Web lists-archives.com

Re: [Samba] No good way to migrate 4.1 on Server A to 4.7.6 on New Server B




On Mon, 26 Nov 2018 09:32:20 -0500
Glenn Bergeron via samba <samba@xxxxxxxxxxxxxxx> wrote:

> 
> On 2018-11-26, 4:07 AM, "Rowland Penny" <rpenny@xxxxxxxxx> wrote:
> 
>     > 
>     > [global]
>     > 	netbios name = ISOFS2
>     > 	realm = ISO.PRIVATE
>     > 	server role = active directory domain controller
>     > 	workgroup = ISO
>     > 	ldap server require strong auth = no #Was required for
>     > FSMO transfer from old server dns forwarder = 1.1.1.1
>     > 	vfs objects = acl_xattr
>     > 	map acl inherit = yes
>     > 	hide dot files = yes
>     > 	store dos attributes = yes
>     
>     Oh dear, you have confused Samba, 'acl_xattr etc' is built into a
> DC
> 
>     
>     Can I suggest you change the [global] part to just this:
>     
>     [global]
>     	netbios name = ISOFS2
>     	realm = ISO.PRIVATE
>     	server role = active directory domain controller
>     	workgroup = ISO
>     	ldap server require strong auth = no #Was required for
> FSMO transfer from old server dns forwarder = 1.1.1.1
>     	idmap_ldb:use rfc2307 = yes
> 
> 
> 
> What do you mean by "vfs objects = acl_xattr" is built into a DC?

Just what I said, it is built into a Samba DC:

root@dc4:~# samba-tool testparm -v | grep 'vfs objects'

	vfs objects = 

> Unless you mean this is something that's changed in a newer version
> of Samba than I originally had this option in. I added " vfs objects
> = acl_xattr" long ago on the original server as a result of pain
> associated with file permissions constantly being reset to only being
> writable by the last person who saved a file on a share. At least, I
> think that was the reason - it was a few years ago. It could have
> also had to do with the fact that, at the time, there was a couple of
> shares that OSX machines had to access as well, and they had their
> own idea of how to implement SMB. 
> 
> I don't remember why I needed "map acl inherit = yes", and "store dos
> attributes = yes", but they would have been added to solve a problem.
> If they're there, then they seem to have worked. At least back then.
> 
> The "hide dot files" also has to do with Macs accessing the shares,
> as they drop a file called ".DS_Store" in every directory it touches. 

OK, so you need that one, the others, you do not.

>     
>     Do you sync idmap.ldb as well ?
> 
> I probably did afterwards without implicitly looking for that file,
> by re-synching what's under /var/lib/samba. 

You shouldn't have to re-synch /var/lib/samba, in fact you shouldn't,
sam.ldb is in /var/lib/samba/private and this shouldn't be synched
between DC's


>After all, things are
> suddenly working now - after I did those last steps of changing the
> DNS on the workstations to use the new server as its Primary, and
> changing the roaming profile paths to reflect "isofs2". 
> 
> One thing to add though. Now that I've shut off the old server, I'm
> getting errors in the logs of the new server about not being able to
> connect to - I assume the old server, probably to sync. I thought I
> prevented that but I guess I missed a step. What did I miss?
> 

How did you demote the old DC.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba