Discussion:
[Samba] Samba migration to a new server
(too old to reply)
henri
2011-01-12 12:30:02 UTC
Permalink
Hi all,  

Is it possible to migrate Samba to a new server without breaking Domain
membership of all the clients ?

I didn’t get any info on that issue, is there someone that has previous
experience of doing that ? Or maybe a link to some relevant info ?

I have currently a Samba 3.5.6 server that acts as a PDC and print Server,
with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate
samba to a new server. Everything (Samba release, Domain Name, shares, ...)
will remain the same except for the DNS name and IP address of the server,
and the samba server netbios name.

What is the best way to proceed to make this migration as seamless as
possible for all users (more than 200 user accounts with more than 200 PC in
the domain) ? I guess that just moving all the samba configuration files
from the old machine to the new one will not be enough.

Thanks in advance. I really need your help.

Henri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Gaiseric Vandal
2011-01-12 13:20:02 UTC
Permalink
It may actually be easier to move everything including hostname and IP to
the new server and just shutdown the old (this would have to be off hours.)

You should be able to do the following-
- Configure the new server as a BDC. I don't know for use if you can
configure a BDC with a TDB backend- if not you may have to make the new
server a PDC.
- Copy the samba private directory (with the tdb files) from the 1st
server to the 2nd server. In effect, this temporarily syncs the two
servers.
- promote the new server to PDC and the old server to BDC.
- after hours- move the shared directories to the BDC, update login
script if necessary.


Clients will connect to either a PDC or a BDC for authentication.- it
doesn't really matter that much except that clients will prefer a BDC if
available.

Once you take the OLD server offline you may need to have clients reboot to
have them use the new server for authentication. But at least domain
membership will not be broken?

Are you using a WINS server?

-----Original Message-----
From: samba-***@lists.samba.org [mailto:samba-***@lists.samba.org]
On Behalf Of henri
Sent: Wednesday, January 12, 2011 7:26 AM
To: ***@lists.samba.org
Subject: [Samba] Samba migration to a new server

Hi all,  

Is it possible to migrate Samba to a new server without breaking Domain
membership of all the clients ?

I didn’t get any info on that issue, is there someone that has previous
experience of doing that ? Or maybe a link to some relevant info ?

I have currently a Samba 3.5.6 server that acts as a PDC and print Server,
with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate
samba to a new server. Everything (Samba release, Domain Name, shares, ...)
will remain the same except for the DNS name and IP address of the server,
and the samba server netbios name.

What is the best way to proceed to make this migration as seamless as
possible for all users (more than 200 user accounts with more than 200 PC in
the domain) ? I guess that just moving all the samba configuration files
from the old machine to the new one will not be enough.

Thanks in advance. I really need your help.

Henri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
henri
2011-01-13 05:40:01 UTC
Permalink
Hi Gaiseric,
Post by Gaiseric Vandal
It may actually be easier to move everything including hostname and IP to
the new server and just shutdown the old (this would have to be off hours.)
You should be able to do the following-
- Configure the new server as a BDC. I don't know for use if you can
configure a BDC with a TDB backend-
From the Samba HowTo
(http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#i
d2565778 ) it seems that a BDC can be configured only with a LDAP backend.
Post by Gaiseric Vandal
if not you may have to make the
new
server a PDC.
I don't think I can run 2 PDCs on the same Domain , right ?
Post by Gaiseric Vandal
- Copy the samba private directory (with the tdb files) from the 1st
server to the 2nd server. In effect, this temporarily syncs the two
servers.
Is it sufficient ? Do I have to set the local SID of the BDC as the value of
the PDC's SID ?
i.e. :
[oldserver$]net getlocalsid
-> <value>
...
[newserver$]net setlocalsid <value>
Post by Gaiseric Vandal
- promote the new server to PDC and the old server to BDC.
- after hours- move the shared directories to the BDC, update login
script if necessary.
By "After hours" , do you mean after some sufficient long delay (one day ?)
for everyclient to have authenticated with the BDC ?
Post by Gaiseric Vandal
Clients will connect to either a PDC or a BDC for authentication.- it
doesn't really matter that much except that clients will prefer a BDC if
available.
Once you take the OLD server offline you may need to have clients reboot to
have them use the new server for authentication. But at least domain
membership will not be broken?
This is not a problem, I can easily ask all users to reboot.
Post by Gaiseric Vandal
Are you using a WINS server?
Yes , samba is also WINS server. Is it important ?

