Re: [Samba] How to migrate Active Directory from one Samba4 server to another
Original-Nachricht > Datum: Thu, 16 Aug 2012 13:29:42 +0200 > Von: x-dimens...@gmx.net > An: samba@lists.samba.org > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4 server > to another > > Original-Nachricht > > > Datum: Mon, 13 Aug 2012 17:47:35 +1000 > > > Von: Andrew Bartlett > > > An: x-dimens...@gmx.net > > > CC: samba@lists.samba.org > > > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4 > > server to another > > > > > On Sat, 2012-08-11 at 22:03 +0200, x-dimens...@gmx.net wrote: > > > > Hello! > > > > > > > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain > > controller > > > in a small production environment and because the Resara development > has > > > ended we want to switch to a plain Samba4 beta based Ubuntu > > 12.04/Zentyal > > > Server. > > > > I have installed and configured the new server with the same > > domain-name > > > and the same hostname like the old server. > > > > How can i export the Active Directory from the old server and import > > it > > > to the new Samba4 server? > > > > > > Something like this (unstested): > > > > > > Use a different hostname, then run 'samba-tool domain join' to join it > > > to the first domain. Then you can use the > > > source4/scripting/bin/renamedc script to rename it back to the name of > > > the first DC, after running 'samba-tool domain demote' on it. > > > > > > You may need to seize FSMO roles from one DC to the other with > > > 'samba-tool domain fsmo'. > > > > > > > Do i need to rejoin the clients to the domain, after this? > > > > > > No. > > > > > > Additional complications may include DNS configuration. You may need > to > > > use --dns-backend=none on the join command. > > > > > > This is just a series of hints to get you started. Hopefully you can > > > work it out from here. > > > > > > Andrew Bartlett > > > > > > -- > > > Andrew Bartlett > > http://samba.org/~abartlet/ > > > Authentication Developer, Samba Team http://samba.org > > > > > > > > Thank you Andrew, this was very helpful! > > Joining the new Samba4 Server to the old one replicates the Active > > Directory without a problem! After shutting down the old server, > renaming the new > > server and restore smb.conf and krb5.conf i can access the new server > with > > RSAT now. :-) > > > > What does not work is the dns-backend! :-( > > After the AD replication the DNS snap-in from RSAT does not work > anymore. > > The join option "--dns-backend=none" is not available here > > (Samba4.0.0beta2 Zentyal package) > > Is there another way to get DNS working after the replication from the > old > > server? > > > > I have also another question: What does the "renamedc" script do? > > When i start it, it always tells me that there are opened transactions > and > > so it can't run. > > Because of this i simple change the hostname in /etc/hostname/ and > > /etc/hosts and run hostname -F /etc/hostname. After a restart all looks > good so > > far. (but i haven't tested it very much) > > > > THX > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > I've tried now also Samba4.0.0beta6 and when i join this server with the > --dns-backend=NONE option to the old samba4alpha PDC i have no working DNS > service on the new Samba server. Bind9 won't start because it can't find > sam.ldb. This file is created on provisioning the Samba server the first time, > but while our old Resara Server uses plain Bind without the > Samba-LDAP-backend sam.ldb is not created when joining the new server to the > existing > domain. > Is there a way setup the DNS-part after the replication, so that it uses > the internal LDAP of Samba4? I don't need to get the DNS entries of the old > server to the new server, but i need a working DNS-Samba/LDAP Backend to > create Zones and entries with RSAT. > > Thx for help! > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba I'm now a big step ahead and i get the
Re: [Samba] How to migrate Active Directory from one Samba4 server to another
On Mon, 2012-08-13 at 19:56 +0200, x-dimens...@gmx.net wrote: > Original-Nachricht > > Datum: Mon, 13 Aug 2012 17:47:35 +1000 > > Von: Andrew Bartlett > > An: x-dimens...@gmx.net > > CC: samba@lists.samba.org > > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4 server > > to another > > > On Sat, 2012-08-11 at 22:03 +0200, x-dimens...@gmx.net wrote: > > > Hello! > > > > > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain controller > > in a small production environment and because the Resara development has > > ended we want to switch to a plain Samba4 beta based Ubuntu 12.04/Zentyal > > Server. > > > I have installed and configured the new server with the same domain-name > > and the same hostname like the old server. > > > How can i export the Active Directory from the old server and import it > > to the new Samba4 server? > > > > Something like this (unstested): > > > > Use a different hostname, then run 'samba-tool domain join' to join it > > to the first domain. Then you can use the > > source4/scripting/bin/renamedc script to rename it back to the name of > > the first DC, after running 'samba-tool domain demote' on it. > > > > You may need to seize FSMO roles from one DC to the other with > > 'samba-tool domain fsmo'. > > > > > Do i need to rejoin the clients to the domain, after this? > > > > No. > > > > Additional complications may include DNS configuration. You may need to > > use --dns-backend=none on the join command. > > > > This is just a series of hints to get you started. Hopefully you can > > work it out from here. > > > > Andrew Bartlett > > > > -- > > Andrew Bartletthttp://samba.org/~abartlet/ > > Authentication Developer, Samba Team http://samba.org > > > > > Thank you Andrew, this was very helpful! > Joining the new Samba4 Server to the old one replicates the Active Directory > without a problem! After shutting down the old server, renaming the new > server and restore smb.conf and krb5.conf i can access the new server with > RSAT now. :-) > > What does not work is the dns-backend! :-( > After the AD replication the DNS snap-in from RSAT does not work anymore. > The join option "--dns-backend=none" is not available here (Samba4.0.0beta2 > Zentyal package) > Is there another way to get DNS working after the replication from the old > server? > > I have also another question: What does the "renamedc" script do? > When i start it, it always tells me that there are opened transactions and so > it can't run. > Because of this i simple change the hostname in /etc/hostname/ and /etc/hosts > and run hostname -F /etc/hostname. After a restart all looks good so far. > (but i haven't tested it very much) If you don't rename it in the database, then it won't be able to accept kerberos tickets under it's new name, and other bad things will happen, particularly once you decommission the old name (particularly to do with replication). We may need to work out why the script fails for you (and probably promote it to be a samba-tool command). Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate Active Directory from one Samba4 server to another
> Original-Nachricht > > Datum: Mon, 13 Aug 2012 17:47:35 +1000 > > Von: Andrew Bartlett > > An: x-dimens...@gmx.net > > CC: samba@lists.samba.org > > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4 > server to another > > > On Sat, 2012-08-11 at 22:03 +0200, x-dimens...@gmx.net wrote: > > > Hello! > > > > > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain > controller > > in a small production environment and because the Resara development has > > ended we want to switch to a plain Samba4 beta based Ubuntu > 12.04/Zentyal > > Server. > > > I have installed and configured the new server with the same > domain-name > > and the same hostname like the old server. > > > How can i export the Active Directory from the old server and import > it > > to the new Samba4 server? > > > > Something like this (unstested): > > > > Use a different hostname, then run 'samba-tool domain join' to join it > > to the first domain. Then you can use the > > source4/scripting/bin/renamedc script to rename it back to the name of > > the first DC, after running 'samba-tool domain demote' on it. > > > > You may need to seize FSMO roles from one DC to the other with > > 'samba-tool domain fsmo'. > > > > > Do i need to rejoin the clients to the domain, after this? > > > > No. > > > > Additional complications may include DNS configuration. You may need to > > use --dns-backend=none on the join command. > > > > This is just a series of hints to get you started. Hopefully you can > > work it out from here. > > > > Andrew Bartlett > > > > -- > > Andrew Bartlett > http://samba.org/~abartlet/ > > Authentication Developer, Samba Team http://samba.org > > > > > Thank you Andrew, this was very helpful! > Joining the new Samba4 Server to the old one replicates the Active > Directory without a problem! After shutting down the old server, renaming the > new > server and restore smb.conf and krb5.conf i can access the new server with > RSAT now. :-) > > What does not work is the dns-backend! :-( > After the AD replication the DNS snap-in from RSAT does not work anymore. > The join option "--dns-backend=none" is not available here > (Samba4.0.0beta2 Zentyal package) > Is there another way to get DNS working after the replication from the old > server? > > I have also another question: What does the "renamedc" script do? > When i start it, it always tells me that there are opened transactions and > so it can't run. > Because of this i simple change the hostname in /etc/hostname/ and > /etc/hosts and run hostname -F /etc/hostname. After a restart all looks good > so > far. (but i haven't tested it very much) > > THX > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba I've tried now also Samba4.0.0beta6 and when i join this server with the --dns-backend=NONE option to the old samba4alpha PDC i have no working DNS service on the new Samba server. Bind9 won't start because it can't find sam.ldb. This file is created on provisioning the Samba server the first time, but while our old Resara Server uses plain Bind without the Samba-LDAP-backend sam.ldb is not created when joining the new server to the existing domain. Is there a way setup the DNS-part after the replication, so that it uses the internal LDAP of Samba4? I don't need to get the DNS entries of the old server to the new server, but i need a working DNS-Samba/LDAP Backend to create Zones and entries with RSAT. Thx for help! -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate Active Directory from one Samba4 server to another
Original-Nachricht > Datum: Mon, 13 Aug 2012 17:47:35 +1000 > Von: Andrew Bartlett > An: x-dimens...@gmx.net > CC: samba@lists.samba.org > Betreff: Re: [Samba] How to migrate Active Directory from one Samba4 server > to another > On Sat, 2012-08-11 at 22:03 +0200, x-dimens...@gmx.net wrote: > > Hello! > > > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain controller > in a small production environment and because the Resara development has > ended we want to switch to a plain Samba4 beta based Ubuntu 12.04/Zentyal > Server. > > I have installed and configured the new server with the same domain-name > and the same hostname like the old server. > > How can i export the Active Directory from the old server and import it > to the new Samba4 server? > > Something like this (unstested): > > Use a different hostname, then run 'samba-tool domain join' to join it > to the first domain. Then you can use the > source4/scripting/bin/renamedc script to rename it back to the name of > the first DC, after running 'samba-tool domain demote' on it. > > You may need to seize FSMO roles from one DC to the other with > 'samba-tool domain fsmo'. > > > Do i need to rejoin the clients to the domain, after this? > > No. > > Additional complications may include DNS configuration. You may need to > use --dns-backend=none on the join command. > > This is just a series of hints to get you started. Hopefully you can > work it out from here. > > Andrew Bartlett > > -- > Andrew Bartletthttp://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > > Thank you Andrew, this was very helpful! Joining the new Samba4 Server to the old one replicates the Active Directory without a problem! After shutting down the old server, renaming the new server and restore smb.conf and krb5.conf i can access the new server with RSAT now. :-) What does not work is the dns-backend! :-( After the AD replication the DNS snap-in from RSAT does not work anymore. The join option "--dns-backend=none" is not available here (Samba4.0.0beta2 Zentyal package) Is there another way to get DNS working after the replication from the old server? I have also another question: What does the "renamedc" script do? When i start it, it always tells me that there are opened transactions and so it can't run. Because of this i simple change the hostname in /etc/hostname/ and /etc/hosts and run hostname -F /etc/hostname. After a restart all looks good so far. (but i haven't tested it very much) THX -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Re: [Samba] How to migrate Active Directory from one Samba4 server to another
On Sat, 2012-08-11 at 22:03 +0200, x-dimens...@gmx.net wrote: > Hello! > > We are using a Samba4.0.0alpha19 (Resara 1.1.2) based domain controller in a > small production environment and because the Resara development has ended we > want to switch to a plain Samba4 beta based Ubuntu 12.04/Zentyal Server. > I have installed and configured the new server with the same domain-name and > the same hostname like the old server. > How can i export the Active Directory from the old server and import it to > the new Samba4 server? Something like this (unstested): Use a different hostname, then run 'samba-tool domain join' to join it to the first domain. Then you can use the source4/scripting/bin/renamedc script to rename it back to the name of the first DC, after running 'samba-tool domain demote' on it. You may need to seize FSMO roles from one DC to the other with 'samba-tool domain fsmo'. > Do i need to rejoin the clients to the domain, after this? No. Additional complications may include DNS configuration. You may need to use --dns-backend=none on the join command. This is just a series of hints to get you started. Hopefully you can work it out from here. Andrew Bartlett -- Andrew Bartletthttp://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
