Hello! I've encountered a CentOS 6.10 server running Samba 4.1.0 compiled from source running as a Domain Controller in a small office. It's being used for some basic AD functionality and sharing folders to a half dozen Windows desktops on the local network and everything seems to be running fine. I'd like to modernize that setup with Ubuntu 22.04 LTS running the latest and greatest Samba 4.19.X from repo but I'm not sure what the least terrible option is in my case. - Backup and Upgrade Samba 4.1.0 to whatever the latest is that I can on CentOS 6.10, join the Ubuntu server as a DC with that Samba same version, demote/retire the CentOS server then upgrade Samba on Ubuntu to the latest and greatest? - Backup CentOS Samba 4.1.0 files, setup Ubuntu server with Samba 4.1 from repo, restore CentOS Samba 4.1.0 files to new Ubuntu Samba 4.1.0 server and then upgrade to latest Samba? Basically would be recovering it there like a DR exercise with the Ubuntu server having the same name, same IP, etc? - Create everything new on the Ubuntu server w/ a new Domain and join all the workstations there? - Other less terrible options that could work? Thanks! Jim
On Sun, 2023-11-26 at 21:03 -0500, James Johnson via samba wrote:> Hello! > I've encountered a CentOS 6.10 server running Samba 4.1.0 compiled > fromsource running as a Domain Controller in a small office. It's > being usedfor some basic AD functionality and sharing folders to a > half dozen Windowsdesktops on the local network and everything seems > to be running fine. I'dlike to modernize that setup with Ubuntu 22.04 > LTS running the latest andgreatest Samba 4.19.X from repo but I'm not > sure what the least terribleoption is in my case. > - Backup and Upgrade Samba 4.1.0 to whatever the latest is that I > can on CentOS 6.10, join the Ubuntu server as a DC with that Samba > same version, demote/retire the CentOS server then upgrade Samba on > Ubuntu to the latest and greatest?This might work. It would at least get you an in-place upgrade for some of the distance, but will be a pile of work and the server won't operate in the meantime, and you might just end up with no running server.> - Backup CentOS Samba 4.1.0 files, setup Ubuntu server with Samba > 4.1 from repo, restore CentOS Samba 4.1.0 files to new Ubuntu Samba > 4.1.0 server and then upgrade to latest Samba? Basically would be > recovering it there like a DR exercise with the Ubuntu server > having the same name, same IP, etc?This is difficult to get correct. I wouldn't recommend it.> - Create everything new on the Ubuntu server w/ a new Domain and > join all the workstations there?If this isn't a horrible process there are advantages to this, as all the changes Samba has made to the default domain will apply.> - Other less terrible options that could work?Just install your new server, join and transfer roles. There is a very good chance this will still 'just work'. But regardless, for all options other than a rebuild, you will want to upgrade schema and functional level prep. Lots of things to do once you upgrade, but upgrading is the best first step. Andrew Bartlett-- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead https://catalyst.net.nz/services/samba Catalyst.Net Ltd Proudly developing Samba for Catalyst.Net Ltd - a Catalyst IT group company Samba Development and Support: https://catalyst.net.nz/services/samba Catalyst IT - Expert Open Source Solutions
On Sun, Nov 26, 2023 at 9:05?PM James Johnson via samba <samba at lists.samba.org> wrote:> > Hello! > > I've encountered a CentOS 6.10 server running Samba 4.1.0 compiled from > source running as a Domain Controller in a small office. It's being used > for some basic AD functionality and sharing folders to a half dozen Windows > desktops on the local network and everything seems to be running fine. I'd > like to modernize that setup with Ubuntu 22.04 LTS running the latest and > greatest Samba 4.19.X from repo but I'm not sure what the least terrible > option is in my case.You need to replace this server. CentOS 6 has been obsolete since November, 2020, and continuing to run security services like Samba with it exposes you to a number of dangers. CentOS 7 will be obsolete within the year, I'd strongly suggest jumping to CentOS 9 if you're staying with CentOS. If you need a full domain controller with RHEL or CentOS systems, be aware that the Samba built into RHEL 7, 8, and 9 turn off the full domain controller features at compilation time. If you want a contemporary Samba for those, you need to grab a more complete build, or perhaps use my published RPM building setup from https://github.com/nkadel/samba4repo/ for RHEL 8 or RHEL 9 compatibility. Those are up to Samba 4.19.3 as of a few days ago.> - Backup and Upgrade Samba 4.1.0 to whatever the latest is that I can on > CentOS 6.10, join the Ubuntu server as a DC with that Samba same version, > demote/retire the CentOS server then upgrade Samba on Ubuntu to the latest > and greatest?I'd suggest you don't try to outsmart yourself by using such obsolete versions of Samba at any stage you can avoid. If you want a full domain controller, use a current Ubuntu or look into one of the add-on Samba repos to get it enabled on CentOS 9 or RHEL 9. Or AlmaLinux 9, since the CentOS world has gotten weird about licenses and repos.> - Backup CentOS Samba 4.1.0 files, setup Ubuntu server with Samba 4.1 > from repo, restore CentOS Samba 4.1.0 files to new Ubuntu Samba 4.1.0 > server and then upgrade to latest Samba? Basically would be recovering it > there like a DR exercise with the Ubuntu server having the same name, same > IP, etc?Or install a recent enough OS to have a contemporary Samba, activate them both as domain controllers for the same domain, and turn off the old one. I've not tried that myself with such old and contemporary versions of Samba.> - Create everything new on the Ubuntu server w/ a new Domain and join > all the workstations there?If you're not strongly invested in RHEL and are more invested in Ubuntu, this might actually be faster, and a chance to clean up your old domain.> - Other less terrible options that could work? > > Thanks! > > Jim