I will have to make some heavy testing before doing the actual migration.
Having 200 clients breaking their Domain membership will be some kind of a
disaster :-( .

Thanks a lot for your help. Any additional information welcome.

Henri
Post by Gaiseric Vandal
-----Original Message-----
On Behalf Of henri
Sent: Wednesday, January 12, 2011 7:26 AM
Subject: [Samba] Samba migration to a new server
Hi all,
Is it possible to migrate Samba to a new server without breaking Domain
membership of all the clients ?
I didn't get any info on that issue, is there someone that has
previous
experience of doing that ? Or maybe a link to some relevant info ?
I have currently a Samba 3.5.6 server that acts as a PDC and print Server,
with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate
samba to a new server. Everything (Samba release, Domain Name, shares, ...)
will remain the same except for the DNS name and IP address of the server,
and the samba server netbios name.
What is the best way to proceed to make this migration as seamless as
possible for all users (more than 200 user accounts with more than 200 PC in
the domain) ? I guess that just moving all the samba configuration files
from the old machine to the new one will not be enough.
Thanks in advance. I really need your help.
Henri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Henri Brouchoud
2011-01-13 06:40:01 UTC
Permalink
Hi Gaiseric,
Post by Gaiseric Vandal
It may actually be easier to move everything including hostname and IP to
the new server and just shutdown the old (this would have to be off hours.)
You should be able to do the following-
- Configure the new server as a BDC. I don't know for use if you can
configure a BDC with a TDB backend-
From the Samba HowTo
(http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/samba-bdc.html#i
d2565778 ) it seems that a BDC can be configured only with a LDAP backend.
Post by Gaiseric Vandal
if not you may have to make the
new
server a PDC.
I don't think I can run 2 PDCs on the same Domain , right ?
Post by Gaiseric Vandal
- Copy the samba private directory (with the tdb files) from the 1st
server to the 2nd server. In effect, this temporarily syncs the two
servers.
Is it sufficient ? Do I have to set the local SID of the BDC as the value of
the PDC's SID ?
i.e. :
[oldserver$]net getlocalsid
-> <value>
...
[newserver$]net setlocalsid <value>
Post by Gaiseric Vandal
- promote the new server to PDC and the old server to BDC.
- after hours- move the shared directories to the BDC, update login
script if necessary.
By "After hours" , do you mean after some sufficient long delay (one day ?)
for everyclient to have authenticated with the BDC ?
Post by Gaiseric Vandal
Clients will connect to either a PDC or a BDC for authentication.- it
doesn't really matter that much except that clients will prefer a BDC if
available.
Once you take the OLD server offline you may need to have clients reboot to
have them use the new server for authentication. But at least domain
membership will not be broken?
This is not a problem, I can easily ask all users to reboot.
Post by Gaiseric Vandal
Are you using a WINS server?
Yes , samba is also WINS server. Is it important ?

I will have to make some heavy testing before doing the actual migration.
Having 200 clients breaking their Domain membership will be some kind of a
disaster :-( .

Thanks a lot for your help. Any additional information welcome.

Henri
Post by Gaiseric Vandal
-----Original Message-----
On Behalf Of henri
Sent: Wednesday, January 12, 2011 7:26 AM
Subject: [Samba] Samba migration to a new server
Hi all,
Is it possible to migrate Samba to a new server without breaking Domain
membership of all the clients ?
I didn't get any info on that issue, is there someone that has
previous
experience of doing that ? Or maybe a link to some relevant info ?
I have currently a Samba 3.5.6 server that acts as a PDC and print Server,
with tdbsam backend, no LDAP at all, no roaming profile. I have to migrate
samba to a new server. Everything (Samba release, Domain Name, shares, ...)
will remain the same except for the DNS name and IP address of the server,
and the samba server netbios name.
What is the best way to proceed to make this migration as seamless as
possible for all users (more than 200 user accounts with more than 200 PC in
the domain) ? I guess that just moving all the samba configuration files
from the old machine to the new one will not be enough.
Thanks in advance. I really need your help.
Henri
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Helmut Hullen
2011-01-12 15:50:01 UTC
Permalink
Hallo, henri,
Post by henri
Is it possible to migrate Samba to a new server without breaking
Domain membership of all the clients ?
I didn?t get any info on that issue, is there someone that has
previous experience of doing that ? Or maybe a link to some relevant
info ?
I have currently a Samba 3.5.6 server that acts as a PDC and print
Server, with tdbsam backend, no LDAP at all, no roaming profile. I
have to migrate samba to a new server. Everything (Samba release,
Domain Name, shares, ...) will remain the same except for the DNS
name and IP address of the server, and the samba server netbios name.
What is the best way to proceed to make this migration as seamless as
possible for all users (more than 200 user accounts with more than
200 PC in the domain) ?
My usual way:

- copy/overwrite "/etc/samba" to the new machine
- copy/overwrite all user account and all machine account informations
(especially in "/etc/passwd" and "/etc/shadow") to the new machine

- Stop samba on both machines
- Shut off all Clients (that may be a bit neurotic ...)
- start samba on the new machine

- Start one client for testing

- if ok: start the other clients

Last friday a colleague and I have done these steps once more,
successfully.

Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Mike
2011-01-12 16:00:02 UTC
Permalink
Helmut,

Thank you too, for your kind response.
I asked the same question on the list a week ago, but no response then.
The guidance is much appreciated and I hope to perform a test at the
end of the week.

Mike
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Helmut Hullen
2011-01-12 16:30:01 UTC
Permalink
Hallo, Mike,
Post by Mike
Thank you too, for your kind response.
Don't mention ...

By the way: that description assumes that the new server is the new
login server too and runs instead of the old server.

Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Mike
2011-01-13 00:00:02 UTC
Permalink
Post by Helmut Hullen
By the way: that description assumes that the new server is the new
login server too and runs instead of the old server.
Yes definitely: migration and replacement of old PDC to new PDC.
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
henri
2011-01-13 05:40:01 UTC
Permalink
Yes it is exactly I have to do : migrate the current Samba setup to a new
hardware configuration (new DNS name, IP address and netbios name.
Everything else should remain the same).

Henri
-----Message d'origine-----
Envoyé : mercredi 12 janvier 2011 20:16
Objet : Re: [Samba] Samba migration to a new server
Hallo, Mike,
Post by Mike
Thank you too, for your kind response.
Don't mention ...
By the way: that description assumes that the new server is the new
login server too and runs instead of the old server.
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
henri
2011-01-13 05:40:01 UTC
Permalink
Hi Helmut

Thanks for your answer.

I have done a similar test some weeks ago without success. The client I
tested have lost the Domain membership but I am not sure it was shutdown at
the moment I switched from old to new server.
In your case, has your new server a different DNS Name , IP address and
netbios name from the old one ?

Actually, if there are only a few clients that have to be manually rejoinded
to the domain, it could be acceptable. The *ABSOLUTE* condition is that
every users keep their windows profile (so their Domain SID I guess) once
the switch has occurred.

Thanks again.

Henri
-----Message d'origine-----
Envoyé : mercredi 12 janvier 2011 19:08
Objet : Re: [Samba] Samba migration to a new server
Hallo, henri,
Post by henri
Is it possible to migrate Samba to a new server without breaking
Domain membership of all the clients ?
I didn?t get any info on that issue, is there someone that has
previous experience of doing that ? Or maybe a link to some relevant
info ?
I have currently a Samba 3.5.6 server that acts as a PDC and print
Server, with tdbsam backend, no LDAP at all, no roaming profile. I
have to migrate samba to a new server. Everything (Samba release,
Domain Name, shares, ...) will remain the same except for the DNS
name and IP address of the server, and the samba server netbios
name.
Post by henri
What is the best way to proceed to make this migration as seamless
as
Post by henri
possible for all users (more than 200 user accounts with more than
200 PC in the domain) ?
- copy/overwrite "/etc/samba" to the new machine
- copy/overwrite all user account and all machine account informations
(especially in "/etc/passwd" and "/etc/shadow") to the new machine
- Stop samba on both machines
- Shut off all Clients (that may be a bit neurotic ...)
- start samba on the new machine
- Start one client for testing
- if ok: start the other clients
Last friday a colleague and I have done these steps once more,
successfully.
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Henri Brouchoud
2011-01-13 06:40:01 UTC
Permalink
Hi Helmut

Thanks for your answer.

