On 06.06.2018 21:54, lingpanda101 wrote:> On 6/6/2018 11:02 AM, Ole Traupe via samba wrote: >> >> >> On 06.06.2018 16:02, Rowland Penny via samba wrote: >>> >>>> I seem to remember having read here on the list, that it is no good >>>> idea to mix samba versions in a domain. If there is sound advice to >>>> do it anyways, I would be up for trying it. However, as I have >>>> written above, I messed up the uid/gid ranges. To my understanding, >>>> later versions of Samba (like 4.5) _require_ the ranges to comply to >>>> the defaults as denoted by the wiki. >>> There is nothing to stop you using different versions on DCs and you >>> can do the same with Unix domain members, unless you are using the 'ad' >>> backend and are NOT using Domain Users as the users Unix primary >>> group. >>> It is however, best practise to use the same major version, just to get >>> similar capabilities on all machines. >>> >> >> So in theory, if I hadn't messed up my id map ranges (domain groups >> start with 2000), and if I hadn't begun removing stuff manually, and >> if I wouldn't use Domain Users as primary group, I could have joined >> an up-to-date DC and used the new script for demoting the dead one. >> >> I am not trying to sound sarcastic. I am trying to understand, and >> see whether perhaps there is still hope for such a maneuver. >> >> Ole >> >> >> > Ole, > > Yes. However can you point me to the patch notes where you > indicate you are unable to upgrade? I don't see why you still can't > join a new machine if you cleanup the current DC. I assume reading the > patch notes would clarify this for me. > > -James >I will try to find that section again. At first glance, I did not find this information in patch notes 4.3-4.5. But I seem to remember having read that, and I also remember a conversion with Rowland a while ago leaving me with the impression that having different (lower) id ranges defined will be a show-stopper for upgrading beyond a certain point. I will try to find those emails again. Ole
On Thu, 7 Jun 2018 13:51:16 +0200 Ole Traupe via samba <samba at lists.samba.org> wrote:> > I will try to find that section again. At first glance, I did not > find this information in patch notes 4.3-4.5. But I seem to remember > having read that, and I also remember a conversion with Rowland a > while ago leaving me with the impression that having different > (lower) id ranges defined will be a show-stopper for upgrading beyond > a certain point. I will try to find those emails again. >I don't remember that conversation (probably my age), but I think I would have been referring to a classicupgrade from a PDC that had low ID numbers. It used to be thought that using the RID as the Unix ID number was a good idea e.g. '513' for Domain Users. This has now proved not to be a good idea, for fairly obvious reasons. Rowland
Ok, so what I seemed to remember was just not true.
a) I did not find any such references in any patch or release notes for
Samba.
b) I managed to find the list conversation I was referring to ("userid
shows 4294967295" from Dec 2015). The trouble I might run into would be
due to a CentOS upgrade and the fact that system user ids then would
start at 1000 and not 500 anymore.
Interesting what the mind creates of memories after a couple of years.
Also interesting with which subjective certainty this can be paired.
Seems I will upgrade my DCs in the near future (and use that demote script).
Ole
On 07.06.2018 14:06, Rowland Penny via samba wrote:> On Thu, 7 Jun 2018 13:51:16 +0200
> Ole Traupe via samba <samba at lists.samba.org> wrote:
>
>> I will try to find that section again. At first glance, I did not
>> find this information in patch notes 4.3-4.5. But I seem to remember
>> having read that, and I also remember a conversion with Rowland a
>> while ago leaving me with the impression that having different
>> (lower) id ranges defined will be a show-stopper for upgrading beyond
>> a certain point. I will try to find those emails again.
>>
>
> I don't remember that conversation (probably my age), but I think I
> would have been referring to a classicupgrade from a PDC that had low
> ID numbers. It used to be thought that using the RID as the Unix ID
> number was a good idea e.g. '513' for Domain Users. This has now
> proved not to be a good idea, for fairly obvious reasons.
>
> Rowland
>
>
>