Context Navigation

← Previous Change
Next Change →

upgrades.html

Timestamp:

Jan 15, 2010, 8:21:06 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3 to 3.3.10 (docs)

File:

: 1 edited

branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/upgrades.html (modified) (52 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/upgrades.html

-              r218
+              r368
 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id2598126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2598223">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2599552">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2599920">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600254">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2600436">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2600546">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600749">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2601164">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>
 <a class="indexterm" name="id2598042"></a>
 <a class="indexterm" name="id2598049"></a>
+<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 8. Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id2604185">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2604281">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2605610">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2605979">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2606312">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2606494">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2606604">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2606808">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2607222">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>
+<a class="indexterm" name="id2604100"></a>
+<a class="indexterm" name="id2604107"></a>
 It was a little difficult to select an appropriate title for this chapter.
 From email messages on the Samba mailing lists it is clear that many people
 …
 installing a new Samba server to replace an older existing Samba server.
 </p><p>
 <a class="indexterm" name="id2598065"></a>
 <a class="indexterm" name="id2598072"></a>
+<a class="indexterm" name="id2604124"></a>
+<a class="indexterm" name="id2604130"></a>
 There has also been much talk about migration of Samba-3 from an smbpasswd
 passdb backend to the use of the tdbsam or ldapsam facilities that are new
 …
 highlighted by an email posting that included the following neat remark:
 </p><div class="blockquote"><blockquote class="blockquote"><p>
 <a class="indexterm" name="id2598093"></a>
 I like the &#8220;<span class="quote">net rpc vampire</span>&#8221; on NT4, but that to my surprise does
+<a class="indexterm" name="id2604152"></a>
+I like the <span class="quote">&#8220;<span class="quote">net rpc vampire</span>&#8221;</span> on NT4, but that to my surprise does
 not seem to work against a Samba PDC and, if addressed in the Samba to Samba
 context in either book, I could not find it.
 </p></blockquote></div><p>
 <a class="indexterm" name="id2598114"></a>
+<a class="indexterm" name="id2604173"></a>
 So in response to the significant request for these situations to be better
 documented, this chapter has now been added. User contributions and documentation
 of real-world experiences are a most welcome addition to this chapter.
 </p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2598126"></a>Introduction</h2></div></div></div><p>
 <a class="indexterm" name="id2598134"></a>
 <a class="indexterm" name="id2598141"></a>
 <a class="indexterm" name="id2598148"></a>
+</p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2604185"></a>Introduction</h2></div></div></div><p>
+<a class="indexterm" name="id2604193"></a>
+<a class="indexterm" name="id2604199"></a>
+<a class="indexterm" name="id2604206"></a>
 A Windows network administrator explained in an email what changes he was
 planning to make and followed with the question: &#8220;<span class="quote">Anyone done this
 before?</span>&#8221; Many of us have upgraded and updated Samba without incident.
+planning to make and followed with the question: <span class="quote">&#8220;<span class="quote">Anyone done this
+before?</span>&#8221;</span> Many of us have upgraded and updated Samba without incident.
 Others have experienced much pain and user frustration. So it is to be hoped
 that the notes in this chapter will make a positive difference by assuring
 …
 fails to take adequate steps to avoid situations that may inflict lost
 productivity on them.
 </p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
 <a class="indexterm" name="id2598179"></a>
 <a class="indexterm" name="id2598186"></a>
+</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>
+<a class="indexterm" name="id2604237"></a>
+<a class="indexterm" name="id2604244"></a>
 Samba makes it possible to upgrade and update configuration files, but it
 is not possible to downgrade the configuration files. Please ensure that
 …
 in the rare event that this may be necessary.
 </p></div><p>
 <a class="indexterm" name="id2598200"></a>
 <a class="indexterm" name="id2598208"></a>
+<a class="indexterm" name="id2604259"></a>
+<a class="indexterm" name="id2604266"></a>
 It is prudent also to backup all data files on the server before attempting
 to perform a major upgrade. Many administrators have experienced the consequences
 …
 the precautions taken were inadequate. If a backup was not needed, but was available,
 caution was on the side of the victor.
 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2598223"></a>Cautions and Notes</h3></div></div></div><p>
         Someone once said, &#8220;<span class="quote">It is good to be sorry, but better never to need to be!</span>&#8221;
+</p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id2604281"></a>Cautions and Notes</h3></div></div></div><p>
+        Someone once said, <span class="quote">&#8220;<span class="quote">It is good to be sorry, but better never to need to be!</span>&#8221;</span>
         These are wise words of advice to those contemplating a Samba upgrade or update.
         </p><p>
         <a class="indexterm" name="id2598240"></a>
         <a class="indexterm" name="id2598247"></a>
         <a class="indexterm" name="id2598254"></a>
+        <a class="indexterm" name="id2604299"></a>
+        <a class="indexterm" name="id2604305"></a>
+        <a class="indexterm" name="id2604312"></a>
         This is as good a time as any to define the terms <code class="constant">upgrade</code> and
         <code class="constant">update</code>. The term <code class="constant">upgrade</code> refers to
 …
         is in development.
         </p><p>
         <a class="indexterm" name="id2598281"></a>
+        <a class="indexterm" name="id2604339"></a>
         The term <code class="constant">update</code> refers to a minor version number installation
         in place of one of the same generation. For example, updating from Samba 3.0.10 to 3.0.14
         is an update. The move from Samba 2.0.7 to 3.0.14 is an upgrade.
         </p><p>
         <a class="indexterm" name="id2598298"></a>
+        <a class="indexterm" name="id2604356"></a>
         While the use of these terms is an exercise in semantics, what needs to be realized
         is that there are major functional differences between a Samba 2.x release and a Samba
 …
         modified to preserve prior functionality.
         </p><p>
         There is an old axiom that says, &#8220;<span class="quote">The greater the volume of the documentation,
+        There is an old axiom that says, <span class="quote">&#8220;<span class="quote">The greater the volume of the documentation,
         the greater the risk that noone will read it, but where there is no documentation,
         noone can read it!</span>&#8221; While true, some documentation is an evil necessity.
+        noone can read it!</span>&#8221;</span> While true, some documentation is an evil necessity.
         It is hoped that this update to the documentation will avoid both extremes.
         </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2598326"></a>Security Identifiers (SIDs)</h4></div></div></div><p>
         <a class="indexterm" name="id2598334"></a>
         <a class="indexterm" name="id2598344"></a>
         <a class="indexterm" name="id2598350"></a>
         <a class="indexterm" name="id2598357"></a>
         <a class="indexterm" name="id2598364"></a>
         <a class="indexterm" name="id2598373"></a>
+        </p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id2604385"></a>Security Identifiers (SIDs)</h4></div></div></div><p>
+        <a class="indexterm" name="id2604393"></a>
+        <a class="indexterm" name="id2604402"></a>
+        <a class="indexterm" name="id2604409"></a>
+        <a class="indexterm" name="id2604416"></a>
+        <a class="indexterm" name="id2604422"></a>
+        <a class="indexterm" name="id2604432"></a>
         Before the days of Windows NT and OS/2, every Windows and DOS networking client
         that used the SMB protocols was an entirely autonomous entity. There was no concept
 …
         Windows NT 3.10.
         </p><p>
         <a class="indexterm" name="id2598393"></a>
         <a class="indexterm" name="id2598400"></a>
         <a class="indexterm" name="id2598407"></a>
         <a class="indexterm" name="id2598414"></a>
         <a class="indexterm" name="id2598420"></a>
         <a class="indexterm" name="id2598427"></a>
+        <a class="indexterm" name="id2604451"></a>
+        <a class="indexterm" name="id2604458"></a>
+        <a class="indexterm" name="id2604465"></a>
+        <a class="indexterm" name="id2604472"></a>
+        <a class="indexterm" name="id2604478"></a>
+        <a class="indexterm" name="id2604485"></a>
         Versions of Samba prior to 1.9 did not make use of a SID. Instead they make exclusive use
         of the username that is embedded in the SessionSetUpAndX component of the connection
         setup process between a Windows client and an SMB/CIFS server.
         </p><p>
         <a class="indexterm" name="id2598444"></a>
         <a class="indexterm" name="id2598450"></a>
         <a class="indexterm" name="id2598457"></a>
+        <a class="indexterm" name="id2604502"></a>
+        <a class="indexterm" name="id2604509"></a>
+        <a class="indexterm" name="id2604515"></a>
         Around November 1997 support was added to Samba-1.9 to handle the Windows security
         RPC-based protocols that implemented support for Samba to store a machine SID. This
         information was stored in a file called <code class="filename">MACHINE.SID.</code>
         </p><p>
         <a class="indexterm" name="id2598476"></a>
         <a class="indexterm" name="id2598483"></a>
         <a class="indexterm" name="id2598490"></a>
+        <a class="indexterm" name="id2604535"></a>
+        <a class="indexterm" name="id2604542"></a>
+        <a class="indexterm" name="id2604548"></a>
         Within the lifetime of the early Samba 2.x series, the machine SID information was
         relocated into a tdb file called <code class="filename">secrets.tdb</code>, which is where
 …
         local machine and its role within a domain security context.
         </p><p>
         <a class="indexterm" name="id2598510"></a>
         <a class="indexterm" name="id2598520"></a>
         <a class="indexterm" name="id2598529"></a>
         <a class="indexterm" name="id2598536"></a>
+        <a class="indexterm" name="id2604569"></a>
+        <a class="indexterm" name="id2604578"></a>
+        <a class="indexterm" name="id2604587"></a>
+        <a class="indexterm" name="id2604594"></a>
         There are two types of SID, those pertaining to the machine itself and the domain to
         which it may belong, and those pertaining to users and groups within the security
 …
         servers (DMS).
         </p><p>
         <a class="indexterm" name="id2598550"></a>
         <a class="indexterm" name="id2598557"></a>
         <a class="indexterm" name="id2598564"></a>
         <a class="indexterm" name="id2598570"></a>
         <a class="indexterm" name="id2598577"></a>
         <a class="indexterm" name="id2598584"></a>
+        <a class="indexterm" name="id2604608"></a>
+        <a class="indexterm" name="id2604615"></a>
+        <a class="indexterm" name="id2604622"></a>
+        <a class="indexterm" name="id2604629"></a>
+        <a class="indexterm" name="id2604636"></a>
+        <a class="indexterm" name="id2604642"></a>
         When the Samba <code class="literal">smbd</code> daemon is first started, if the <code class="filename">secrets.tdb</code>
         file does not exist, it is created at the first client connection attempt. If this file does
 …
         (hostname) and domain name (workgroup), it will be different.
         </p><p>
         <a class="indexterm" name="id2598634"></a>
+        <a class="indexterm" name="id2604692"></a>
         The SID is the key used by MS Windows networking for all networking operations. This means
         that when the machine or domain SID changes, all security-encoded objects such as profiles
         and ACLs may become unusable.
         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         It is of paramount importance that the machine and domain SID be backed up so that in
         the event of a change of hostname (machine name) or domain name (workgroup) the SID can
         be restored to its previous value.
         </p></div><p>
         <a class="indexterm" name="id2598655"></a>
         <a class="indexterm" name="id2598662"></a>
         <a class="indexterm" name="id2598668"></a>
         <a class="indexterm" name="id2598675"></a>
         <a class="indexterm" name="id2598682"></a>
         <a class="indexterm" name="id2598689"></a>
         <a class="indexterm" name="id2598696"></a>
         <a class="indexterm" name="id2598702"></a>
         <a class="indexterm" name="id2598709"></a>
         <a class="indexterm" name="id2598716"></a>
+        <a class="indexterm" name="id2604713"></a>
+        <a class="indexterm" name="id2604720"></a>
+        <a class="indexterm" name="id2604727"></a>
+        <a class="indexterm" name="id2604733"></a>
+        <a class="indexterm" name="id2604740"></a>
+        <a class="indexterm" name="id2604747"></a>
+        <a class="indexterm" name="id2604754"></a>
+        <a class="indexterm" name="id2604761"></a>
+        <a class="indexterm" name="id2604768"></a>
+        <a class="indexterm" name="id2604774"></a>
         In Samba-3 on a domain controller (PDC or BDC), the domain name controls the domain
         SID. On all prior versions the hostname (computer name, or NetBIOS name) controlled
         the SID. On a standalone server the hostname still controls the SID.
         </p><p>
         <a class="indexterm" name="id2598730"></a>
         <a class="indexterm" name="id2598739"></a>
+        <a class="indexterm" name="id2604788"></a>
+        <a class="indexterm" name="id2604797"></a>
         The local machine SID can be backed up using this procedure (Samba-3):
 </p><pre class="screen">
 …
         This is not a reversible process  it is a one-way upgrade.
         </p><p>
         <a class="indexterm" name="id2598827"></a>
+        <a class="indexterm" name="id2604886"></a>
         In the course of the Samba 2.0.x series the <code class="literal">smbpasswd</code> was modified to
         permit the domain SID to be captured to the <code class="filename">secrets.tdb</code> file by executing:
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id2598901"></a>
         <a class="indexterm" name="id2598908"></a>
+        <a class="indexterm" name="id2604959"></a>
+        <a class="indexterm" name="id2604966"></a>
         Domain security information, which includes the domain SID, can be obtained from Samba-2.2.x
         systems by executing:
 …
         case it is ever needed at a later date.
         </p><p>
         <a class="indexterm" name="id2598954"></a>
         <a class="indexterm" name="id2598961"></a>
         <a class="indexterm" name="id2598968"></a>
+        <a class="indexterm" name="id2605013"></a>
+        <a class="indexterm" name="id2605020"></a>
+        <a class="indexterm" name="id2605026"></a>
         Take note that the domain SID is used extensively in Samba. Where LDAP is used for the
         <em class="parameter"><code>passdb backend</code></em>, all user, group, and trust accounts are encoded
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id2599004"></a>
         <a class="indexterm" name="id2599011"></a>
         <a class="indexterm" name="id2599017"></a>
+        <a class="indexterm" name="id2605062"></a>
+        <a class="indexterm" name="id2605069"></a>
+        <a class="indexterm" name="id2605076"></a>
         When the domain SID has changed, roaming profiles cease to be functional. The recovery
         of roaming profiles necessitates resetting of the domain portion of the user SID
 …
         addressed to the creator of the RPM package. The Samba Team do their best to make
         available all the tools needed to manage a Samba-based Windows networking environment.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599055"></a>Change of hostname</h4></div></div></div><p>
         <a class="indexterm" name="id2599063"></a>
         <a class="indexterm" name="id2599072"></a>
+        </p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id2605113"></a>Change of hostname</h4></div></div></div><p>
+        <a class="indexterm" name="id2605121"></a>
+        <a class="indexterm" name="id2605130"></a>
         Samba uses two methods by which the primary NetBIOS machine name (also known as a computer
         name or the hostname) may be determined: If the <code class="filename">smb.conf</code> file contains a
 …
         SID to be generated. If this happens on a domain controller, it will also change the
         domain SID. These SIDs can be updated (restored) using the procedure outlined previously.
         </p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
+        </p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>
         Do NOT change the hostname or the <em class="parameter"><code>netbios name</code></em>. If this
         is changed, be sure to reset the machine SID to the original setting. Otherwise
         there may be serious interoperability and/or operational problems.