I have done a similar test some weeks ago without success. The client I
tested have lost the Domain membership but I am not sure it was shutdown at
the moment I switched from old to new server.
In your case, has your new server a different DNS Name , IP address and
netbios name from the old one ?

Actually, if there are only a few clients that have to be manually rejoinded
to the domain, it could be acceptable. The *ABSOLUTE* condition is that
every users keep their windows profile (so their Domain SID I guess) once
the switch has occurred.

Thanks again.

Henri
-----Message d'origine-----
Envoyé : mercredi 12 janvier 2011 19:08
Objet : Re: [Samba] Samba migration to a new server
Hallo, henri,
Post by henri
Is it possible to migrate Samba to a new server without breaking
Domain membership of all the clients ?
I didn?t get any info on that issue, is there someone that has
previous experience of doing that ? Or maybe a link to some relevant
info ?
I have currently a Samba 3.5.6 server that acts as a PDC and print
Server, with tdbsam backend, no LDAP at all, no roaming profile. I
have to migrate samba to a new server. Everything (Samba release,
Domain Name, shares, ...) will remain the same except for the DNS
name and IP address of the server, and the samba server netbios
name.
Post by henri
What is the best way to proceed to make this migration as seamless
as
Post by henri
possible for all users (more than 200 user accounts with more than
200 PC in the domain) ?
- copy/overwrite "/etc/samba" to the new machine
- copy/overwrite all user account and all machine account informations
(especially in "/etc/passwd" and "/etc/shadow") to the new machine
- Stop samba on both machines
- Shut off all Clients (that may be a bit neurotic ...)
- start samba on the new machine
- Start one client for testing
- if ok: start the other clients
Last friday a colleague and I have done these steps once more,
successfully.
Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Helmut Hullen
2011-01-13 08:50:02 UTC
Permalink
Hallo, Henri,
Post by henri
Post by Helmut Hullen
Post by henri
What is the best way to proceed to make this migration as seamless
as
Post by henri
possible for all users (more than 200 user accounts with more than
200 PC in the domain) ?
- copy/overwrite "/etc/samba" to the new machine
- copy/overwrite all user account and all machine account
informations (especially in "/etc/passwd" and "/etc/shadow") to the
new machine
- Stop samba on both machines
- Shut off all Clients (that may be a bit neurotic ...)
- start samba on the new machine
- Start one client for testing
- if ok: start the other clients
I have done a similar test some weeks ago without success. The client
I tested have lost the Domain membership but I am not sure it was
shutdown at the moment I switched from old to new server.
In your case, has your new server a different DNS Name , IP address
and netbios name from the old one ?
The new server replaces the old. It runs with the copied "/etc/samba"
directory, especially with the same "/etc/samba/smb.conf". And with the
sam IP address and DNS name.
Post by henri
Actually, if there are only a few clients that have to be manually
rejoinded to the domain, it could be acceptable.
In other cases (don't remember what the special difference was) it was
necessary to

- boot the client local as administrator
- leave the domain
- restart (local, as administrator)
- join the domain

In the above mentioned case that wasn't necessary (and that system has
about 200 clients ...)
Post by henri
The *ABSOLUTE*
condition is that every users keep their windows profile (so their
Domain SID I guess) once the switch has occurred.
You have to copy
- /home/<user>
- /etc/passwd
- /etc/shadow
- /etc/samba/private (with its *.tdb)

And if the user's profile is no part of his home directory it has to be
copied too.

-------------------------------------------

In the above mentioned case we first had to change from

passdb backend = smbpasswd:/etc/samba/private/smbpasswd
to
passdb backend = tdbsam:/etc/samba/private/passdb.tdb

Long time ago "smbpasswd" was the default, but now "passdb.tdb" is the
default.

Viele Gruesse!
Helmut
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Loading...