samba - Nov 2022 - Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Tried connect LDAP to the new Server but for some reason didnt, work.

Checked ports and seems them are listening on the New server.

I used the same credentials and setup i used with the old samba 4.1 server.

Anyowone knows if something changes about Samba LDAP or maybe if im missing
something.

Thx in advance.

El lun, 21 nov 2022 16:25, Juan Ignacio <juan.ignacio.pazos at gmail.com>
escribi?:
> Man, you don't know how happy i?m, i really thank you for your help.? ?
?
> ?
> Long time waiting to do that for more than 3 years, you guys are awesome.
> It Is incredible the things you improved on Samba, I remember when I
> compile samba 4 coming from 3 building it from sources because no
> repositories and I needed an ad dc,  now everything looks so smart.
> Can't wait to play with this new server.
>
> Wanna ask a few more things..to be sure i don't break anything.:-)
>
> *About Member servers who joined the olddc.*
>
> The new server already knows that these computers are joined?
> For example one of the file servers, the new server authenticates them
> even if the old server is not online?
>
> *About Roaming Profiles.*
>
> On the old server I have some users who login and use Roaming Profiles on
> windows, on the new server looking at the /etc/samba/smb.conf didn't
see
> any shares about Roaming Profiles.
> I need to make that share and migrate them to one of the file servers?
> How can i add a share on a different samba member on smb.conf, is this
> possible and correct?
>
> *About smb.conf differences between dc1 and dc2.*
>
> I have this options on samba config on the old server, I remember when we
> did it with you because this server also works as file server.
> The new server DC2 isn't resolving dns but I'm interested in that
or maybe
> any other suggestion.
>
> Another thing is, I don't know how winbind works now, how we list the
> users and group on different servers on linux?
>
> workgroup = MIDOMAIN
>         realm = mydomain.org
>         netbios name = DC1
>         server role = active directory domain controller
>         dns forwarder = 200.40.220.245
>         allow dns updates = nonsecure and secure
>         #server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver, winreg, srvsvc
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl,winbind, ntp_signd, kcc, dnsupdate, dns
>         idmap_ldb:use rfc2307 = yes
>         #winbind use default domain = yes
>         winbind enum users = yes
>         winbind enum groups = yes
>         #winbind nested groups = yes
>         log level = 3
>         log file = /var/log/samba/samba.log
> #       unix charset = ISO8859-1
>
>
> *About the Samba 4.16 replication.*
>
> Far time ago, replication was pretty cryptic for samba 4.1, now i don't
> know how the new server get the info from the old one.
> How the new server has all the info and what happens when the primary
> ac-dc fails.
> Can you help me to understand a bit or send me some info about how this
> works.
>
> Thx for everything you did for me, I hope this thread helps someone else
> too in the future.
>
> Juan.
>
>
>
> El lun, 21 nov 2022 a las 14:36, Rowland Penny via samba (<
> samba at lists.samba.org>) escribi?:
>
>>
>>
>> On 21/11/2022 16:03, Juan Ignacio via samba wrote:
>> > Seems it looks good..
>> > After Provision...
>>
>> No, it looks good after the domain join. ;-)
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

>
> Tried connect LDAP to the new Server but for some reason didnt, work.
>
> Checked ports and seems them are listening on the New server.
>
> I used the same credentials and setup i used with the old samba 4.1 server.
>
> Anyowone knows if something changes about Samba LDAP or maybe if im
> missing something.
>
> Thx in advance.
>
About the LDAP.

Seems the new samba requires strong auth by default, i changed the value on
smb.conf and now I can connect using the new server.
If someone knows how can i use strong auth and connect could be good for
security reasons, I looked around the web but didn't find good info about
samba and this.

Thx.


El mar, 22 nov 2022 a las 18:36, Juan Ignacio (<juan.ignacio.pazos at
gmail.com>)
escribi?:
> Tried connect LDAP to the new Server but for some reason didnt, work.
>
> Checked ports and seems them are listening on the New server.
>
> I used the same credentials and setup i used with the old samba 4.1 server.
>
> Anyowone knows if something changes about Samba LDAP or maybe if im
> missing something.
>
> Thx in advance.
>
> El lun, 21 nov 2022 16:25, Juan Ignacio <juan.ignacio.pazos at
gmail.com>
> escribi?:
>
>> Man, you don't know how happy i?m, i really thank you for your
help.? ? ?
>> ?
>> Long time waiting to do that for more than 3 years, you guys are
awesome.
>> It Is incredible the things you improved on Samba, I remember when I
>> compile samba 4 coming from 3 building it from sources because no
>> repositories and I needed an ad dc,  now everything looks so smart.
>> Can't wait to play with this new server.
>>
>> Wanna ask a few more things..to be sure i don't break anything.:-)
>>
>> *About Member servers who joined the olddc.*
>>
>> The new server already knows that these computers are joined?
>> For example one of the file servers, the new server authenticates them
>> even if the old server is not online?
>>
>> *About Roaming Profiles.*
>>
>> On the old server I have some users who login and use Roaming Profiles
on
>> windows, on the new server looking at the /etc/samba/smb.conf
didn't see
>> any shares about Roaming Profiles.
>> I need to make that share and migrate them to one of the file servers?
>> How can i add a share on a different samba member on smb.conf, is this
>> possible and correct?
>>
>> *About smb.conf differences between dc1 and dc2.*
>>
>> I have this options on samba config on the old server, I remember when
we
>> did it with you because this server also works as file server.
>> The new server DC2 isn't resolving dns but I'm interested in
that or
>> maybe any other suggestion.
>>
>> Another thing is, I don't know how winbind works now, how we list
the
>> users and group on different servers on linux?
>>
>> workgroup = MIDOMAIN
>>         realm = mydomain.org
>>         netbios name = DC1
>>         server role = active directory domain controller
>>         dns forwarder = 200.40.220.245
>>         allow dns updates = nonsecure and secure
>>         #server services = rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate, dns, smb
>>         dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
>> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser,
eventlog6,
>> backupkey, dnsserver, winreg, srvsvc
>>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl,winbind, ntp_signd, kcc, dnsupdate, dns
>>         idmap_ldb:use rfc2307 = yes
>>         #winbind use default domain = yes
>>         winbind enum users = yes
>>         winbind enum groups = yes
>>         #winbind nested groups = yes
>>         log level = 3
>>         log file = /var/log/samba/samba.log
>> #       unix charset = ISO8859-1
>>
>>
>> *About the Samba 4.16 replication.*
>>
>> Far time ago, replication was pretty cryptic for samba 4.1, now i
don't
>> know how the new server get the info from the old one.
>> How the new server has all the info and what happens when the primary
>> ac-dc fails.
>> Can you help me to understand a bit or send me some info about how this
>> works.
>>
>> Thx for everything you did for me, I hope this thread helps someone
else
>> too in the future.
>>
>> Juan.
>>
>>
>>
>> El lun, 21 nov 2022 a las 14:36, Rowland Penny via samba (<
>> samba at lists.samba.org>) escribi?:
>>
>>>
>>>
>>> On 21/11/2022 16:03, Juan Ignacio via samba wrote:
>>> > Seems it looks good..
>>> > After Provision...
>>>
>>> No, it looks good after the domain join. ;-)
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/options/samba
>>>
>>