samba - Jan 2007 - migrating to a new server with LDAP

Hello folks.

I need to migrate from an old server still running Debian Woody to a new 
server running Dapper Drake.

The big challenge is turning out to be who to plan out the Samba LDAP 
migration.

The current server version is 3.0.20 compiled form source and the Dapper 
package is 3.0.22 and appears to include ldap support. So I don't think 
I need to compile or worry about version compatibility troubles.

But how to migrate to a new machine and run the PDC just like on the old 
one with LDAP is pretty confusing.

Should I start the new server as a BDC and then take the old one down?

Is there anyway to go about it where I won't have to touch the LDAP 
server to deal with the SID?


Could anyone give me some ideas on the best way to go about it or point 
me in the direction of a good migration how to?

Thanks

 -- 
John Baker
Network Systems Administrator
Marlboro College
Phone: 451-7551 off campus; 551 on campus

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/18/2007 02:52 PM, John Baker escreveu:
> Hello folks.
	Hey! :)

> I need to migrate from an old server still running Debian 
> Woody to a new server running Dapper Drake.
	Just to be 100% sure, you are not using LDAP on the
Woody right? Because the upgrade path from LDAP in Woody to
LDAP in Sarge (and post-sarge) has a few troubles.

> The big challenge is turning out to be who to plan out the 
> Samba LDAP migration.
	If you have the chance to prepare the new server in
a lab and try it with a few workstations without mess with
your production environment, that's a very good thing to do.

> The current server version is 3.0.20 compiled form source 
> and the Dapper package is 3.0.22 and appears to include
> ldap support. So I don't think I need to compile or worry
> about version compatibility troubles.
	Probably no, but you still should read the Release
Notes to see what changes from 3.0.20 to 3.0.22, and if it
is possible, you should think about migrating to 3.0.23d
(Samba version in Debian Etch).

> But how to migrate to a new machine and run the PDC just 
> like on the old one with LDAP is pretty confusing.
	smbldap-tools to the rescue. ;)

> Should I start the new server as a BDC and then take the 
> old one down?
	No. You could, but you don't need to.

> Is there anyway to go about it where I won't have to 
> touch the LDAP server to deal with the SID?
	Hmmm... the SID is not that complicated. Once you
use the right support tools, they will do all the magic.
What you need to ensure is that you have a sambaDomainName
in your LDAP tree with the proper SID in it. That also
means that you need to check the 'net getlocalsid' to see
if it gives you the same answer that the old server, if not,
use 'net setlocalsid'.

	You will need to create the groupmaps, just use
'net groupmap' for that one. There's not much more than
this, except the account creation of your users and
machines.

	But you don't need to do 'everything at once', if
you can migrate one user account and one machine account,
that should be a good start to check the migration,
specially with regards to Profiles, SID and Domain control.

> Could anyone give me some ideas on the best way to go 
> about it or point me in the direction of a good
> migration how to?
	If I'm not wrong, the Samba By Example explains
how to do that, they start with a configuration for a very
small company and when it gets big, they change from
smbpasswd to LDAP.

		http://samba.org/samba/docs/

> Thanks
	I hope this helps. Kind regards,

- --
Felipe Augusto van de Wiel <felipe@paranacidade.org.br>
Coordenadoria de Tecnologia da Informa??o (CTI) - SEDU/PARANACIDADE
http://www.paranacidade.org.br/           Phone: (+55 41 3350 3300)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFFsMkKCj65ZxU4gPQRAjp4AJ44d0A4WGWzYxvIboZIZxjvW7ipcwCfUMdB
PhjsId1Z3DMdnqpwwB4W5oo=wVpC
-----END PGP SIGNATURE-----