samba - Sep 2018 - Transfer samba to another machine

Andrew Bartlett via samba wrote 2018-09-06 17:33:
> On Thu, 2018-09-06 at 11:50 +0200, Slim Ontario via samba wrote:
>> Hi,
>> 
>> I've a migrated samba-ad on my test-machine. Is it possible to
>> transfer the
>> samba directory (stored under /var/lib/samba) to another machine/my
>> productive system?
>> I would to these steps:
>> - install samba and dependencies on new host
>> - transfer my /var/lib/samba, /etc/krb5.conf and /etc/samba
>> - start samba service
>> 
>> Do I have other things to consider?
> 
> We generally prefer folks to join a new DC to the domain, transfer
> roles, sync sysvol and then demote, as this allows you to try out the
> new DC before the old one is gone.
> 
> However if you must, the above is OK if you keep the same 'netbios
> name' and don't run both at the same time.
Is there a "dump/restore" method, instead of copying the Samba
database
files (which means I must stop Samba for the duration of copying)?
> Better still is using Samba 4.9 to backup the old domain and restore it
> again.
I am using Samba 4.7.6 on Ubuntu 18.04. AFAIK, Samba 4.9 isn't stable 
release yet (so I won't risk placing it into use outside a sandbox).

If there's convenient and portable way of dumping/loading Samba 4.7+ 
data, I would also appreciate mentioning it, immensely.

Thanks.

Sincerely,
Konstantin

On Fri, 2018-09-07 at 11:06 +0700, Konstantin Boyandin via samba
wrote:
> Andrew Bartlett via samba wrote 2018-09-06 17:33:
> > On Thu, 2018-09-06 at 11:50 +0200, Slim Ontario via samba wrote:
> > > Hi,
> > > 
> > > I've a migrated samba-ad on my test-machine. Is it possible
to
> > > transfer the
> > > samba directory (stored under /var/lib/samba) to another
machine/my
> > > productive system?
> > > I would to these steps:
> > > - install samba and dependencies on new host
> > > - transfer my /var/lib/samba, /etc/krb5.conf and /etc/samba
> > > - start samba service
> > > 
> > > Do I have other things to consider?
> > 
> > We generally prefer folks to join a new DC to the domain, transfer
> > roles, sync sysvol and then demote, as this allows you to try out the
> > new DC before the old one is gone.
> > 
> > However if you must, the above is OK if you keep the same 'netbios
> > name' and don't run both at the same time.
> 
> Is there a "dump/restore" method, instead of copying the Samba
database
> files (which means I must stop Samba for the duration of copying)?
If you don't want to stop Samba, then join the second DC.  Otherwise if
Samba is still running, the copy will be out of date.

There is a dump/restore method in Samba 4.9 (see below) but still, it
will be out of date as soon as it is taken, so just join the domain.
> > Better still is using Samba 4.9 to backup the old domain and restore
it
> > again.
> 
> I am using Samba 4.7.6 on Ubuntu 18.04. AFAIK, Samba 4.9 isn't stable 
> release yet (so I won't risk placing it into use outside a sandbox).
> 
> If there's convenient and portable way of dumping/loading Samba 4.7+ 
> data, I would also appreciate mentioning it, immensely.
Just join the second DC to the domain.

Andrew Bartlett

-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba

On 07.09.2018 11:43, Andrew Bartlett wrote:
> On Fri, 2018-09-07 at 11:06 +0700, Konstantin Boyandin via samba wrote:
>> Andrew Bartlett via samba wrote 2018-09-06 17:33:
>>> On Thu, 2018-09-06 at 11:50 +0200, Slim Ontario via samba wrote:
>>>> Hi,
>>>>
>>>> I've a migrated samba-ad on my test-machine. Is it possible
to
>>>> transfer the
>>>> samba directory (stored under /var/lib/samba) to another
machine/my
>>>> productive system?
>>>> I would to these steps:
>>>> - install samba and dependencies on new host
>>>> - transfer my /var/lib/samba, /etc/krb5.conf and /etc/samba
>>>> - start samba service
>>>>
>>>> Do I have other things to consider?
>>>
>>> We generally prefer folks to join a new DC to the domain, transfer
>>> roles, sync sysvol and then demote, as this allows you to try out
the
>>> new DC before the old one is gone.
>>>
>>> However if you must, the above is OK if you keep the same
'netbios
>>> name' and don't run both at the same time.
>>
>> Is there a "dump/restore" method, instead of copying the
Samba database
>> files (which means I must stop Samba for the duration of copying)?
> 
> If you don't want to stop Samba, then join the second DC.  Otherwise if
> Samba is still running, the copy will be out of date.
> 
> There is a dump/restore method in Samba 4.9 (see below) but still, it
> will be out of date as soon as it is taken, so just join the domain.
I see, thanks. I plan to have two DCs online, so I could put them down
for maintenance one by one, without stopping entire domain services over
network.

Actually, I was asking about something different. ATM, in Samba 3 NT4
domain (LDAP backend) I can do the below to manage the domain data:
- export data with slapcat
- do whatever I need with the above dump (if necessary) and load them
again with slapadd

The above is very convenient - when domain data were damaged, I could
fix the human-readable dump and re-load it to bring things back in order.

Is something similar available for Samba 4 (below 4.9)? Dump data in
human readable format and re-import when necessary?

Thanks.

Sincerely,
Konstantin