND DNS as the backend on the DCs. 1) Run dbcheck on current 4.7.6 domain and ensure it is in good health. 2) Create a new server running on Ubuntu 20.04 (not using 22.04 to avoid making the samba version jump too big - is my reasoning okay?). 3) Install samba ad according to normal installation methods (get DNS setup...etc.) and join it to the existing domain running on 4.7.6. 4) Verify the new domain controller is working and replicating okay. Give it 30 minutes to stabilize and ensure operation. 5) Transfer the FSMO role from the 4.7.6 DC that holds it to the new 4.13.17 DC I just setup. 6) Demote the 4.7.6 DC I just transferred the FSMO from. 7) Verify that the domain is still working. 8) Start replacement of the second 4.7.6 DC. Create a new server running on Ubuntu 20.04. 9) Install Samba AD the same way per my environment. 10) Join to the domain. 10) Verify it is functional and replicating 11) Demote the remaining 4.7.6 DC it is replacing. 12) re-verify everything is working, check replication, run dbcheck again, and then drink a beer either way. This should then leave me with two new Domain Controllers running 4.13.17. Both 4.7.6 would be demoted and everything should be happy. Does this sound correct? Any suggestions are appreciated as I really don't want to screw this up. Thanks and I really appreciate everyone's efforts on this listserv. I've been using it as a resource for what feels like a decade at this point. --
Rowland Penny
2022-Sep-23 18:10 UTC
[Samba] Sanity Check my upgrade: Samba AD Domain from 4.7.6 to 4.13.17 (Ubuntu 18.04 to 20.04)
On 23/09/2022 18:47, Holan via samba wrote:> I know a few of these have been posted and reading them has helped me craft > the update method I will use. As my moment draws near I'm hoping someone > can let me know if I have the right idea on how to perform the update to > my domain. > > I have two domain controllers running on Ubuntu 18.04 with Samba > 4.7.6~dfsg. If anyone has any suggestions or common pitfalls they would > like to share I would be grateful as I'm hoping to make this smooth and > there are some smart people on this listserv. Here is my plan. > > The plan: update two Samba AD DCs running on Ubuntu 18.04 to 20.04 using > BIND as a DNS backend. Changing the version from 4.7.6 to 4.13.17. > > The steps: > PRE-STEP 0) read all the patch notes from 4.7.6 to 4.13.17. REQUEST: If > anyone has any common areas of concern jumping from 4.7.6 to 4.13.17 I > would love to hear them. I have domain members on Windows, Mac and Linux > (RHEL/Ubuntu) with a mix of Winbind and SSSD depending on the server owners > preference on the Linux side. I try to use Winbind whenever possible. I > run BIND DNS as the backend on the DCs. > > 1) Run dbcheck on current 4.7.6 domain and ensure it is in good health. > 2) Create a new server running on Ubuntu 20.04 (not using 22.04 to avoid > making the samba version jump too big - is my reasoning okay?). > 3) Install samba ad according to normal installation methods (get DNS > setup...etc.) and join it to the existing domain running on 4.7.6. > 4) Verify the new domain controller is working and replicating okay. Give > it 30 minutes to stabilize and ensure operation. > 5) Transfer the FSMO role from the 4.7.6 DC that holds it to the new > 4.13.17 DC I just setup. > 6) Demote the 4.7.6 DC I just transferred the FSMO from. > 7) Verify that the domain is still working. > 8) Start replacement of the second 4.7.6 DC. Create a new server running > on Ubuntu 20.04. > 9) Install Samba AD the same way per my environment. > 10) Join to the domain. > 10) Verify it is functional and replicating > 11) Demote the remaining 4.7.6 DC it is replacing. > 12) re-verify everything is working, check replication, run dbcheck again, > and then drink a beer either way. > > This should then leave me with two new Domain Controllers running 4.13.17. > Both 4.7.6 would be demoted and everything should be happy. > > Does this sound correct? Any suggestions are appreciated as I really > don't want to screw this up. Thanks and I really appreciate everyone's > efforts on this listserv. I've been using it as a resource for what feels > like a decade at this point.First, you have two number ten's That sound okay, but you have forgotten Sysvol, you will need to sync this (along idmap.ldb) to each new DC. Rowland