samba - Nov 2022 - Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

I have read both emails carefully and I have some doubts.

If I remember correctly, changing the ip of an ad-dc samba caused
problems for clients to connect.
Can the new server that will replace the old one have a different IP
from the one in production?

I need to join the new one to the old one that is in production to be
able to do an upgrade?,  did I understand correctly? How we transform
the new one on a samba-ad-dc if it joins as a DC.

If this is correct, which ip and hostname is recommended to be placed
on this new server, any different from the old server?




*"About the resolv.conf file...
Ensure that the /etc/resolv.conf has only these lines
search your.dns.domain
nameserver YOUR.EXISTING.DC.IPADDRESS"** (The new one or the old one.)?*


*
etc/hosts has 127.0.0.1 pointing to localhost and there is a line like
this (replace with your information):
the.computers.ipaddress the_computers_fqdn
the_computers_short_hostname* (*old server or different information*)

*etc/hostname should only contain the computers short hostname*.
* ( i only have the computer short name of the server itself i think
is correct.)*

When you say computers, that confuses me a bit because I think that
more than one is plural

Excuse so many doubts, but between the language and having done it so
long ago I'm a little rusty.

Thx in advance you awesome..


El vie, 18 nov 2022 a las 13:43, Rowland Penny via samba (<
samba at lists.samba.org>) escribi?:
>
>
> On 18/11/2022 16:21, Juan Ignacio via samba wrote:
> > Thx, Andrew and Rowland seem awesome the new version of samba.
> > Already installed samba 4.16 from the backports on Debian 11.
> >
> > I didn't touch anything, only Installed It.Version 4.16.6-Debian
> >
> > Now is time to migrate from 4.1 to 4.16
> >
> > The production machine is a Debian 7 with Samba 4.1 working OK.
> >
> > The new server is a Debian 11 with Samba 4.16.6-Debian, without any
setup
> > or configuration.
> > root at titan:~# samba -V
> > Version 4.16.6-Debian
> > root at titan:~# service samba-ad-dc status
> > ? samba-ad-dc.service>       Loaded: masked (Reason: Unit
> samba-ad-dc.service is masked.)
> >       Active: inactive (dead)
> >
> > Need some tips to start the migration.
> >
> > For now both servers are in the same network but i can separate them
if
> > necessary.
>
> You are NOT migrating your Samba AD, you are upgrading it.
>
> First ensure you have a good backup of your existing DC, just in case.
>
> On your new Debian machine, remove any existing smb.conf file.
>
> Ensure that the /etc/resolv.conf has only these lines:
>
> search your.dns.domain
> nameserver YOUR.EXISTING.DC.IPADDRESS
>
> /etc/hosts has 127.0.0.1 pointing to localhost and there is a line like
> this (replace with your information):
>
> the.computers.ipaddress the_computers_fqdn the_computers_short_hostname
>
> /etc/hostname should only contain the computers short hostname.
>
> Once they are set, run as root:
>
> samba-tool domain join your.dns.domain DC -U Administrator
>
> Again, replace 'your.dns.domain' with your dns domain.
>
> You should be prompted for the Administrator password and then the
> computer should be joined to your AD domain as a new DC.
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

On 21/11/2022 11:38, Juan Ignacio wrote:
> I have read both emails carefully and I have some doubts. If I remember 
> correctly, changing the ip of an ad-dc samba caused problems for clients 
> to connect.
It shouldn't, if it does, your dns is not setup corectly.
> Can the new server that will replace the old one have a different IP 
> from the one in production? 
Yes
> I need to join the new one to the old one 
> that is in production to be able to do an upgrade?,
Yes

  did I understand
> correctly? How we transform the new one on a samba-ad-dc if it joins as 
> a DC.
Not sure I understand that, a 'samba-ad-dc' is a DC, or are you 
referring to the systemd service that starts a Samba AD DC ?

  If this is correct, which ip and hostname is recommended to
be
> placed on this new server, any different from the old server?
It doesn't matter what IP and short hostname you use on your new DC, 
just so long as the IP is in the same subnet e.g, If your existing DC 
has the ipaddress 192.168.1.2 , you could use 192.168.1.3 for your new DC.
> 
> /"About the resolv.conf file...
> Ensure that the /etc/resolv.conf has only these lines
> search your.dns.domain
> nameserver YOUR.EXISTING.DC.IPADDRESS"/*(The new one or the old
one.)?*
Both, the existing DC should be like that now and your proposed new DC 
should be the same to ensure that it can find the existing DC to join 
the domain as a DC. Once the join has occurred, you need to change the 
new DC's /etc/resolv.conf to use its own ipaddress as its nameserver 
before you start Samba.

  /
> etc/hosts has 127.0.0.1 pointing to localhost and there is a line like
> this (replace with your information):
> the.computers.ipaddress the_computers_fqdn the_computers_short_hostname/ 
> (*old server or different information*)
Lets say that your existing DC uses the ipaddress '192.168.1.2' , the 
short hostname 'dc1' and the dns domain 'samdom.example.com'

This would mean (ignoring the IPv6 lines, you can leave them as is), 
your existing DC should have these lines:

127.0.0.1 localhost
192.168.1.2 dc1.samdom.example.com dc1

Your new DC 'dc2' with ipaddress '192.168.1.3' , would be:

127.0.0.1 localhost
192.168.1.3 dc2.samdom.example.com dc2

> 
> /etc/hostname should only contain the computers short hostname/.*(i only 
> have the computer short name of the server itself i think is correct.)
> *
> 
> When you say computers, that confuses me a bit because I think that more 
> than one is plural Excuse so many doubts, but between the language and 
> having done it so long ago I'm a little rusty.
You can have more than one AD DC in an AD domain, in fact, multiple DC's 
are better, they all hold the same data, apart from the FSMO roles and 
they can be on any DC.

Rowland