On Fri, 7 Jun 2024 15:35:07 +0200 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 06.06.24 um 19:51 schrieb Stefan G. Weichinger via samba: > > Am 31.05.24 um 14:38 schrieb Luis Peromarta via samba: > >> I?d get the new server ready, sync all data including xattrs & > >> ACLs with rsync -AXav > >> > >> You probably use AD or RID. Just use the same idmapping on the new > >> server. Probably just copy old smb.conf to new machine. > > will do more or less > > But not sync "/var/lib/samba", right?Provided that you use the same 'global' part of the smb.conf file, /var/lib/samba will get populated with the correct data, so there is no reason to sync it.> > >> When all is rsynced just remove the old server from the AD, turn > >> off, assign name and IP address to new server. Join domain. That > >> should do. > >> > >> If all goes very wrong you can just power on your old server , and > >> rejoin. Things should be as before. > > > > thank you, sounds not that scary ;-) > > > > what about the fqdn in linux itself? I can't change that hostname > > on the old server until I deactivate it. It should stay some kind > > of fallback server (with another fqdn and IP) later. > > Could I join the domain with another name and IP now ... to be able > to test things (introducing btrfs snaphots this time) with all > AD-features, but on a "test name"? And then leave the domain, change > FQDN/IP and rejoin?I would create a 'test' machine and join that, once you are sure that everything is working correctly (and you have documented the procedure), just create a new machine with the correct FQDN/IP and join that. On a Unix domain member, all you need to backup is the smb.conf and the directories you have shared. If you put the shares in /srv , then all you need to backup is /srv and the smb.conf Rowland
Stefan G. Weichinger
2024-Jun-07 14:56 UTC
[Samba] move domain member server to new hardware
Am 07.06.24 um 15:56 schrieb Rowland Penny via samba:>> Could I join the domain with another name and IP now ... to be able >> to test things (introducing btrfs snaphots this time) with all >> AD-features, but on a "test name"? And then leave the domain, change >> FQDN/IP and rejoin? > > I would create a 'test' machine and join that, once you are sure that > everything is working correctly (and you have documented the > procedure), just create a new machine with the correct FQDN/IP and join > that. > On a Unix domain member, all you need to backup is the smb.conf and the > directories you have shared. If you put the shares in /srv , then all > you need to backup is /srv and the smb.confok ... that new server would be my test machine ;-) - Let me show you the smb.conf It has grown over years and was topic in quite a few threads in here. I am sure it still needs improvement ;-) That "ARBEITSGRUPPE" (german for workgroup) comes from the NT4-domain that was in place earlier (!) # cat /etc/samba/smb.conf [global] security = ADS workgroup = ARBEITSGRUPPE realm = arbeitsgruppe.sometld.at log file = /var/log/samba/%m.log log level = 2 #log level = 5 auth:5 winbind:8 # template winbind nss info = template template shell = /bin/bash template homedir = /mnt/samba/Daten/%U idmap config * : backend = tdb idmap config * : range = 2000-3999 idmap config ARBEITSGRUPPE:backend = rid idmap config ARBEITSGRUPPE:range = 10000-99999 username map = /etc/samba/user.map kerberos method = secrets and keytab dedicated keytab file = /etc/krb5.keytab winbind use default domain = Yes winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes #interfaces = bond0 #hosts allow = 10.0.0.22,10.0.0.50 printing = CUPS At "vfs objects": some shares will also have "shadow_copy2" to use btrfs snapshots. I assume (will check in docs...) I have to add "acl_xattr" also then (to not toggle off the global setting, right?) This smb.comf comes from the productive server and works fine, as far as we know. greetings, thanks, Stefan