search

AnrDaemon / samba4-ads

1 stars 1 forks source link

Migrate existing Samba3/LDAP setup to Samba4 ADS #1

Open AnrDaemon opened 9 years ago

AnrDaemon commented 9 years ago

Upgrade Samba on all hosts. Install where it is missing.

add-apt-repository ppa:9v-shaun-42/samba4
apt-get update && apt-get dist-upgrade --yes
apt-get install samba smbclient ldb-tools samba-dsdb-modules samba-vfs-modules libnss-winbind libpam-winbind libpam-krb5 krb5-user
AnrDaemon commented 9 years ago

Samba configs in

/etc/samba
/var/lib/samba
slapcat

Save configs in container and move them away from host.

cd /home/.lxc/dc1/rootfs/
cp /etc/ldap.* etc/
mkdir --parent root/Samba3-PDC/{etc,var/lib}

cd root/Samba3-PDC
cp -r /etc/samba etc && mv /etc/samba /etc/samba-3
cp -r /var/lib/samba var/lib && mv /var/lib/samba /var/lib/samba-3

Reboot everything. Just in case.

AnrDaemon commented 9 years ago

Fix little issues with moved settings.

# Link for LDAP client settings. /etc/ldap.conf and /etc/ldap/ldap.conf are used
# in different situations, but it is safe and even desirable to have them identical.
ln -fs /etc/ldap.conf /etc/ldap/ldap.conf
AnrDaemon commented 9 years ago

Disable automatic start for ALL Samba components. On both host and container.

echo manual | tee /etc/init/{samba-ad-dc,smbd,nmbd,winbind}.override
update-rc.d -f winbind remove
AnrDaemon commented 9 years ago

Make a copy of backup database in one place

cd /root/Samba3-PDC
cp -t . etc/samba/smb.conf var/lib/samba/*.tdb var/lib/samba/*.dat

Edit smb.conf to suit the changed environment. LDAP server - enter IP! Important!!

netbios name = DC1
passdb backend = ldapsam:ldap://192.168.17.1/

…then source final (pre-migration) configuration file:

samba-tool testparm --suppress-prompt -s /root/Samba3-PDC/smb.conf > /root/Samba3-PDC/smb.PDC.conf
AnrDaemon commented 9 years ago 
rm -rf /var/lib/samba /run/samba /etc/samba/smb.conf
samba-tool domain classicupgrade --dbdir=/root/Samba3-PDC --use-xattrs=yes --realm=ADS.CCENTER.LAN --option="interfaces=lo 192.168.17.0/24" /root/Samba3-PDC/smb.PDC.conf |& tee /root/Samba3-PDC/classic-upgrade-$(date +%F-%H%M).log
samba-tool domain passwordsettings set --complexity=off --min-pwd-length=1 --history-length=0 --min-pwd-age=0 --max-pwd-age=0
AnrDaemon commented 9 years ago 
ln -fs /var/lib/samba/private/krb5.conf  /etc/krb5.conf
AnrDaemon commented 7 years ago

samba-dsdb-modules is required to operate LDB database, but due to a packagind error it is not installed (only recommended).