On 26/01/15 14:55, Paul Littlefield wrote:> On 26/01/15 13:06, Paul Littlefield wrote: >> If I cannot switch from Gentoo to Ubuntu (I am currently testing in >> VirtualBox Ubuntu Server fresh install)... then I will just use REAR >> to do P2V and keep it Gentoo :( > > Hello All > > Alas, as predicted when I try to restore the 'real DC1' files to the > 'virtual DC1' and test, it fails... > > > root at samba:~# /usr/local/samba/bin/samba-tool ntacl sysvolreset > Traceback (most recent call last): > File "/usr/local/samba/bin/samba-tool", line 33, in <module> > from samba.netcmd.main import cmd_sambatool > File > "/usr/local/samba/lib/python2.7/site-packages/samba/__init__.py", line > 27, in <module> > import samba.param > ImportError: /usr/local/samba/lib/private/libserver-role.so: version > `SAMBA_4.2.0PRE1_GIT_F8EC0F9' not found (required by > /usr/local/samba/lib/python2.7/site-packages/samba/param.so) > > > ...which is why this was put on the official Samba Wiki and I did read > it, but thought it was worth a try... > > > "Very important notes: > Never do a restore and a version change at once! Always restore on a > system that uses the same Samba version than the one you created the > backup on! Restore on a system with the same IP and Hostname. > Otherwise you'll run into Kerberos and DNS issues. Recommended: > Restore on the same OS than where you created the backup." > > > So, it looks like I have to virtualise my real Gentoo DC1 and stick > with that. > > Will I ever be able to swap operating system?! > > :( > > Regards, > > Paul Littlefield >Yes, set up a new DC with your new OS and join this to the domain, once up and running, transfer the seven (yes, there are 7) FSMO roles to the new DC. Once everything is running ok, turn off the old DC and remove *all* mention of it from the domain. Not easy, but it can be done. Of course it would have been a lot easier if you hadn't used the samba version from git. It would also be a lot better if people read and accepted what is written on the wiki. Rowland
On 26/01/15 15:08, Rowland Penny wrote:> Yes, set up a new DC with your new OS and join this to the domain, once up and running, transfer the seven (yes, there are 7) FSMO roles to the new DC. Once everything is running ok, turn off the old DC and remove *all* mention of it from the domain.Hi Rowland Indeed, this was suggested but was frowned upon, as there are bugs?> Not easy, but it can be done.Yes, and I believe it could potentially **** up the existing DC2 and any machines attached to it, meaning you have to join every single machine on the network domain again.> Of course it would have been a lot easier if you hadn't used the samba version from git. It would also be a lot better if people read and accepted what is written on the wiki.Yes, hindsight is a wonderful thing :) The whole Domain Controller thing on this network is a tale of "suck it and see" and then "if it ain't broke don't fix it." It was done in the early days of Samba 4 when there was only the git version, and so I thought it would be best to stick with that method for DC2. So far, they have worked flawlessly for a year, but now the boss wants to cut down the heat generating boxes which are in the server room. :) So, I will... * P2V my Gentoo DC1 exactly as is. * P2V my Ubuntu DC2 exactly as it. ...and be done with it. That sound OK? For now. :) Regards, Paul Littlefield
On 26/01/15 15:16, Paul Littlefield wrote:> On 26/01/15 15:08, Rowland Penny wrote: >> Yes, set up a new DC with your new OS and join this to the domain, >> once up and running, transfer the seven (yes, there are 7) FSMO roles >> to the new DC. Once everything is running ok, turn off the old DC and >> remove *all* mention of it from the domain. > > Hi Rowland > > Indeed, this was suggested but was frowned upon, as there are bugs?Not as far as I know, the problem is that samba-tool only knows about five of the FSMO roles, it knows nothing about the 'ForestDnsZones' & 'DomainDnsZones' FSMO roles, so this means you have to sieze them manually. Though having said that, I suppose this could be classed as a bug.> >> Not easy, but it can be done. > > Yes, and I believe it could potentially **** up the existing DC2 and > any machines attached to it, meaning you have to join every single > machine on the network domain again..Well possibly, so you would have to back everything up and do this when every other machine was turned off> > >> Of course it would have been a lot easier if you hadn't used the >> samba version from git. It would also be a lot better if people read >> and accepted what is written on the wiki. > > Yes, hindsight is a wonderful thing :) >Very true :-)> The whole Domain Controller thing on this network is a tale of "suck > it and see" and then "if it ain't broke don't fix it." >I worked for a company like that.> It was done in the early days of Samba 4 when there was only the git > version, and so I thought it would be best to stick with that method > for DC2. > > So far, they have worked flawlessly for a year, but now the boss wants > to cut down the heat generating boxes which are in the server room. > > :) > > So, I will... > > * P2V my Gentoo DC1 exactly as is. > * P2V my Ubuntu DC2 exactly as it. > > ...and be done with it. > > That sound OK? > > For now. >I think that in the short term, that is all you can do. Rowland> :) > > Regards, > > Paul Littlefield >
On Mon, 26 Jan 2015, Paul Littlefield wrote:> So, I will... > > * P2V my Gentoo DC1 exactly as is. > * P2V my Ubuntu DC2 exactly as it. > > ...and be done with it. > > That sound OK?Either that, or just create a new VM on your OS of choice and join it to the existing domain as a new DC. Claim all the FSMO roles, and shut your old DC down. It will have a new name and IP, but it will work fine. That is one nice thing about AD DCs, they are pretty much interchangeable.