         </p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599120"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>
         <a class="indexterm" name="id2599129"></a>
+        </p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id2605179"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>
+        <a class="indexterm" name="id2605187"></a>
         The domain name of a Samba server is identical to the workgroup name and is
         set in the <code class="filename">smb.conf</code> file using the <em class="parameter"><code>workgroup</code></em> parameter.
         This has been consistent throughout the history of Samba and across all versions.
         </p><p>
         <a class="indexterm" name="id2599154"></a>
+        <a class="indexterm" name="id2605212"></a>
         Be aware that when the workgroup name is changed, a new SID will be generated.
         The old domain SID can be reset using the procedure outlined earlier in this chapter.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbeug1"></a>Location of config files</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Location of config files"><div class="titlepage"><div><div><h4 class="title"><a name="sbeug1"></a>Location of config files</h4></div></div></div><p>
         The Samba-Team has maintained a constant default location for all Samba control files
         throughout the life of the project. People who have produced binary packages of Samba
 …
         for network administrators.
         </p><p>
         <a class="indexterm" name="id2599185"></a>
+        <a class="indexterm" name="id2605243"></a>
         The Samba 1.9.x <code class="filename">smb.conf</code> file may be found either in the <code class="filename">/etc</code>
         directory or in <code class="filename">/usr/local/samba/lib</code>.
 …
         remains located also for Samba 3.0.x installations.
         </p><p>
         <a class="indexterm" name="id2599231"></a>
+        <a class="indexterm" name="id2605290"></a>
         Samba 2.x introduced the <code class="filename">secrets.tdb</code> file that is also stored in the
         <code class="filename">/etc/samba</code> directory, or in the <code class="filename">/usr/local/samba/lib</code>
         directory subsystem.
         </p><p>
         <a class="indexterm" name="id2599261"></a>
+        <a class="indexterm" name="id2605320"></a>
         The location at which <code class="literal">smbd</code> expects to find all configuration and control
         files is determined at the time of compilation of Samba. For versions of Samba prior to
 …
         <code class="filename">/usr/local/samba/sbin</code>.
         </p><p>
         <a class="indexterm" name="id2599319"></a>
+        <a class="indexterm" name="id2605378"></a>
         Samba-3 provides a neat new way to track the location of all control files as well as to
         find the compile-time options used as the Samba package was built. Here  is how the dark
 …
 </pre><p>
         </p><p>
         <a class="indexterm" name="id2599356"></a>
+        <a class="indexterm" name="id2605415"></a>
         It is important that both the <code class="filename">smb.conf</code> file and the <code class="filename">secrets.tdb</code>
         be backed up before attempting any upgrade. The <code class="filename">secrets.tdb</code> file
 …
         of Samba. A backup means that it is always possible to revert a failed or problematic
         upgrade.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599386"></a>International Language Support</h4></div></div></div><p>
         <a class="indexterm" name="id2599395"></a>
         <a class="indexterm" name="id2599401"></a>
         <a class="indexterm" name="id2599408"></a>
         <a class="indexterm" name="id2599415"></a>
+        </p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id2605445"></a>International Language Support</h4></div></div></div><p>
+        <a class="indexterm" name="id2605453"></a>
+        <a class="indexterm" name="id2605460"></a>
+        <a class="indexterm" name="id2605467"></a>
+        <a class="indexterm" name="id2605474"></a>
         Samba-2.x had no support for Unicode; instead, all national language character-set support in file names
         was done using particular locale codepage mapping techniques. Samba-3 supports Unicode in file names, thus
         providing true internationalization support.
         </p><p>
         <a class="indexterm" name="id2599430"></a>
+        <a class="indexterm" name="id2605488"></a>
         Non-English users whose national language character set has special characters and who upgrade naively will
         find that many files that have the special characters in the file name will see them garbled and jumbled up.
 …
         that was in use with Samba-2.x using an 8-bit encoding scheme.
         </p><p>
         <a class="indexterm" name="id2599447"></a>
+        <a class="indexterm" name="id2605505"></a>
         Files that are created with Samba-3 will use UTF-8 encoding. Should the file system ever end up with a
         mix of codepage (unix charset)-encoded file names and UTF-8-encoded file names, the mess will take some
         effort to set straight.
         </p><p>
         <a class="indexterm" name="id2599461"></a>
+        <a class="indexterm" name="id2605519"></a>
         A very helpful tool is available from Bjorn Jacke's <a class="ulink" href="http://j3e.de/linux/convmv/" target="_top">convmv</a>
         work. Convmv is a tool that can be used to convert file and directory names from one encoding method to
         another. The most common use for this tool is to convert locale-encoded files to UTF-8 Unicode encoding.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599480"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>
+        </p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id2605539"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>
         The smbldap-tools have been maturing rapidly over the past year. With maturation comes change.
         The location of the <code class="filename">smbldap.conf</code> and the <code class="filename">smbldap_bind.conf</code>
 …
         current release should note that the information stored under <code class="constant">NextFreeUnixId</code>
         must now be relocated to the DIT object <code class="constant">sambaDomainName</code>.
         </p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2599552"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>
+        </p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2605610"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>
 Sites that are being upgraded from Samba-2 (or earlier versions) to Samba-3
 may experience little difficulty or may require a lot of effort, depending
 …
 does not use LDAP, the other does. Samba-1.9.x did not provide LDAP support.
 Samba-2.x could be compiled with LDAP support.
 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbeug2"></a>Samba 1.9.x and 2.x Versions Without LDAP</h3></div></div></div><p>
+</p><div class="sect2" title="Samba 1.9.x and 2.x Versions Without LDAP"><div class="titlepage"><div><div><h3 class="title"><a name="sbeug2"></a>Samba 1.9.x and 2.x Versions Without LDAP</h3></div></div></div><p>
         Where it is necessary to upgrade an old Samba installation to Samba-3,
         the following procedure can be followed:
         </p><div class="procedure"><a name="id2599590"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol type="1"><li><p>
                 <a class="indexterm" name="id2599601"></a>
                 <a class="indexterm" name="id2599608"></a>
                 <a class="indexterm" name="id2599615"></a>
+        </p><div class="procedure" title="Procedure 8.1. Upgrading from a Pre-Samba-3 Version"><a name="id2605648"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
+                <a class="indexterm" name="id2605659"></a>
+                <a class="indexterm" name="id2605666"></a>
+                <a class="indexterm" name="id2605673"></a>
                 Stop Samba. This can be done using the appropriate system tool
                 that is particular for each operating system or by executing the
                 <code class="literal">kill</code> command on <code class="literal">smbd</code>,
                 <code class="literal">nmbd</code>, and <code class="literal">winbindd</code>.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 Find the location of the Samba <code class="filename">smb.conf</code> file and back it up to a
                 safe location.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Find the location of the <code class="filename">smbpasswd</code> file and
                 back it up to a safe location.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Find the location of the <code class="filename">secrets.tdb</code> file and
                 back it up to a safe location.
                 </p></li><li><p>
                 <a class="indexterm" name="id2599696"></a>
                 <a class="indexterm" name="id2599703"></a>
                 <a class="indexterm" name="id2599710"></a>
                 <a class="indexterm" name="id2599717"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id2605754"></a>
+                <a class="indexterm" name="id2605761"></a>
+                <a class="indexterm" name="id2605768"></a>
+                <a class="indexterm" name="id2605775"></a>
                 Find the location of the lock directory. This is the directory
                 in which Samba stores all its tdb control files. The default
 …
                 <code class="filename">/var/lib/samba</code> directory. Copy all the
                 tdb files to a safe location.
                 </p></li><li><p>
                 <a class="indexterm" name="id2599755"></a>
+                </p></li><li class="step" title="Step 6"><p>
+                <a class="indexterm" name="id2605814"></a>
                 It is now safe to upgrade the Samba installation. On Linux systems
                 it is not necessary to remove the Samba RPMs because a simple
 …
                 move it out of the way by renaming the directories that contain the
                 Samba binary files.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 7"><p>
                 When the Samba upgrade has been installed, the first step that should
                 be completed is to identify the new target locations for the control
                 files. Follow the steps shown in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">&#8220;Location of config files&#8221;</a> to locate
                 the correct directories to which each control file must be moved.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 8"><p>
                 Do not change the hostname.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 9"><p>
                 Do not change the workgroup name.
                 </p></li><li><p>
                 <a class="indexterm" name="id2599810"></a>
+                </p></li><li class="step" title="Step 10"><p>
+                <a class="indexterm" name="id2605869"></a>
                 Execute the <code class="literal">testparm</code> to validate the <code class="filename">smb.conf</code> file.
                 This process will flag any parameters that are no longer supported.
 …
 <code class="prompt">root# </code> testparm -s smb.conf.master &gt; smb.conf
 </pre><p>
         <a class="indexterm" name="id2599868"></a>
+        <a class="indexterm" name="id2605926"></a>
                 The resulting <code class="filename">smb.conf</code> file will be stripped of all comments
                 and of all nonconforming configuration settings.
                 </p></li><li><p>
                 <a class="indexterm" name="id2599889"></a>
+                </p></li><li class="step" title="Step 11"><p>
+                <a class="indexterm" name="id2605948"></a>
                 It is now safe to start Samba using the appropriate system tool.
                 Alternately, it is possible to just execute <code class="literal">nmbd</code>,
                 <code class="literal">smbd</code>, and <code class="literal">winbindd</code> for the command
                 line while logged in as the root user.
                 </p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2599920"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>
         <a class="indexterm" name="id2599929"></a>
         <a class="indexterm" name="id2599935"></a>
         <a class="indexterm" name="id2599942"></a>
+                </p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id2605979"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>
+        <a class="indexterm" name="id2605987"></a>
+        <a class="indexterm" name="id2605994"></a>
+        <a class="indexterm" name="id2606000"></a>
         Samba 2.x servers that were running as a domain controller (PDC)
         require changes to the configuration of the scripting interface
 …
         users, groups, and trust accounts (machines and interdomain).
         </p><p>
         <a class="indexterm" name="id2599956"></a>
+        <a class="indexterm" name="id2606015"></a>
         The following parameters are new to Samba-3 and should be correctly configured.
