Jakob Curdes
2025-Feb-27 15:35 UTC
[Samba] How to safely rejoin an upgraded linux domain member?
Hi, we have to upgrade one large server, which is a domain *member* of an AD domain driven by two samba4 DCs, to the newest Ubuntu version, and due to the size we cannot just to it in one short downtime. So I created a clone, deactivated all samba services and did the update. It currently has a different name, and has not yet been rejoined to the domain. What is a safe way to replace the old with the new server, using the same name (as otherwise we need to rename all fileshares mounted on clients)? I would think I leave the domain with the old server and then join the domain with the new one under the same name. OR does that lead to problems? Best regards, Jakob
Ralph Boehme
2025-Feb-28 12:41 UTC
[Samba] How to safely rejoin an upgraded linux domain member?
On 2/27/25 4:35 PM, Jakob Curdes via samba wrote:> OR does that lead to problems?clients authenticating via Kerberos that have an existing service ticket for the old service will not be able to authenticate to the new server with the old ticket.. Iirc this requires manual intervention on the client, either manually clearing the Kerberos credential cache or rebooting which achieves the same goal. -slow -- SerNet Samba Team Lead https://sernet.de/ Samba Team Member https://samba.org/ Samba Support and Dev https://samba.plus/services/ SAMBA+ packages https://samba.plus/products/samba -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: <http://lists.samba.org/pipermail/samba/attachments/20250228/fa708bbb/OpenPGP_signature.sig>