I have recently added a DC to my AD - Former DC was Samba 4.1.6, new DC is 4.3.11 (latest supported by Ubuntu). There's also a Window 2008 server I had tried to join as an AD - that server, wouldn't completely join and replicate to the 4.1.6 samba AD, and now it will not Un-join the AD "domain" either via dcpromo. This brings me to my actual question - Now that I have completed all the steps to join and migrate my AD to the new samba server, samba-tool domain demote will NOT succeed for my old 4.1.6 DC - it complains about the "broken" 2k8 AD server, and won't demote. I thought I would shut down the old 2k8 broken DC and the 4.1.6 DC servers, and then demote these "offline" servers? BUT The samba.org howto for demoting offline servers https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC says if you are running older than samba 4.4, then upgrade samba first before demoting offline servers. - well - I am already running the latest Ubuntu "official" samba - 4.3.11 -- Does this mean I should NOT try and demote until I upgrade to 4.4? Ubuntu does not supply 4.4 yet - so I'd have to install from source - which I hate to do on a production server because I then have to manually maintain updates forever (instead of just running apt-get to update)... Any thoughts/recommendations?
Hi Mickey, Am 06.04.2017 um 00:50 schrieb Mickey Bankhead via samba:> I thought I would shut down the old 2k8 broken DC and the 4.1.6 DC > servers, and then demote these "offline" servers? BUT The samba.org howto > for demoting offline servers > https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC > says if you are running older than samba 4.4, then upgrade samba first > before demoting offline servers. - well - I am already running the > latest Ubuntu "official" samba - 4.3.11 -- Does this mean I should NOT try > and demote until I upgrade to 4.4?Version prior 4.4 do not support demoting a remote server (--remove-other-dead-server). If you need to demote the DC this way, you must update first. > Ubuntu does not supply 4.4 yet - so I'd have to install from source - > which I hate to do on a production server because I then have to > manually maintain updates forever (instead of just running apt-get to > update)... You don't have to do it forever. You can always switch back, but you should not downgrade when doing the switch. Does Ubuntu really not provide any newer packages? I mean 4.3 is the last series we support and it's EOL when 4.7 comes out. Or do you run an older Ubuntu version. Then consider upgrading. Newer versions also include much better AD support and maybe fixes your Win 2k8 problem if you retry joining. Regards, Marc
Good to know that < 4.4 does not allow dead DC demoting... as far as Ubuntu samba verison - 4.3.11 is the one that came with my fresh 16.04.2 (latest ubuntu LTS). and I did post a question in the Ubuntu forum - Someone responded and confirmed their being "far behind" in Ubuntu updates... Thank you for your helpful response! On Thu, Apr 6, 2017 at 2:25 AM, Marc Muehlfeld <mmuehlfeld at samba.org> wrote:> Hi Mickey, > > Am 06.04.2017 um 00:50 schrieb Mickey Bankhead via samba: > >> I thought I would shut down the old 2k8 broken DC and the 4.1.6 DC >> servers, and then demote these "offline" servers? BUT The samba.org >> howto >> for demoting offline servers >> https://wiki.samba.org/index.php/Demoting_a_Samba_AD_DC >> says if you are running older than samba 4.4, then upgrade samba first >> before demoting offline servers. - well - I am already running the >> latest Ubuntu "official" samba - 4.3.11 -- Does this mean I should NOT try >> and demote until I upgrade to 4.4? >> > > Version prior 4.4 do not support demoting a remote server > (--remove-other-dead-server). > > If you need to demote the DC this way, you must update first. > > > > > Ubuntu does not supply 4.4 yet - so I'd have to install from source - > > which I hate to do on a production server because I then have to > > manually maintain updates forever (instead of just running apt-get to > > update)... > > You don't have to do it forever. You can always switch back, but you > should not downgrade when doing the switch. > > Does Ubuntu really not provide any newer packages? I mean 4.3 is the last > series we support and it's EOL when 4.7 comes out. Or do you run an older > Ubuntu version. Then consider upgrading. Newer versions also include much > better AD support and maybe fixes your Win 2k8 problem if you retry joining. > > > > Regards, > Marc > > >