         Please refer to <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">&#8220;Secure Office Networking&#8221;</a> through <a class="link" href="2000users.html" title="Chapter 6. A Distributed 2000-User Network">&#8220;A Distributed 2000-User Network&#8221;</a>
         in this book for examples of use of the new parameters shown here:
         <a class="indexterm" name="id2599978"></a>
         <a class="indexterm" name="id2599984"></a>
         <a class="indexterm" name="id2599991"></a>
         <a class="indexterm" name="id2599998"></a>
         <a class="indexterm" name="id2600005"></a>
         <a class="indexterm" name="id2600012"></a>
         <a class="indexterm" name="id2600019"></a>
         </p><p>
         </p><table class="simplelist" border="0" summary="Simple list"><tr><td><p>add group script</p></td></tr><tr><td><p>add machine script</p></td></tr><tr><td><p>add user to group script</p></td></tr><tr><td><p>delete group script</p></td></tr><tr><td><p>delete user from group script</p></td></tr><tr><td><p>passdb backend</p></td></tr><tr><td><p>set primary group script</p></td></tr></table><p>
         </p><p>
         <a class="indexterm" name="id2600071"></a>
         <a class="indexterm" name="id2600078"></a>
+        <a class="indexterm" name="id2606036"></a>
+        <a class="indexterm" name="id2606043"></a>
+        <a class="indexterm" name="id2606050"></a>
+        <a class="indexterm" name="id2606057"></a>
+        <a class="indexterm" name="id2606064"></a>
+        <a class="indexterm" name="id2606071"></a>
+        <a class="indexterm" name="id2606078"></a>
+        </p><p>
+        </p><table border="0" summary="Simple list" class="simplelist"><tr><td><p>add group script</p></td></tr><tr><td><p>add machine script</p></td></tr><tr><td><p>add user to group script</p></td></tr><tr><td><p>delete group script</p></td></tr><tr><td><p>delete user from group script</p></td></tr><tr><td><p>passdb backend</p></td></tr><tr><td><p>set primary group script</p></td></tr></table><p>
+        </p><p>
+        <a class="indexterm" name="id2606130"></a>
+        <a class="indexterm" name="id2606137"></a>
         The <em class="parameter"><code>add machine script</code></em> functionality was previously
         handled by the <em class="parameter"><code>add user script</code></em>, which in Samba-3 is
         used exclusively to add user accounts.
         </p><p>
         <a class="indexterm" name="id2600103"></a>
         <a class="indexterm" name="id2600110"></a>
         <a class="indexterm" name="id2600116"></a>
         <a class="indexterm" name="id2600123"></a>
         <a class="indexterm" name="id2600130"></a>
         <a class="indexterm" name="id2600137"></a>
         <a class="indexterm" name="id2600144"></a>
         <a class="indexterm" name="id2600150"></a>
         <a class="indexterm" name="id2600157"></a>
+        <a class="indexterm" name="id2606161"></a>
+        <a class="indexterm" name="id2606168"></a>
+        <a class="indexterm" name="id2606175"></a>
+        <a class="indexterm" name="id2606182"></a>
+        <a class="indexterm" name="id2606188"></a>
+        <a class="indexterm" name="id2606195"></a>
+        <a class="indexterm" name="id2606202"></a>
+        <a class="indexterm" name="id2606209"></a>
+        <a class="indexterm" name="id2606216"></a>
         Where the <em class="parameter"><code>passdb backend</code></em> used is either <code class="constant">smbpasswd</code>
         (the default) or the new <code class="constant">tdbsam</code>, the system interface scripts
 …
         <code class="literal">groupmod</code>, <code class="literal">groupdel</code>, and so on.
         </p><p>
         <a class="indexterm" name="id2600218"></a>
         <a class="indexterm" name="id2600225"></a>
         <a class="indexterm" name="id2600231"></a>
+        <a class="indexterm" name="id2606276"></a>
+        <a class="indexterm" name="id2606283"></a>
+        <a class="indexterm" name="id2606290"></a>
         Where the <em class="parameter"><code>passdb backend</code></em> makes use of an LDAP directory,
         it is necessary either to use the <code class="constant">smbldap-tools</code> provided
         by Idealx or to use an alternate toolset provided by a third
         party or else home-crafted to manage the LDAP directory accounts.
         </p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600254"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>
+        </p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id2606312"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>
         Samba version 2.x could be compiled for use either with or without LDAP.
         The LDAP control settings in the <code class="filename">smb.conf</code> file in this old version are
 …
         of all files to the correct locations.
         </p><p>
         <a class="indexterm" name="id2600288"></a>
         <a class="indexterm" name="id2600295"></a>
+        <a class="indexterm" name="id2606347"></a>
+        <a class="indexterm" name="id2606353"></a>
         The Samba SAM schema required for Samba-3 is significantly different from that
         used with Samba 2.x. This means that the LDAP directory must be updated
 …
 the DN's with quotation marks.
 </pre><p>
         </p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2600436"></a>Updating a Samba-3 Installation</h2></div></div></div><p>
+        </p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606494"></a>Updating a Samba-3 Installation</h2></div></div></div><p>
 The key concern in this section is to deal with the changes that have been
 affected in Samba-3 between the Samba-3.0.0 release and the current update.
 …
 taken to update Samba-3 versions.
 </p><p>
 <a class="indexterm" name="id2600451"></a>
+<a class="indexterm" name="id2606510"></a>
 The information in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">&#8220;Location of config files&#8221;</a> would not be necessary if every
 person who has ever produced Samba executable (binary) files could agree on
 …
 Clearly, such agreement is further away than a pipedream.
 </p><p>
 <a class="indexterm" name="id2600477"></a>
+<a class="indexterm" name="id2606536"></a>
 Vendors and packagers who produce Samba binary installable packages do not,
 as a rule, use the default paths used by the Samba-Team for the location of
 …
 effect.
 </p><p>
 <a class="indexterm" name="id2600511"></a>
+<a class="indexterm" name="id2606569"></a>
 The best advice for those lacking in code compilation experience is to use
 only vendor (or Samba-Team) provided binary packages. The Samba packages
 …
 that are compatible with the original OS vendor's practices.
 </p><p>
 <a class="indexterm" name="id2600526"></a>
 <a class="indexterm" name="id2600533"></a>
+<a class="indexterm" name="id2606584"></a>
+<a class="indexterm" name="id2606591"></a>
 If you are not sure whether a binary package complies with the OS
 vendor's practices, it is better to ask the package maintainer via
 …
 Alternately, just diagnose the paths specified by the binary files following
 the procedure outlined above.
 </p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600546"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>
+</p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id2606604"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>
         The guidance in this section deals with updates to an existing
         Samba-3 server installation.
         </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600557"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>
+        </p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id2606616"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>
         With the provision that the binary Samba-3 package has been built
         with the same path and feature settings as the existing Samba-3
 …
         and without need to change either the <code class="filename">smb.conf</code> file or, where
         used, the LDAP schema.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600580"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>
         <a class="indexterm" name="id2600588"></a>
         <a class="indexterm" name="id2600595"></a>
+        </p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id2606638"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>
+        <a class="indexterm" name="id2606646"></a>
+        <a class="indexterm" name="id2606653"></a>
         When updating versions of Samba-3 prior to 3.0.6 to 3.0.6 through 3.0.10,
         it is necessary only to update the LDAP schema (where LDAP is used).
 …
         update.
         </p><p>
         <a class="indexterm" name="id2600611"></a>
         <a class="indexterm" name="id2600618"></a>
         <a class="indexterm" name="id2600625"></a>
+        <a class="indexterm" name="id2606670"></a>
+        <a class="indexterm" name="id2606676"></a>
+        <a class="indexterm" name="id2606683"></a>
         Samba-3.0.6 introduced the ability to remember the last <span class="emphasis"><em>n</em></span> number
         of passwords a user has used. This information will work only with
 …
         </p><p>
         After updating the LDAP schema, do not forget to re-index the LDAP database.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600658"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>
         <a class="indexterm" name="id2600667"></a>
+        </p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id2606717"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>
+        <a class="indexterm" name="id2606725"></a>
         Samba-3.0.8 introduced changes in how the <em class="parameter"><code>username map</code></em>
         behaves. It also included a change in behavior of <code class="literal">winbindd</code>.
 …
         from versions prior to 3.0.8 to a current version.
         </p><p>
         <a class="indexterm" name="id2600699"></a>
+        <a class="indexterm" name="id2606757"></a>
         In Samba-3.0.11 a new privileges interface was implemented. Please
         refer to <a class="link" href="happy.html#sbehap-ppc" title="Addition of Machines to the Domain">&#8220;Addition of Machines to the Domain&#8221;</a> for information regarding this new
 …
 back to searching the 'ldap suffix' in some cases.
 </pre><p>
         </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600749"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id2606808"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>
         The two most likely candidates for replacement of a server are
         domain member servers and domain controllers. Each needs to be
         handled slightly differently.
         </p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600761"></a>Replacing a Domain Member Server</h4></div></div></div><p>
         <a class="indexterm" name="id2600770"></a>
+        </p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id2606820"></a>Replacing a Domain Member Server</h4></div></div></div><p>
+        <a class="indexterm" name="id2606828"></a>
         Replacement of a domain member server should be done
         using the same procedure as outlined in <a class="link" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients">&#8220;Adding Domain Member Servers and Clients&#8221;</a>.
 …
         change its SID and will necessitate rejoining to the domain.
         </p><p>
         <a class="indexterm" name="id2600795"></a>
         <a class="indexterm" name="id2600802"></a>
         <a class="indexterm" name="id2600808"></a>
         <a class="indexterm" name="id2600815"></a>
         <a class="indexterm" name="id2600822"></a>
         <a class="indexterm" name="id2600829"></a>
+        <a class="indexterm" name="id2606854"></a>
+        <a class="indexterm" name="id2606860"></a>
+        <a class="indexterm" name="id2606867"></a>
+        <a class="indexterm" name="id2606874"></a>
+        <a class="indexterm" name="id2606880"></a>
+        <a class="indexterm" name="id2606887"></a>
         Following a change of hostname (NetBIOS name) it is a good idea on all servers
         to shut down the Samba <code class="literal">smbd</code>, <code class="literal">nmbd</code>, and
 …
         change, but can persist for a longer period of time.
         </p><p>
         <a class="indexterm" name="id2600876"></a>
         <a class="indexterm" name="id2600883"></a>
         <a class="indexterm" name="id2600890"></a>
         <a class="indexterm" name="id2600896"></a>
+        <a class="indexterm" name="id2606935"></a>
+        <a class="indexterm" name="id2606941"></a>
+        <a class="indexterm" name="id2606948"></a>
+        <a class="indexterm" name="id2606955"></a>
         If the old domain member server had local accounts, it is necessary to create
         on the new domain member server the same accounts with the same UID and GID
 …
         account entries to the new target server.
