We're running under ClearOS Comunity Edition 7.2 up-to-date. It's still a no production server in a Hyper-V VM.
We would to try the Samba Directory (Beta) app. We already have the Samba4 DC with groups & users inserted, shares and printers and all stuffs configured and running well.
Are there some guide how to migrate from Samba4 DC to Samba4 Active Directory? Will we lost the work already done? We already have Kerberos Server running. LDAP is also Ok. DNS is provided by dnsmasq.
Thanks in advance for any help.
We would to try the Samba Directory (Beta) app. We already have the Samba4 DC with groups & users inserted, shares and printers and all stuffs configured and running well.
Are there some guide how to migrate from Samba4 DC to Samba4 Active Directory? Will we lost the work already done? We already have Kerberos Server running. LDAP is also Ok. DNS is provided by dnsmasq.
Thanks in advance for any help.
Share this post:
Responses (4)
-
Accepted Answer
I will write here some directions to migrate from Samba4 DC to Samba4 Active Directory.
Samba4 will use their own Internal DNS and Internal LDAP.
1. First of all, make some copies.
---
[Samba installed in /var/lib/samba/ ]
# mkdir -p /root/backup/var/lib/
# mkdir -p /root/backup/etc/
# service slapd stop
# slapcat > /root/backup/ldap.backup.ldif
# service slapd start
# cp -r /etc/samba/ /root/backup/etc/
# cp -r /var/lib/samba /root/backup/var/lib/
# cp -r /etc/openldap /root/backup/etc/
# cp -r /etc/ssl /root/backup/etc/
2. Keep all things up-to-date
---
# yum update
# yum install libacl-devel libblkid-devel gnutls-devel readline-devel python-devel gdb pkgconfig krb5-workstation zlib-devel setroubleshoot-server setroubleshoot-plugins policycoreutils-python libsemanage-python setools-libs-python setools-libs popt-devel libpcap-devel sqlite-devel libidn-devel libxml2-devel libacl-devel libsepol-devel libattr-devel keyutils-libs-devel cyrus-sasl-devel
# yum install samba-dc samba-dc-libs samba-python
# rpm -qf /usr/bin/samba-tool
[this will return samba-dc-4.2.10-7.v7.1.x86_64]
3. Stop Samba
---
# service smb stop
# service nmb stop
# service winbind stop
4. Prepare to migrate
---
# mkdir /root/backup/dbdir
# cp -p /var/lib/samba/*.dat /root/backup/dbdir/
# cp -p /var/lib/samba/private/*.tdb /root/backup/dbdir/
# cp -p /var/lib/samba/*.tdb /root/backup/dbdir/ ir/
[WINS stuffs will be recreated later, so renamed them]
mv /root/backup/dbdir/wins.dat /root/backup/dbdir/wins.dat.bak
mv /root/backup/dbdir/wins.tdb /root/backup/dbdir/wins.tdb.bak
[Rename the original smb.conf]
mv /etc/samba/smb.conf /etc/samba/smb.conf.bak
[If you have Kerberos installed and you have a realm, so edit /etc/krb5.conf and comment those lines that refers to your realm]
5. LDAP can not have Groups and/or users with duplicate SIDs during the migration process.
---
[I have problems here with winadmin user (cn=Windows Administrator,ou=Users,ou=Accounts,dc=example,dc=com), so I deleted it.
[I also deleted sambaSID=S-1-5-32-544 into, ou=Groups, ou=Accounts]
[I use ldapadmin (www.ldapadmin.org) from a Windows box to acess the LDAP]
6. Execute the Classic Upgrade script.
---
# samba-tool domain classicupgrade --dbdir=/root/backup/dbdir/ --use-xattrs=yes --realm=AD.EXAMPLE.COM --dns-backend=SAMBA_INTERNAL /root/backup/etc/samba/smb.conf
7. That's all, folks!
[There are some little fixes yet!]
# rm /etc/krb5.conf
# ln -sf /var/lib/samba/private/krb5.conf /etc/krb5.conf
[And double check krb5.conf]
[Edit /etc/resolv.conf]
nameserver [your,ip.adress.here]
8. Finally, install Samba Directory app.
--
# yum install app-samba-directory-core
9. Stop these services
--
# service dnsmasq stop
# service slapd stop
[If you have Kerberos, stop it]
# service krb5kdc stop
10. Double check your new /etc/samba/smb.conf
--
Use your old /etc/samba/smb.conf.bak copy to verify important things.
11. Start Samba under interactive mode
--
# samba -i
[Keep alert and find for errors!]
[If Ok, hit CTRL+C and stop it]
[if not, hit CTRL+C and go to debug it. Repeat until no more errors!]
12. That's allright! So, start Samba service.
--
# service samba start
[Check if it's running Ok!]
# systemctl status samba.service -l
[Verify if it's all running Ok!]
# ps axf | egrep "samba|smbd|winbindd"
13. Define Administrator's password
--
# samba-tool user setpassword Administrator
# net rpc rights list accounts -U'EXAMPLE\administrator' -I domain.example.com
14. Verifying the File Server
--
# smbclient -L localhost -U%
15. Verifying DNS
--
# host -t SRV _ldap._tcp.example.com
# host -t SRV _kerberos._udp.example.com
# host -t A domain.example.com
16. Verifying Kerberos
--
# kinit Administrator@AD.EXAMPLE.COM
# klist
17. Disable these service
--
# systemctl disable dnsmasq.service
# systemctl disable nmb.service
# systemctl disable krb5kdc.service
# systemctl disable slapd.service
18. Enable Samba service
--
# systemctl enable samba.service
Reference: Samba Wiki | Migrating a Samba NT4 Domain to Samba AD (Classic Upgrade) -
Accepted Answer
Samba wiki has this guide as a useful reference too.
Migrating a Samba NT4 Domain to Samba AD (Classic Upgrade) -
Accepted Answer
Nick, thanks for you reply!
That's a bad news!
I would like to keep my hope that it's possible to migrate it despite some incompatibility instead to recreate all in a new installation.
Please, If anyone has any more remote tip this would make my day so happy.
I'm going to study that thread and do some experiments.
Thanks again, Nick! -
Accepted Answer
I think that once you've chosen your directory server, you can't change so you're stuck with LDAP. Also note that Samba Directory is still really only a beta app and there are reported problems with it and there is an incompatibility list here. Also have a brief look at the sub-forum, although there are only 9 threads there.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »