samba - Nov 2022 - Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).

Thx, Andrew and Rowland seem awesome the new version of samba.
Already installed samba 4.16 from the backports on Debian 11.

I didn't touch anything, only Installed It.Version 4.16.6-Debian

Now is time to migrate from 4.1 to 4.16

The production machine is a Debian 7 with Samba 4.1 working OK.

The new server is a Debian 11 with Samba 4.16.6-Debian, without any setup
or configuration.
root at titan:~# samba -V
Version 4.16.6-Debian
root at titan:~# service samba-ad-dc status
? samba-ad-dc.service
     Loaded: masked (Reason: Unit samba-ad-dc.service is masked.)
     Active: inactive (dead)

Need some tips to start the migration.

For now both servers are in the same network but i can separate them if
necessary.

Thx in advance.



El vie, 18 nov 2022 a las 1:03, Andrew Bartlett (<abartlet at samba.org>)
escribi?:
> On Fri, 2022-11-18 at 00:58 -0300, Juan Ignacio via samba wrote:
> > Sorry, i didnt want to ignore you Rowland.
> >
> > I had understood that you wanted me to update to the latest version
> > of debian.
> >
> > It's no problem for me to do a clean install with Debian Bullseye
and
> > the latest version of samba in the repositories.
> >
> > I also feel that it is the best I can do.
> >
> > If I can install samba 4.16 from the repositories it will be what I
> > will do without a doubt.
> >
> > The topic will be.. how do I migrate the entire scheme from samba 4.1
> > to 4.16 on the new server.
> >
> > I'll let you know tomorrow when the installation is ready and if
you
> > can help me to migrate.
> >
> > I appreciate all the help and i apologize if I couldn't understand
> > something.
>
> There is good reason to go to the latest Samba 4.16 as we have some
> improved code to cope with replications from older servers in that new
> version (I wrote that only a few months ago and it got backported to
> the latest Samba 4.16).
>
> This is for replication with DRS, eg joining a new DC to the domain.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett (he/him)       https://samba.org/~abartlet/
> Samba Team Member (since 2001) https://samba.org
> Samba Team Lead, Catalyst IT   https://catalyst.net.nz/services/samba
>
> Samba Development and Support, Catalyst IT - Expert Open Source
> Solutions
>
>
>
>
>
>

18.11.2022 19:21, Juan Ignacio via samba wrote
> Thx, Andrew and Rowland seem awesome the new version of samba.
> Already installed samba 4.16 from the backports on Debian 11.
> 
> I didn't touch anything, only Installed It.Version 4.16.6-Debian
> 
> Now is time to migrate from 4.1 to 4.16
> 
> The production machine is a Debian 7 with Samba 4.1 working OK.
> 
> The new server is a Debian 11 with Samba 4.16.6-Debian, without any setup
> or configuration.
> root at titan:~# samba -V
> Version 4.16.6-Debian
> root at titan:~# service samba-ad-dc status
> ? samba-ad-dc.service
>       Loaded: masked (Reason: Unit samba-ad-dc.service is masked.)
>       Active: inactive (dead)
This is just a bit non-stright (there's a bug report asking to
automate this in terms of menu-point-n-click).

The thing is that samba comes with 2 conflicting services:
regular file server (smbd/nmbd) and ad-dc (samba-ad-dc).
When you install the package fresh, samba-ad-dc service is
masked because you need to configure it first.

Stop smbd & nmbd & winbind.  Mask them:
   systemctl mask nmbd smbd winbind.

Yes, stop and mask them, - you don't need them.

Check that you have samba-dsdb-modules and samba-vfs-modules
installed too, just in case, and libnss-winbind.

Join the domain with samba-tool (*removing* /etc/samba/smb.conf, -
yes, samba-tool will create it).

Review the configuration, maybe adding something.

Unmask samba-ad-dc and start it.

All these services comes in a single package. I don't quite
like it, but this is what we have, and it's difficult to do
something with that now.

I mean, it'd be more productive to have, say, samba-fileserver
package and samba-ad-dc package, with semi-automatic setup and
service enablement/disablement for the given services - by
splitting them now I'll break systems on upgrades.

BTW, it's interesting how other do set up samba ad-dc on
debian and debian-like systems.

Thanks,

/mjt

On 18/11/2022 16:21, Juan Ignacio via samba wrote:
> Thx, Andrew and Rowland seem awesome the new version of samba.
> Already installed samba 4.16 from the backports on Debian 11.
> 
> I didn't touch anything, only Installed It.Version 4.16.6-Debian
> 
> Now is time to migrate from 4.1 to 4.16
> 
> The production machine is a Debian 7 with Samba 4.1 working OK.
> 
> The new server is a Debian 11 with Samba 4.16.6-Debian, without any setup
> or configuration.
> root at titan:~# samba -V
> Version 4.16.6-Debian
> root at titan:~# service samba-ad-dc status
> ? samba-ad-dc.service>       Loaded: masked (Reason: Unit
samba-ad-dc.service is masked.)
>       Active: inactive (dead)
> 
> Need some tips to start the migration.
> 
> For now both servers are in the same network but i can separate them if
> necessary.
You are NOT migrating your Samba AD, you are upgrading it.

First ensure you have a good backup of your existing DC, just in case.

On your new Debian machine, remove any existing smb.conf file.

Ensure that the /etc/resolv.conf has only these lines:

search your.dns.domain
nameserver YOUR.EXISTING.DC.IPADDRESS

/etc/hosts has 127.0.0.1 pointing to localhost and there is a line like 
this (replace with your information):

the.computers.ipaddress the_computers_fqdn the_computers_short_hostname

/etc/hostname should only contain the computers short hostname.

Once they are set, run as root:

samba-tool domain join your.dns.domain DC -U Administrator

Again, replace 'your.dns.domain' with your dns domain.

You should be prompted for the Administrator password and then the 
computer should be joined to your AD domain as a new DC.

Rowland