Web lists-archives.com

Re: [Samba] Upgrading Samba




On Wed, 6 Feb 2019 15:20:56 +0400
henri transfert via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello all,
> 
> I've planned to upgrade a Samba DC from 4.6.7 to 4.9.4 .

STOP!

Do not do this directly, reports on here have shown that this will not
work.

You will have to 'walk' up the versions, it may work if you go to
4.8.3, then to 4.9.4, but you may have to go to 4.7.2 first.


> For that I will use the following method :
> 
>    - build a new DC from 4.9.4 sources (on CentOS 7)

Make sure you use Heimdal kerberos. not the Centos default MIT.

>    - join this new DC to the domain
>    - transfer the FSMO roles from the old DC (4.6.7) to the new DC
> (4.9.4)
>    - replicate the sysvoldir from old DC to new DC
>    - demote the old DC
>    - switch off the old DC
> 
> Since I prefer to ask before facing any problems, is there any issue I
> should take care about ? Especially from 4.6 to 4.9 release , is
> there any big changes or incompatibility that could be a potential
> source of troubles (Kerberos ? default values ?) ?
> Would 4.8.8 a better seamless option ?
> 
> The smb.conf of the old DC is :
> # Global parameters
> [global]
>         netbios name = OLD-DC
>         realm = MYDOM.MYCOMP.COM
>         workgroup = MYDOM
>         dns forwarder = 1.2.3.4
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         ldap server require strong auth = no
>         ntlm auth = yes
>         raw NTLMv2 auth = yes

Why are you still using the very insecure NTLMv1 ?

> 
> [netlogon]
>         path = /var/lib/samba/sysvol2/mydom.mycomp.com/scripts
>         read only = No
>         browseable = no
> 
> [sysvol]
>         path = /var/lib/samba/sysvol2
>         read only = No
>         browseable = no

Does anybody know where setting 'browseable = no' on 'netlogon' &
'sysvol' came from ?
totally redundant, there is no netbios browsing on a Samba AD DC, it
isn't in 'nbt'.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba