samba - Jun 2008 - How to move a samba PDC to a diffrent box

Hello List,

i have got a samba pdc running based on the smbldap tools and Debian Sarge.
Now we would like to move everything over to Ubuntu Hardy.

Can i simply:
- Create the same users and groups with the same id on Hardy
- Move the files and profiles over by keeping their permissions (rsync 
-avzp ...)
- Set the samba SID to be the old orginial one (i do not know how this 
could be done and if it even works)

Will i then simply be able to log back in with my Windows clients?
Is there a HowTo explaining this scenario?

Thanks,
Mario

I think there must be some migration guide in samba documentation (read
chapter 5 and 36 in Samba official howto). I think the best would be to
build up your second machine and add it in your domain as BDC, so that all
users/groups/machines/... get propagated to this new machine.
Once done, migrate all your data, then you can safely switch off the first
one and promote your new machine to PDC (changing OS level, and browsing
options domain master/prefered master)
> Hello List,
>
> i have got a samba pdc running based on the smbldap tools and Debian
> Sarge.
> Now we would like to move everything over to Ubuntu Hardy.
>
> Can i simply:
> - Create the same users and groups with the same id on Hardy
> - Move the files and profiles over by keeping their permissions (rsync
> -avzp ...)
> - Set the samba SID to be the old orginial one (i do not know how this
> could be done and if it even works)
>
> Will i then simply be able to log back in with my Windows clients?
> Is there a HowTo explaining this scenario?
>
> Thanks,
> Mario
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
> --------------------------------------------------------
>

-- 
Fran?ois Legal


Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------

this seems to have been created during the rpm install, see below

[root@RHEL5ONE samba]# rpm -ql samba-winbind-32bit-3.0.25-ctdb.16
/lib/libnss_winbind.so
/lib/libnss_winbind.so.2
/lib/libnss_wins.so
/lib/libnss_wins.so.2
/lib/security/pam_winbind.so

 

[root@RHEL5ONE samba]# ls -lasp /lib | grep libnss
  40 -rwxr-xr-x  1 root root   36340 Jul  5  2007 libnss_compat-2.5.so
   4 lrwxrwxrwx  1 root root      20 May 26 08:37 libnss_compat.so.2 ->
libnss_compat-2.5.so
 816 -rwxr-xr-x  1 root root  824900 Jul 13  2006 libnss_db-2.2.so
   4 lrwxrwxrwx  1 root root      16 May 26 08:39 libnss_db.so.2 ->
libnss_db-2.2.so
  28 -rwxr-xr-x  1 root root   21848 Jul  5  2007 libnss_dns-2.5.so
   4 lrwxrwxrwx  1 root root      17 May 26 08:37 libnss_dns.so.2 ->
libnss_dns-2.5.so
  52 -rwxr-xr-x  1 root root   46740 Jul  5  2007 libnss_files-2.5.so
   4 lrwxrwxrwx  1 root root      19 May 26 08:37 libnss_files.so.2 ->
libnss_files-2.5.so
  28 -rwxr-xr-x  1 root root   22752 Jul  5  2007 libnss_hesiod-2.5.so
   4 lrwxrwxrwx  1 root root      20 May 26 08:37 libnss_hesiod.so.2 ->
libnss_hesiod-2.5.so
3036 -rwxr-xr-x  1 root root 3099444 Jul  6  2007 libnss_ldap-2.5.so
   4 lrwxrwxrwx  1 root root      18 May 26 08:40 libnss_ldap.so.2 ->
libnss_ldap-2.5.so
  48 -rwxr-xr-x  1 root root   42368 Jul  5  2007 libnss_nis-2.5.so
  60 -rwxr-xr-x  1 root root   51696 Jul  5  2007 libnss_nisplus-2.5.so
   4 lrwxrwxrwx  1 root root      21 May 26 08:37 libnss_nisplus.so.2 ->
libnss_nisplus-2.5.so
   4 lrwxrwxrwx  1 root root      17 May 26 08:37 libnss_nis.so.2 ->
libnss_nis-2.5.so
  20 -rwxr-xr-x  1 root root   19408 Jan 31 10:30 libnss_winbind.so
   0 lrwxrwxrwx  1 root root      17 Jun  3 18:36 libnss_winbind.so.2 ->
libnss_winbind.so
1016 -rwxr-xr-x  1 root root 1032916 Jan 31 10:30 libnss_wins.so
   0 lrwxrwxrwx  1 root root      14 Jun  3 18:36 libnss_wins.so.2 ->
libnss_wins.so

 


-----Original Message-----
From: samba-bounces+e.koutsandreou=optusnet.com.au@lists.samba.org
[mailto:samba-bounces+e.koutsandreou=optusnet.com.au@lists.samba.org] On
Behalf Of devel@thom.fr.eu.org
Sent: Tuesday, 3 June 2008 7:28 PM
To: ml
Cc: samba@lists.samba.org
Subject: Re: [Samba] How to move a samba PDC to a diffrent box

I think there must be some migration guide in samba documentation (read
chapter 5 and 36 in Samba official howto). I think the best would be to
build up your second machine and add it in your domain as BDC, so that all
users/groups/machines/... get propagated to this new machine.
Once done, migrate all your data, then you can safely switch off the first
one and promote your new machine to PDC (changing OS level, and browsing
options domain master/prefered master)
> Hello List,
>
> i have got a samba pdc running based on the smbldap tools and Debian
> Sarge.
> Now we would like to move everything over to Ubuntu Hardy.
>
> Can i simply:
> - Create the same users and groups with the same id on Hardy
> - Move the files and profiles over by keeping their permissions (rsync
> -avzp ...)
> - Set the samba SID to be the old orginial one (i do not know how this
> could be done and if it even works)
>
> Will i then simply be able to log back in with my Windows clients?
> Is there a HowTo explaining this scenario?
>
> Thanks,
> Mario
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
>
> Message scanned by ClamAV engine (http://www.clamav.net)
> --------------------------------------------------------
>

-- 
Fran?ois Legal


Message scanned by ClamAV engine (http://www.clamav.net)
--------------------------------------------------------
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

On Tue 3 Jun  2008 4:42:40 am ml wrote:
> Hello List,
>
> i have got a samba pdc running based on the smbldap tools and Debian Sarge.
> Now we would like to move everything over to Ubuntu Hardy.
>
> Can i simply:
> - Create the same users and groups with the same id on Hardy
> - Move the files and profiles over by keeping their permissions (rsync
> -avzp ...)
> - Set the samba SID to be the old orginial one (i do not know how this
> could be done and if it even works)
>
> Will i then simply be able to log back in with my Windows clients?
> Is there a HowTo explaining this scenario?
>
> Thanks,
> Mario

I don't know how "official" it is, but if you move all the files
and
everything beforehand, making sure to keep the ACLs, then shutdown samba on 
machine 1.  Then move

/etc/samba
/var/lib/samba

to the new machine, overwriting the existing ones created by the .debs.  Start 
samba on the new machine, and you're done.  

Of course, that's not very high-availability, and it's assuming
you're not
using LDAP or something...even though it should work.  Have to make sure 
everybody is off of the original.  I may be forgetting something, but I've 
done it dozens of times; one of the benefits of samba versus MS 
implementations is that there's much "magic" involved and so it
really can be
as simple as moving the files.

Wes

> i have got a samba pdc running based on the smbldap tools and Debian Sarge.
> Now we would like to move everything over to Ubuntu Hardy.
>
I have done this quite a few times.
> Can i simply:
> - Create the same users and groups with the same id on Hardy
slapcat

slapadd

or
configure syncrepl in openldap-2.3 or greater and add the new ldap
sever as a read only replicator of the first. Then start slapd to sync
and then you can remove the master and sync commands and restart slapd
> - Move the files and profiles over by keeping their permissions (rsync
-avzp
> ...)
Seems ok. I do not have any actual user shares or profiles on my pdc.
These are on my fileservers instead.
> - Set the samba SID to be the old orginial one (i do not know how this
could
> be done and if it even works)
>
net setdomainsid
> Will i then simply be able to log back in with my Windows clients?
> Is there a HowTo explaining this scenario?
>
After you copy the smb.conf, nsswitch.conf and configure openldap and
start all the required services.

John

> Sorry to bother you.  I hope you can help me with my issue.
>
Always cc to the list as well.
> We have a domain with more than 100 users and we need to replace our PDC.
> The PDC main function is to authenticate our users to connect to the shared
> drive and to authenticate computer login.  The PDC is running samba with
> openldap on Gentoo machine.  I have two BDCs with ACL set to read and write
> only.  It was set that way to make the syncing process easier.  The syncing
> process is like a chain using slurpd.  We plan to use "syncrepl"
later.
>
> What is the best way to do to replace the PDC?  I already have a Gentoo
> machine up and running.  I copied over all the samba and openldap files
from
> the old PDC to this new machine.  I also exported the database by running
> the "slapcat -l" command.  I am hesitant to start the slapd,
slurpd and
> samba service as I am not so sure if I am doing the right thing.
>
Disconnect the network cable on the new machine to make sure you are
not interfering with the rest of the network.
Start slapd then use slapadd to add your ldap to the database. Use
slapcat to verify that all was added and the ldif looks correct. Then
start samba and see if the smbclient can connect to itself.

Is the old machine the same name as the new? How about the ipddress?
Are you using wins, lmhosts or dns for your clinets to find the pdc?

BTW, I have to cut this a lot shorter than I want but I am very busy
at the day job and if I do not get my tasks done several new users
will not have a pc on Monday.

John

John Drescher wrote:
>> Sorry to bother you.  I hope you can help me with my issue.
>>
>>     
> Always cc to the list as well.
>
>   
>> We have a domain with more than 100 users and we need to replace our
PDC.
>> The PDC main function is to authenticate our users to connect to the
shared
>> drive and to authenticate computer login.  The PDC is running samba
with
>> openldap on Gentoo machine.  I have two BDCs with ACL set to read and
write
>> only.  It was set that way to make the syncing process easier.  The
syncing
>> process is like a chain using slurpd.  We plan to use
"syncrepl" later.
>>
>> What is the best way to do to replace the PDC?  I already have a Gentoo
>> machine up and running.  I copied over all the samba and openldap files
from
>> the old PDC to this new machine.  I also exported the database by
running
>> the "slapcat -l" command.  I am hesitant to start the slapd,
slurpd and
>> samba service as I am not so sure if I am doing the right thing.
>>
>>     
> Disconnect the network cable on the new machine to make sure you are
> not interfering with the rest of the network.
> Start slapd then use slapadd to add your ldap to the database. Use
> slapcat to verify that all was added and the ldif looks correct. Then
> start samba and see if the smbclient can connect to itself.
>
> Is the old machine the same name as the new? How about the ipddress?
> Are you using wins, lmhosts or dns for your clinets to find the pdc?
>   
I will try your suggestion.  We plan on using the same name on the new 
machine and the same IP address as well. 
We are using WINS for our client to find the PDC.

Thanks for all the help.
> BTW, I have to cut this a lot shorter than I want but I am very busy
> at the day job and if I do not get my tasks done several new users
> will not have a pc on Monday.
>
> John
>
>

Ivan Ordonez ha scritto:
>
>
> John Drescher wrote:
>>> Sorry to bother you.  I hope you can help me with my issue.
>>>
>>>     
>> Always cc to the list as well.
>>
>>  
>>> We have a domain with more than 100 users and we need to replace
our
>>> PDC.
>>> The PDC main function is to authenticate our users to connect to
the
>>> shared
>>> drive and to authenticate computer login.  The PDC is running samba
>>> with
>>> openldap on Gentoo machine.  I have two BDCs with ACL set to read 
>>> and write
>>> only.  It was set that way to make the syncing process easier.  The
>>> syncing
>>> process is like a chain using slurpd.  We plan to use
"syncrepl" later.
>>>
>>> What is the best way to do to replace the PDC?  I already have a
Gentoo
>>> machine up and running.  I copied over all the samba and openldap 
>>> files from
>>> the old PDC to this new machine.  I also exported the database by 
>>> running
>>> the "slapcat -l" command.  I am hesitant to start the
slapd, slurpd and
>>> samba service as I am not so sure if I am doing the right thing.
>>>
>>>     
>> Disconnect the network cable on the new machine to make sure you are
>> not interfering with the rest of the network.
>> Start slapd then use slapadd to add your ldap to the database. Use
>> slapcat to verify that all was added and the ldif looks correct. Then
>> start samba and see if the smbclient can connect to itself.
>>
>> Is the old machine the same name as the new? How about the ipddress?
>> Are you using wins, lmhosts or dns for your clinets to find the pdc?
>>   
> I will try your suggestion.  We plan on using the same name on the new 
> machine and the same IP address as well. We are using WINS for our 
> client to find the PDC.
>
>
you must set on the new PDC the SID of the old PDC
see "net getlocalsid" and "net setlocalsid"

bruno

Should this be set on smbldap.conf file?  If I do the command as you 
suggest, the machine's local SID is going to be the domain's SID. Is 
that something I should do?

Thanks,
-Ivan

Bruno La Torre wrote:
>
>
> Ivan Ordonez ha scritto:
>>
>>
>> John Drescher wrote:
>>>> Sorry to bother you.  I hope you can help me with my issue.
>>>>
>>>>     
>>> Always cc to the list as well.
>>>
>>>  
>>>> We have a domain with more than 100 users and we need to
replace
>>>> our PDC.
>>>> The PDC main function is to authenticate our users to connect
to
>>>> the shared
>>>> drive and to authenticate computer login.  The PDC is running
samba
>>>> with
>>>> openldap on Gentoo machine.  I have two BDCs with ACL set to
read
>>>> and write
>>>> only.  It was set that way to make the syncing process easier. 
The
>>>> syncing
>>>> process is like a chain using slurpd.  We plan to use
"syncrepl"
>>>> later.
>>>>
>>>> What is the best way to do to replace the PDC?  I already have
a
>>>> Gentoo
>>>> machine up and running.  I copied over all the samba and
openldap
>>>> files from
>>>> the old PDC to this new machine.  I also exported the database
by
>>>> running
>>>> the "slapcat -l" command.  I am hesitant to start the
slapd, slurpd
>>>> and
>>>> samba service as I am not so sure if I am doing the right
thing.
>>>>
>>>>     
>>> Disconnect the network cable on the new machine to make sure you
are
>>> not interfering with the rest of the network.
>>> Start slapd then use slapadd to add your ldap to the database. Use
>>> slapcat to verify that all was added and the ldif looks correct.
Then
>>> start samba and see if the smbclient can connect to itself.
>>>
>>> Is the old machine the same name as the new? How about the
ipddress?
>>> Are you using wins, lmhosts or dns for your clinets to find the
pdc?
>>>   
>> I will try your suggestion.  We plan on using the same name on the 
>> new machine and the same IP address as well. We are using WINS for 
>> our client to find the PDC.
>
>
> you must set on the new PDC the SID of the old PDC
> see "net getlocalsid" and "net setlocalsid"
>
> bruno
>