samba - Apr 2022 - Samba upgrade...v4.7.6->4.16.x

Some upgrades while skipping certain major versions work, some do not.

With this big step across many versions it's much less troublesome to
demote the existing [least important] DC, do the upgrade and then join
the DC again using the fresh installed binaries.

regards,
Norbert

On 21.04.2022 18:43, Gregory Sloop via samba wrote:
> I'm in the process of upgrading my couple of main DC's, from Ubunt8
18.04 to 20.04 - and from the Distro package in 18.04 to Louis's packages.
(4.7.6 -> 4.16) I've skimmed the wiki about this and yes, I'm doing
the least important DC first. (It's a VM, and I have snapshots, so it's
easy to go back, if I have do, but I'd like to avoid as many mistakes as
possible...)
>
> Is this as simple as: upgrade Ubuntu, then uninstall the distro Samba
packages and install Louis's packages and start them?
> (Is there no real change in the Samba TDB's etc - or if there is, the
Samba binaries will realize and upgrade the databases/schema as needed?
What's the rule of thumb about how many versions you can skip over etc?)
>
> I'm currently reading the release notes, as the Wiki recommends, but a
quick "Yeah - that works fine" or "Dang, don't do that!"
would be handy, if someone knows.
> :)
>
> TIA
> -Greg
>
>

Quick follow-up.

I decided I'd rather keep the DCs and upgrade them in place.?
(Then I don't have to do a bunch of DNS clean-up, change names etc.)

As far as I can tell, upgrading to 20.04, installing Louis' repos and
installing the latest Samba (4.15.6, not 4.16.x) worked fine.
samba-tool dbcheck --cross-ncs
and
samba-tool drs showrepl
both show that replication and the databases are good.
?
---
So, for anyone else in this position - here's how I did it.
(Again, these are VM's, so it's extra easy/quick grabbing
backups/snapshots. Bare metal HW will be more difficult.)

Stop Samba
Get a baseline backup/snapshot. (This will save us if we need to go backward. I
grabbed snaps at several points, just in case.)
?
Since Samba is handling all DNS, and I'm not using systemd's resolve - I
add in a good DNS resolver in /etc.resolv.conf - so I can resolve DNS while
doing updates while Samba's not handling DNS queries. (Don't forget to
reverse this once you're done and are ready to restart Samba, at the far
end.)

sudo systemctl stop samba-ad-dc
sudo systemctl disable samba-ad-dc

apt-get update
apt-get upgrade and restart - repeat as needed to get fully current.

do-release-upgrade

I kept all my config files - ntp.conf, smb.conf etc. (If you don't,
you'll need to redo those configurations - so be careful to keep things
straight here.)

(Oh, and in my case, I found I had apparmor installed after the distro upgrade.
I didn't want AA, so I removed it. You might check that.)

Once the distro upgrade is done, I believe you'll have 4.13.x of Samba
installed.
I don't want to use this, so I remove it.

apt-get remove samba samba-common samba-libs samba-dsdb-modules
samba-vfs-modules (I don't have all those installed, but it gets rid of
everything regardless.)

Install Louis VanBelle's repo.?
(I'll let you follow his instructions for that.)

apt-get install -t o=AptVanBelle?

apt-get update

Before I install, I make sure I'm getting the right Samba version from the
repo...
?
apt-cache showpkg samba
(Make sure it's what you expect. If not, you may not have added the repo
properly, or done an apt-get update.)

apt install samba winbind libnss-winbind libpam-winbind ntp krb5-user binutils
ldb-tools smbclient libpam-krb5

testparm?
is good here - check that the smb.conf is what you expect, with no typos etc.

Fix/revert your resolve.conf - to remove non DC's from the list.

Then... (Again, this assumes you're running a DC only, not a member server.)
systemctl disable nmbd smbd winbind?
systemctl stop nmbd smbd winbind?
systemctl unmask samba-ad-dc
systemctl enable samba-ad-dc
systemctl start samba-ad-dc
systemctl status samba-ad-dc

Samba should be started.

samba-tool dbcheck --cross-ncs
samba-tool drs showrepl --summary

The DB check shouldn't find problems, and showrepl should show that
replication is good too.
If either of those aren't right, you have some work to do to get everything
in good working order.

[It's entirely possible I've got something wrong up there - but I'm
pretty sure that's the steps I took and all seemed good.]