Web lists-archives.com

Re: [Samba] DM 3.6.25 -> 4.x




Am 2018-05-30 um 10:08 schrieb Rowland Penny via samba:

>> We have backups on tapes everyday, that is part of my job as well.
> 
> Make sure the backups contain everything but the OS, from my
> experience, tape backups only contain some of the data. Whilst we are
> talking about tape backups, hasn't anybody realised that tape backups
> are so last century and from my experience very unreliable.

Not from my experience.
Tapes have less moving parts and a way longer lifetime than (rotating)
disks (spinning rust). OK, ymmv but LTO works reliably here.

And yes, we have / on tape. I am the amanda backup admin there as well
so we have that ;-) thanks for the pointer, though

>>> The config below is really outdated yes. This is what i would start
>>> with. 
>>>
>>>  [global]
>>>  	netbios name = U1SECRETCUSTOMER
>>> 	netbios aliases = samba
>>> 	server string = U1SECRETCUSTOMER
>>>     
>>> 	security = ads
>>> 	workgroup = SECRETCUSTOMER
>>> 	realm = SECRETCUSTOMER.INTRA
>>>
>>> 	domain master = no
>>> 	local master = no
>>> 	preferred master = no
>>>  
>>> 	interfaces = 192.168.100.4/24
>>> 	bind interfaces only = Yes
>>>     	
>>> 	idmap config * : backend = tdb
>>> 	idmap config * : range = 2000-9999
>>> 	idmap config SECRETCUSTOMER : backend = rid
>>> 	idmap config SECRETCUSTOMER : range = 10000-20000
>>> 	
>>> 	# depending on the samba version. You might need these.
> 
> You missed a line Louis ;-)
> 
>         # but only if you use the 'ad' backend
>  
>>> 	#idmap config SECRETCUSTOMER : unix_nss_info = yes
>>> 	#idmap config SECRETCUSTOMER : unix_primary_group = yes
>>>
>>> 	winbind use default domain = yes
>>> 	
>>> 	winbind nss info = template
>>> 	template homedir = /mnt/MSA2040/smb/Homes/%D/%U
>>> 	template shell = /bin/false
> 
> Two out of the three lines above are defaults
> 
>>>
>>> 	vfs objects = acl_xattr
>>> 	map acl inherit = Yes
>>> 	store dos attributes = Yes
>>>
>>> 	unix extensions = no
>>> 	follow symlinks= yes
>>> 	wide links= yes
>>> 	unix charset = iso8859-15
>>> 	force unknown acl user = Yes
>>>
>>> 	load printers = no
>>> 	printcap name = /dev/null
>>> 	disable spoolss = yes
>>>
>>>  # Audit settings
>>>      vfs objects = full_audit
>>>      full_audit:prefix = %u|%I|%S
>>>      full_audit:failure = connect
>>>      full_audit:success = mkdir rmdir write pwrite rename unlink
>>> chmod fchmod chown fchown ftruncate full_audit:facility = local5
>>>      full_audit:priority = notice
>>
>> Yes, thanks.
>> The idmap stuff scares me the most ;-)
> 
> Why ? Once you get your head around it, you will probably wonder why
> yourself ;-)

Why? because I had to readjust that >3 times at another site, every time
was like "this is correct" and after a while something else popped up.


>> I will see when to start that, I have to keep the downtime at minimum
>> etc
>>
>> Would it make sense to do some intermediate step to a lower 4.x
>> version or go straight from 3.6.25 to 4.8.2 ?
> 
> On a Unix domain member it won't make any difference, just go direct to
> 4.8.2

great

I asked them for a maintenance slot, we will see.
Holiday tmrw, I am injured from sports ... so I have time for that ;-)

Stefan

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba