Juan Ignacio
2022-Dec-01 02:03 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
Already checked that on 4.1 and samba-tool doesn't have that options. root at DC1:/usr/sbin# samba-tool domain backup online Usage: samba-tool domain <subcommand> Domain management. Options: -h, --help show this help message and exit Available subcommands: classicupgrade - Upgrade from Samba classic (NT4-like) database to Samba AD DC database. dcpromo - Promote an existing domain member or NT4 PDC to an AD DC. demote - Demote ourselves from the role of Domain Controller. exportkeytab - Dump Kerberos keys of the domain into a keytab. info - Print basic info about a domain and the DC passed as parameter. join - Join domain as either member or backup domain controller. level - Raise domain and forest function levels. passwordsettings - Set password settings. provision - Provision a domain. For more help on a specific subcommand, please type: samba-tool domain <subcommand> (-h|--help) El mi?, 30 nov 2022 a las 21:57, Juan Ignacio (<juan.ignacio.pazos at gmail.com>) escribi?:> That is not how you backup Samba AD >> > > I thought that was the way, at least that's what wiki said at the time > when I installed the dc with samba 4.1, remember that this server is the > old one in production. > I just want to make sure that if something goes wrong I can go back. > > No, that was the old way and should no longer be used. >> > > My script is older than that one hehe...good to know. > > What, you want to demote the DC that holds the FSMO roles ('primary' is >> what most people call the DC that holds the FSMO roles, even though >> there is no such thing as a primary DC) >> > > No, I want to demote the old DC that was in production "old primary", with > samba 4.1. > > I transferred the FSMO roles to the new AD-DC with samba 4.16 "DC2" Now it > is the primary > I used > samba-tool fsmo transfer --role=all -UAdministrator > > Yes, you must be very careful that you create another DC to replace the >> one that you are going to demote. One DC = bad, multiple DC's = good. >> > > For now i have 2 DCs, the old production one and the new one with samba > 4.16. > The idea is to make more than 2 after I can demote the old. > > Sorry, but you do not backup a DC, you backup the domain with >> 'samba-tool domain backup offline' or 'samba-tool domain backup online' > > > Ok im going to try to use that command in the old server but I thought it > didn't exist in samba 4.1. > > Thx. > > > El mi?, 30 nov 2022 16:51, Rowland Penny via samba <samba at lists.samba.org> > escribi?: > >> >> >> On 30/11/2022 19:30, Juan Ignacio wrote: >> > Excellent. >> > Thx, for your explanation Rowland, now I can understand lots better. >> > I'm close to shutting down the old primary ad-dc to test if everyone >> can >> > login and next try to demote it. >> > >> > Some things I want to know before demoting. >> > >> > I need to make a backup of the old samba 4.1 ad-dc on the old server >> "DC1". >> > I backed up manually all the /usr/local/samba/ directory >> >> That is not how you backup Samba AD. >> >> > >> > I was thinking of using this script of samba4 on GIT, which is more >> > updated than the one I was using. >> > >> https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4 >> > < >> https://github.com/thctlo/samba4/blob/master/backup-script/backup_samba4> >> >> No, that was the old way and should no longer be used. >> >> > >> > I already transferred FSMO roles to the new server "DC2" . Is there >> any >> > other thing I need to do before demoting the primary DC. >> >> What, you want to demote the DC that holds the FSMO roles ('primary' is >> what most people call the DC that holds the FSMO roles, even though >> there is no such thing as a primary DC) >> >> > Anything else I must check or be careful with? >> >> Yes, you must be very careful that you create another DC to replace the >> one that you are going to demote. One DC = bad, multiple DC's = good. >> >> > >> > About the NEW ad-dc "DC2" >> > I have 4 full server backups a day on that server, do you think I need >> > to backup samba anyway or is this enough if something fails. >> >> >> Sorry, but you do not backup a DC, you backup the domain with >> 'samba-tool domain backup offline' or 'samba-tool domain backup online' >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
Andrew Bartlett
2022-Dec-01 02:11 UTC
[Samba] Migrate and Update (Samba 4.1 ADDC to Samba Latest Version on different Server).
On Wed, 2022-11-30 at 23:03 -0300, Juan Ignacio via samba wrote:> Already checked that on 4.1 and samba-tool doesn't have that options. > root at DC1:/usr/sbin# samba-tool domain backup online > Usage: samba-tool domain <subcommand> > >Correct. For such an old version just shut Samba down and back up the files 'normally'. Restoration will be a challenge, the only option will be to force destroy any other DCs and then start back from the backed up files. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions