Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Sat, 2005-11-26 at 08:56 -0700, John H Terpstra wrote: > On Saturday 26 November 2005 08:40, Kevin wrote: > > > Samba-2.2.x CAN be used as a BDC, but it was not officially supported. > > > It is officially supported in Samba-3.0.x. > > > > My question about BDC was not whether 2.2.x could be used as a BDC, but > > rather, if I should expect any problems in using 3.x as a BDC for a > > 2.2.5 PDC (which I'm still unsure of, but I'll drop it in hopes of > > finding an answer in the Samba-3 by Example book). Perhaps I could have > > written that more clearly in the first instance. Apologies for creating > > the confusion there. > > I should point out that the reason a Samba-2.x and Samba-3.x DC can NOT be > mixed is because the PDC/BDC relationship requires a shared LDAP server and > Samba-2.x has a schema that differs from the Samba-3 schemas. I'm not sure that this is actually relevant to the OP but actually, the real reason that samba can't act as a true BDC is that neither samba 2.x and 3.x contain the code to replicate SAM information among DC peers. Additionally, all methods of SAM replication which are available (i.e. rsysnc of relevant files or LDAP) represent the impression of PDC/BDC but not the reality of SAM replication. Like the differences between LDAP schema between 2.x and 3.x are incompatible, so are the other associated files which store other important information which by using tools like rsync creates a simulated PDC/BDC environment (no comment on effectiveness since I have never attempted this method). > It seems that my message is not getting through! > > If you want deployment information - read the book "Samba-3 by > Example". > That book, part of the official Samba documenation, provides > prescriptive > guidance for Samba deployment, migration and update/upgrade tasks. As for your message getting through...As one of the purchasers of the dead tree version of your "Office Samba 3 How-To" (2nd printing), I am not always versant with which material has migrated over to your 'By Example' and which remains in the How-To...I apologize for not knowing which parts of the info moved. Perhaps it is my own stubbornness but it seems to me that the material titled "How-To" should contain the information like 'How-To' migrate from Samba 2 to Samba 3 or 'How-To' migrate from NT4 PDC to Samba PDC. Perhaps for clarity purposes, the How-To should be renamed to something more like 'The official reference guide' or similar as it no longer apparently contains 'How-To' information. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Saturday 26 November 2005 08:40, Kevin wrote: > > Samba-2.2.x CAN be used as a BDC, but it was not officially supported. > > It is officially supported in Samba-3.0.x. > > My question about BDC was not whether 2.2.x could be used as a BDC, but > rather, if I should expect any problems in using 3.x as a BDC for a > 2.2.5 PDC (which I'm still unsure of, but I'll drop it in hopes of > finding an answer in the Samba-3 by Example book). Perhaps I could have > written that more clearly in the first instance. Apologies for creating > the confusion there. I should point out that the reason a Samba-2.x and Samba-3.x DC can NOT be mixed is because the PDC/BDC relationship requires a shared LDAP server and Samba-2.x has a schema that differs from the Samba-3 schemas. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Saturday 26 November 2005 08:40, Kevin wrote: > Thank you very much, John, for your reply. You're right... I was > reading the wrong book for insights into my upgrade plan. Thanks for > pointing me to the right book. No problem. > > My other questions are: > > a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC? > > samba 2.x.x doesn't support BDC > >>> > >>> I thought that 2.2.x introduced some BDC functionality. No? > >> > >> No - apparently saying it once isn't enough though. > > > > Samba-2.2.x CAN be used as a BDC, but it was not officially supported. > > It is officially supported in Samba-3.0.x. > > My question about BDC was not whether 2.2.x could be used as a BDC, but > rather, if I should expect any problems in using 3.x as a BDC for a > 2.2.5 PDC (which I'm still unsure of, but I'll drop it in hopes of > finding an answer in the Samba-3 by Example book). Perhaps I could have > written that more clearly in the first instance. Apologies for creating > the confusion there. Do not mix Samba-2.x and Samba-3.x in DC roles. You should update the PDC to Samba-3 before setting up the Samba-3 BDC. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
Thank you very much, John, for your reply. You're right... I was reading the wrong book for insights into my upgrade plan. Thanks for pointing me to the right book. > My other questions are: > a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC? samba 2.x.x doesn't support BDC >>> I thought that 2.2.x introduced some BDC functionality. No? >> No - apparently saying it once isn't enough though. > Samba-2.2.x CAN be used as a BDC, but it was not officially supported. > It is officially supported in Samba-3.0.x. My question about BDC was not whether 2.2.x could be used as a BDC, but rather, if I should expect any problems in using 3.x as a BDC for a 2.2.5 PDC (which I'm still unsure of, but I'll drop it in hopes of finding an answer in the Samba-3 by Example book). Perhaps I could have written that more clearly in the first instance. Apologies for creating the confusion there. -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Friday 25 November 2005 20:06, Craig White wrote: > On Fri, 2005-11-25 at 21:33 -0500, Kevin wrote: > > Thanks for your reply, Craig. > > > > Craig White wrote: > > >>My first question for the list is: which one of these methods is likely > > >>to be least problematic and least time-consuming? > > > > > > > > > least problematic and least time consuming would probably involve > > > making sure that all of the user profiles are set to local, setting up > > > new samba 3/ldap and re-joining the computers to the new domain and > > > then migrating the user profiles back to roaming on the new domain if > > > desired. > > > > > > > Really!? I would've thought that to be the most problematic and most > > time-consuming. > > > you asked for an opinion and you got mine...10 users, 10 > machines...easier/better/safer/quicker to do new setup and have machines > join new domain. Myself, I would probably migrate it rather than > creating a new setup. One of the things that weighed in on my opinion in > your case was remembering my first setups of samba 3.0.0 and discovering > that samba 3.0.x in barely resembles samba 2.2.x...it is an entirely > different beast. > > > > The general description you've given here is helpful, but... would I be > > looking a gift horse in the mouth by asking for a more detailed > > description? > > > > Or is there such a description in the docs somewhere that I've missed? > > After reading my Using Samba book from O'Reilly and browsing the > > Official HowTo, I don't find one. > > > > I do see this: > > > > Disabling Roaming Profile Support > > > > ... > > > > In smb.conf > > > > Affect the following settings and ALL clients will be forced to use > > a local profile: logon home = and logon path = > > > > The arguments to these parameters must be left blank. It is > > necessary to include the = sign to specifically assign the empty value. > > > > The text formatting may be making that statement a little confusing to > > me. Should I read that as: > > > > smb.conf > > = > > logon home = > > logon path = > > = > > > > Just want to make sure. > > > yes > > > > If I do this and take the old PDC offline, users will still be able to > > login? > > > if the PDC is offline, users won't be able to login unless the system > provides cached credentials. > > > > I thought the user profiles were just the files to make up the > > user desktop; not the authentication credentials. Perhaps I'm mistaken > > on that point. > > > that is pretty much an accurate description > > > > And won't rejoining the computers to the new domain end up renaming all > > of the users' local directory structures (under the "Documents and > > Settings" folder on the local windows client) and thereby making the > > users' locally stored data inaccessible to them? I seem to recall this > > happening when I've rejoined computer clients to a new domain in the > > past. > > > I already answered this in the previous email - you need to review the > samba 'How-To' on migrating user profiles. It seems that my message is not getting through! If you want deployment information - read the book "Samba-3 by Example". That book, part of the official Samba documenation, provides prescriptive guidance for Samba deployment, migration and update/upgrade tasks. If you need a mechanics guide, read the book "The Official Samba-3 HOWTO and Reference Guide". This book provides barest essentials that demonstrate how particular features of Samba-3 can be used - it does NOT set out to provide detailed prescriptive guidance. This book does not set out to demonstrate in step-by-step fashion how one might migrate from Samba-2.x to Samba-3.x - it DOES describe changes in the Samba smb.conf parameters - but does not explain how to update/upgrade. For that you need to refer to chapter 8 of the book "Samba-3 by Example". > > > > Setting up the new samba 3/ldap domain I'm sure I'll find well > > documented, but it seems to me that in upgrading, I'll have a host of > > issues to deal with that someone setting up a brand new samba 3/ldap > > domain wouldn't have to worry about. Please, show me what I've missed so it can be added to the documentation. > > > > > > samba 2.x.x doesn't support BDC > > > > > > > I thought that 2.2.x introduced some BDC functionality. No? > > > No - apparently saying it once isn't enough though. Samba-2.2.x CAN be used as a BDC, but it was not officially supported. It is officially supported in Samba-3.0.x. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Fri, 2005-11-25 at 21:33 -0500, Kevin wrote: > Thanks for your reply, Craig. > > Craig White wrote: > >>My first question for the list is: which one of these methods is likely > >>to be least problematic and least time-consuming? > > > > > > least problematic and least time consuming would probably involve making > > sure that all of the user profiles are set to local, setting up new > > samba 3/ldap and re-joining the computers to the new domain and then > > migrating the user profiles back to roaming on the new domain if > > desired. > > > > Really!? I would've thought that to be the most problematic and most > time-consuming. you asked for an opinion and you got mine...10 users, 10 machines...easier/better/safer/quicker to do new setup and have machines join new domain. Myself, I would probably migrate it rather than creating a new setup. One of the things that weighed in on my opinion in your case was remembering my first setups of samba 3.0.0 and discovering that samba 3.0.x in barely resembles samba 2.2.x...it is an entirely different beast. > > The general description you've given here is helpful, but... would I be > looking a gift horse in the mouth by asking for a more detailed description? > > Or is there such a description in the docs somewhere that I've missed? > After reading my Using Samba book from O'Reilly and browsing the > Official HowTo, I don't find one. > > I do see this: > > Disabling Roaming Profile Support > > ... > > In smb.conf > > Affect the following settings and ALL clients will be forced to use > a local profile: logon home = and logon path = > > The arguments to these parameters must be left blank. It is > necessary to include the = sign to specifically assign the empty value. > > The text formatting may be making that statement a little confusing to > me. Should I read that as: > > smb.conf > = > logon home = > logon path = > = > > Just want to make sure. yes > > If I do this and take the old PDC offline, users will still be able to > login? if the PDC is offline, users won't be able to login unless the system provides cached credentials. > I thought the user profiles were just the files to make up the > user desktop; not the authentication credentials. Perhaps I'm mistaken > on that point. that is pretty much an accurate description > > And won't rejoining the computers to the new domain end up renaming all > of the users' local directory structures (under the "Documents and > Settings" folder on the local windows client) and thereby making the > users' locally stored data inaccessible to them? I seem to recall this > happening when I've rejoined computer clients to a new domain in the past. I already answered this in the previous email - you need to review the samba 'How-To' on migrating user profiles. > > Setting up the new samba 3/ldap domain I'm sure I'll find well > documented, but it seems to me that in upgrading, I'll have a host of > issues to deal with that someone setting up a brand new samba 3/ldap > domain wouldn't have to worry about. > > > > > > samba 2.x.x doesn't support BDC > > > > I thought that 2.2.x introduced some BDC functionality. No? No - apparently saying it once isn't enough though. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
Thanks for your reply, Craig. Craig White wrote: >>My first question for the list is: which one of these methods is likely >>to be least problematic and least time-consuming? > > > least problematic and least time consuming would probably involve making > sure that all of the user profiles are set to local, setting up new > samba 3/ldap and re-joining the computers to the new domain and then > migrating the user profiles back to roaming on the new domain if > desired. > Really!? I would've thought that to be the most problematic and most time-consuming. The general description you've given here is helpful, but... would I be looking a gift horse in the mouth by asking for a more detailed description? Or is there such a description in the docs somewhere that I've missed? After reading my Using Samba book from O'Reilly and browsing the Official HowTo, I don't find one. I do see this: Disabling Roaming Profile Support ... In smb.conf Affect the following settings and ALL clients will be forced to use a local profile: logon home = and logon path = The arguments to these parameters must be left blank. It is necessary to include the = sign to specifically assign the empty value. The text formatting may be making that statement a little confusing to me. Should I read that as: smb.conf = logon home = logon path = = Just want to make sure. If I do this and take the old PDC offline, users will still be able to login? I thought the user profiles were just the files to make up the user desktop; not the authentication credentials. Perhaps I'm mistaken on that point. And won't rejoining the computers to the new domain end up renaming all of the users' local directory structures (under the "Documents and Settings" folder on the local windows client) and thereby making the users' locally stored data inaccessible to them? I seem to recall this happening when I've rejoined computer clients to a new domain in the past. Setting up the new samba 3/ldap domain I'm sure I'll find well documented, but it seems to me that in upgrading, I'll have a host of issues to deal with that someone setting up a brand new samba 3/ldap domain wouldn't have to worry about. > > samba 2.x.x doesn't support BDC > I thought that 2.2.x introduced some BDC functionality. No? Thanks for your thoughts, Craig. -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
On Fri, 2005-11-25 at 10:55 -0500, Kevin wrote: > Hi Folks- > > I'll start by saying thanks to all the people who have made samba and > shared it as open source software. Samba is truly an amazing suite of > software. > > I have a small domain of less than 10 clients which is currently being > controlled with a Samba 2.2.5 PDC running on a Compaq x86 server with a > very old Suse Linux 8.1 OS. > > Since setting up this Compaq server, my preferred distribution has > changed from Suse to Gentoo and my ultimate goal is to upgrade the OS on > the Compaq server to Gentoo. Perhaps the biggest reason for the change > in preference is the difficulty I've found in upgrading any rpm-based > distribution. Because I've tried it so many times and lost days or > weeks of time in the process, I don't think I even want to try a direct > upgrade of the samba-2.2.5-80 rpm on this Suse 8.1 OS, but I thought > that I would instead, install a new server on the network with the > Gentoo distribution and all of the latest software in Gentoo portage. > With that in place, I figured I would slowly migrate the services > currently being provided by the Compaq server to the new server. Since > the PDC and other samba services are the most mission-critical > components of the network, the biggest step in the process seems like it > will be getting the new server set up to do all of the PDC and other > functions of the old Compaq server. One important aspect of the > migration is that I'd ultimately like to end up using ldap as the > backend database. > > It seems to me that there are at least two ways to go about performing > this migration step: > > 1) make the new server a PDC with the ldap backend; once running, and > all other services are unloaded onto the new server, take the Compaq > server offline and upgrade it to Gentoo, maybe making it a BDC (or not > using a BDC at all). > > 2) make the new server a BDC (not sure if I would have a choice in the > backend here) to the old PDC, then upgrade the old Compaq server from > Suse 8.1 to Gentoo, and restore it as the PDC for the domain after > upgrading the whole OS and samba to the latest release > > My first question for the list is: which one of these methods is likely > to be least problematic and least time-consuming? least problematic and least time consuming would probably involve making sure that all of the user profiles are set to local, setting up new samba 3/ldap and re-joining the computers to the new domain and then migrating the user profiles back to roaming on the new domain if desired. > > My other questions are: > > a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC? samba 2.x.x doesn't support BDC > > b) If I go with method 2 above, am I right in thinking that I'd have to > stay with the smbpasswd backend for the BDC (which is what the PDC > uses)? This would only be a very temporary arrangement; I realize that > it's discouraged in the docs. If not, and if ldap could be the backend > for the BDC somehow, then how would I accomplish this? samba 2.x.x ldap structure is different than samba 3.x.x structure > > c) If I go with method 1 above (seems like it might be easier to me > right now), what are the key files that need to come over from the old > server to the new server? I realize that the contents of (at least some > of, and maybe all of) these files would probably need to be revised > somehow (maybe putting them in the LDAP Directory), but what information > must be preserved from the old machine to make sure that I don't have to > go around to all of the clients and add them to a new domain? 10 machines, I'd probably opt for joining them to new domain. > > d) I'd obviously like for it to be a seamless transition as far as the > clients go and the fact that the two servers will have different IP > addresses is a concern there. And if I go with method 2, will the > clients need any reconfiguration to use the BDC for login (until the > Compaq server can be upgraded to Gentoo and be back in business as the PDC)? > > e) Relating to the set of questions in (c), if I have an existing > openldap-v2.2.27 server running with a few LDAP Directories (with a > domain/contact sort of schema built from LDAP fields in existing schemas > like inetperson and courierimap and a few others) in it on a third > server, would it be possible to use one of the existing Directories as > the ldap backend authentication source for the new samba server or would > I need to create a new Directory with a "samba-only" schema to be the > ldap backend? no - you should be able to add samba ldap attributes to existing DSA Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Best way to upgrade domain from control by 2.2.5 PDC to control by 3.0.20b PDC
Hi Folks- I'll start by saying thanks to all the people who have made samba and shared it as open source software. Samba is truly an amazing suite of software. I have a small domain of less than 10 clients which is currently being controlled with a Samba 2.2.5 PDC running on a Compaq x86 server with a very old Suse Linux 8.1 OS. Since setting up this Compaq server, my preferred distribution has changed from Suse to Gentoo and my ultimate goal is to upgrade the OS on the Compaq server to Gentoo. Perhaps the biggest reason for the change in preference is the difficulty I've found in upgrading any rpm-based distribution. Because I've tried it so many times and lost days or weeks of time in the process, I don't think I even want to try a direct upgrade of the samba-2.2.5-80 rpm on this Suse 8.1 OS, but I thought that I would instead, install a new server on the network with the Gentoo distribution and all of the latest software in Gentoo portage. With that in place, I figured I would slowly migrate the services currently being provided by the Compaq server to the new server. Since the PDC and other samba services are the most mission-critical components of the network, the biggest step in the process seems like it will be getting the new server set up to do all of the PDC and other functions of the old Compaq server. One important aspect of the migration is that I'd ultimately like to end up using ldap as the backend database. It seems to me that there are at least two ways to go about performing this migration step: 1) make the new server a PDC with the ldap backend; once running, and all other services are unloaded onto the new server, take the Compaq server offline and upgrade it to Gentoo, maybe making it a BDC (or not using a BDC at all). 2) make the new server a BDC (not sure if I would have a choice in the backend here) to the old PDC, then upgrade the old Compaq server from Suse 8.1 to Gentoo, and restore it as the PDC for the domain after upgrading the whole OS and samba to the latest release My first question for the list is: which one of these methods is likely to be least problematic and least time-consuming? My other questions are: a) Any problems with a samba-3.x BDC backing up a samba 2.2.5 PDC? b) If I go with method 2 above, am I right in thinking that I'd have to stay with the smbpasswd backend for the BDC (which is what the PDC uses)? This would only be a very temporary arrangement; I realize that it's discouraged in the docs. If not, and if ldap could be the backend for the BDC somehow, then how would I accomplish this? c) If I go with method 1 above (seems like it might be easier to me right now), what are the key files that need to come over from the old server to the new server? I realize that the contents of (at least some of, and maybe all of) these files would probably need to be revised somehow (maybe putting them in the LDAP Directory), but what information must be preserved from the old machine to make sure that I don't have to go around to all of the clients and add them to a new domain? d) I'd obviously like for it to be a seamless transition as far as the clients go and the fact that the two servers will have different IP addresses is a concern there. And if I go with method 2, will the clients need any reconfiguration to use the BDC for login (until the Compaq server can be upgraded to Gentoo and be back in business as the PDC)? e) Relating to the set of questions in (c), if I have an existing openldap-v2.2.27 server running with a few LDAP Directories (with a domain/contact sort of schema built from LDAP fields in existing schemas like inetperson and courierimap and a few others) in it on a third server, would it be possible to use one of the existing Directories as the ldap backend authentication source for the new samba server or would I need to create a new Directory with a "samba-only" schema to be the ldap backend? Thanks for any replies. -Kevin -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