         </p><p>
         <a class="indexterm" name="id2600945"></a>
+        <a class="indexterm" name="id2607003"></a>
         Where the user accounts for both UNIX and Samba are stored in LDAP, the new
         target server must be configured to use the <code class="literal">nss_ldap</code> tool set.
         This will automatically ensure that the appropriate user entities are
         available on the new server.
         </p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600964"></a>Replacing a Domain Controller</h4></div></div></div><p>
         <a class="indexterm" name="id2600972"></a>
+        </p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id2607022"></a>Replacing a Domain Controller</h4></div></div></div><p>
+        <a class="indexterm" name="id2607030"></a>
         In the past, people who replaced a Windows NT4 domain controller typically
         installed a new server, created printers and file shares on it, then migrate across
 …
         the same name as the old one. In this case, simply follow the same process
         as for upgrading a Samba 2.x system and do the following:
         </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 Where UNIX (POSIX) user and group accounts are stored in the system
                 <code class="filename">/etc/passwd</code>, <code class="filename">/etc/shadow</code>, and
 …
                 the <code class="literal">nss_ldap</code> tool and the <code class="filename">/etc/nsswitch.conf</code>
                 (as shown in <a class="link" href="happy.html" title="Chapter 5. Making Happy Users">&#8220;Making Happy Users&#8221;</a>).
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Copy the <code class="filename">smb.conf</code> file from the old server to the new server into the correct
                 location as indicated previously in this chapter.
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Copy the <code class="filename">secrets.tdb</code> file, the <code class="filename">smbpasswd</code>
                 file (if it is used), the <code class="filename">/etc/samba/passdb.tdb</code> file (only
                 used by the <code class="constant">tdbsam</code> backend), and all the tdb control files
                 from the old system to the correct location on the new system.
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Before starting the Samba daemons, verify that the hostname of the new server
                 is identical to that of the old one. Note: The IP address can be different
                 from that of the old server.
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Copy all files from the old server to the new server, taking precaution to
                 preserve all file ownership and permissions as well as any POSIX ACLs that
 …
         should correctly pick up the original SID and preserve all other settings. It is
         sound advice to validate this before turning the system over to users.
         </p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2601164"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>
+        </p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id2607222"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>
         Yes, it works. The Windows ADMT tool can be used to migrate Samba accounts
         to MS Active Directory.  There are a few pitfalls to be aware of:
         </p><div class="procedure"><a name="id2601176"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol type="1"><li><p>
+        </p><div class="procedure" title="Procedure 8.2. Migration to Active Directory"><a name="id2607234"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>
                 Administrator password must be THE SAME on the Samba server,
                 the 2003 ADS, and the local Administrator account on the workstations.
 …
                 called <code class="constant">Administrator</code> in your Samba domain, with
                 full administrative (root) rights to that domain.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 2"><p>
                 In the Advanced/DNS section of the TCP/IP settings on your Windows
                 workstations, make sure the <em class="parameter"><code>DNS suffix for this
                 connection</code></em> field is blank.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 3"><p>
                 Because you are migrating from Samba, user passwords cannot be
                 migrated. You'll have to reset everyone's passwords. (If you were
 …
                 To date this has not been attempted with roaming profile support;
                 it has been documented as working with local profiles.
                 </p></li><li><p>
+                </p></li><li class="step" title="Step 4"><p>
                 Disable the Windows Firewall on all workstations. Otherwise,
                 workstations won't be migrated to the new domain.
                 </p></li><li><p>
                 <a class="indexterm" name="id2601242"></a>
+                </p></li><li class="step" title="Step 5"><p>
+                <a class="indexterm" name="id2607301"></a>
                 When migrating machines, always test first (using ADMT's test mode)
                 and satisfy all errors before committing the migration. Note that the
 …
                 a test.
                 </p></li></ol></div><p>
         <a class="indexterm" name="id2601260"></a>
+        <a class="indexterm" name="id2607318"></a>
         There are some significant benefits of using the ADMT, besides just
         migrating user accounts. ADMT can be found on the Windows 2003 CD.
         </p><div class="itemizedlist"><ul type="disc"><li><p>
+        </p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>
                 You can migrate workstations remotely. You can specify that SIDs
                 be simply added instead of replaced, giving you the option of joining a
                 workstation back to the old domain if something goes awry. The
                 workstations will be joined to the new domain.
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Not only are user accounts migrated from the old domain to the new
                 domain, but ACLs on the workstations are migrated as well. Like SIDs,
                 ACLs can be added instead of replaced.
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 Locally stored user profiles on workstations are migrated as well,
                 presenting almost no disruption to the user. Saved passwords will be
                 lost, just as when you administratively reset the password in Windows ADS.
                 </p></li><li><p>
+                </p></li><li class="listitem"><p>
                 The ADMT lets you test all operations before actually performing the
                 migration. Accounts and workstations can be migrated individually or in

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 368 for branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/upgrades.html

Legend:

branches/samba-3.3.x/docs/htmldocs/Samba3-ByExample/upgrades.html

Download in other formats: