- Timestamp:
- Nov 12, 2012, 7:37:04 PM (13 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.5.x/docs/htmldocs/Samba3-ByExample/upgrades.html
r599 r739 1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 8. Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id36 6117">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366200">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id367413">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367754">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368069">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id368184">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id368281">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368465">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id368842">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>2 <a class="indexterm" name="id36 6043"></a>3 <a class="indexterm" name="id36 6050"></a>1 <html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 8. Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part II. Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter 9. Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter 8. Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a> </td><th width="60%" align="center">Part II. Domain Members, Updating Samba and Migration</th><td width="20%" align="right"> <a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter 8. Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter 8. Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id364642">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id364726">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id365940">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366282">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366596">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id366712">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id366809">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id366993">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id367371">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p> 2 <a class="indexterm" name="id364568"></a> 3 <a class="indexterm" name="id364575"></a> 4 4 It was a little difficult to select an appropriate title for this chapter. 5 5 From email messages on the Samba mailing lists it is clear that many people … … 8 8 installing a new Samba server to replace an older existing Samba server. 9 9 </p><p> 10 <a class="indexterm" name="id36 6063"></a>11 <a class="indexterm" name="id36 6070"></a>10 <a class="indexterm" name="id364588"></a> 11 <a class="indexterm" name="id364595"></a> 12 12 There has also been much talk about migration of Samba-3 from an smbpasswd 13 13 passdb backend to the use of the tdbsam or ldapsam facilities that are new … … 18 18 highlighted by an email posting that included the following neat remark: 19 19 </p><div class="blockquote"><blockquote class="blockquote"><p> 20 <a class="indexterm" name="id36 6088"></a>20 <a class="indexterm" name="id364613"></a> 21 21 I like the <span class="quote">“<span class="quote">net rpc vampire</span>”</span> on NT4, but that to my surprise does 22 22 not seem to work against a Samba PDC and, if addressed in the Samba to Samba 23 23 context in either book, I could not find it. 24 24 </p></blockquote></div><p> 25 <a class="indexterm" name="id36 6107"></a>25 <a class="indexterm" name="id364633"></a> 26 26 So in response to the significant request for these situations to be better 27 27 documented, this chapter has now been added. User contributions and documentation 28 28 of real-world experiences are a most welcome addition to this chapter. 29 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id36 6117"></a>Introduction</h2></div></div></div><p>30 <a class="indexterm" name="id36 6125"></a>31 <a class="indexterm" name="id36 6131"></a>32 <a class="indexterm" name="id36 6138"></a>29 </p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id364642"></a>Introduction</h2></div></div></div><p> 30 <a class="indexterm" name="id364650"></a> 31 <a class="indexterm" name="id364657"></a> 32 <a class="indexterm" name="id364664"></a> 33 33 A Windows network administrator explained in an email what changes he was 34 34 planning to make and followed with the question: <span class="quote">“<span class="quote">Anyone done this … … 45 45 productivity on them. 46 46 </p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p> 47 <a class="indexterm" name="id36 6163"></a>48 <a class="indexterm" name="id36 6170"></a>47 <a class="indexterm" name="id364688"></a> 48 <a class="indexterm" name="id364695"></a> 49 49 Samba makes it possible to upgrade and update configuration files, but it 50 50 is not possible to downgrade the configuration files. Please ensure that … … 52 52 in the rare event that this may be necessary. 53 53 </p></div><p> 54 <a class="indexterm" name="id36 6182"></a>55 <a class="indexterm" name="id36 6189"></a>54 <a class="indexterm" name="id364708"></a> 55 <a class="indexterm" name="id364714"></a> 56 56 It is prudent also to backup all data files on the server before attempting 57 57 to perform a major upgrade. Many administrators have experienced the consequences … … 60 60 the precautions taken were inadequate. If a backup was not needed, but was available, 61 61 caution was on the side of the victor. 62 </p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id36 6200"></a>Cautions and Notes</h3></div></div></div><p>62 </p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id364726"></a>Cautions and Notes</h3></div></div></div><p> 63 63 Someone once said, <span class="quote">“<span class="quote">It is good to be sorry, but better never to need to be!</span>”</span> 64 64 These are wise words of advice to those contemplating a Samba upgrade or update. 65 65 </p><p> 66 <a class="indexterm" name="id36 6216"></a>67 <a class="indexterm" name="id36 6223"></a>68 <a class="indexterm" name="id36 6230"></a>66 <a class="indexterm" name="id364742"></a> 67 <a class="indexterm" name="id364749"></a> 68 <a class="indexterm" name="id364755"></a> 69 69 This is as good a time as any to define the terms <code class="constant">upgrade</code> and 70 70 <code class="constant">update</code>. The term <code class="constant">upgrade</code> refers to … … 74 74 is in development. 75 75 </p><p> 76 <a class="indexterm" name="id36 6254"></a>76 <a class="indexterm" name="id364779"></a> 77 77 The term <code class="constant">update</code> refers to a minor version number installation 78 78 in place of one of the same generation. For example, updating from Samba 3.0.10 to 3.0.14 79 79 is an update. The move from Samba 2.0.7 to 3.0.14 is an upgrade. 80 80 </p><p> 81 <a class="indexterm" name="id36 6269"></a>81 <a class="indexterm" name="id364795"></a> 82 82 While the use of these terms is an exercise in semantics, what needs to be realized 83 83 is that there are major functional differences between a Samba 2.x release and a Samba … … 91 91 noone can read it!</span>”</span> While true, some documentation is an evil necessity. 92 92 It is hoped that this update to the documentation will avoid both extremes. 93 </p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id36 6291"></a>Security Identifiers (SIDs)</h4></div></div></div><p>94 <a class="indexterm" name="id36 6298"></a>95 <a class="indexterm" name="id36 6308"></a>96 <a class="indexterm" name="id36 6315"></a>97 <a class="indexterm" name="id36 6322"></a>98 <a class="indexterm" name="id36 6328"></a>99 <a class="indexterm" name="id36 6337"></a>93 </p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id364816"></a>Security Identifiers (SIDs)</h4></div></div></div><p> 94 <a class="indexterm" name="id364824"></a> 95 <a class="indexterm" name="id364833"></a> 96 <a class="indexterm" name="id364840"></a> 97 <a class="indexterm" name="id364847"></a> 98 <a class="indexterm" name="id364854"></a> 99 <a class="indexterm" name="id364863"></a> 100 100 Before the days of Windows NT and OS/2, every Windows and DOS networking client 101 101 that used the SMB protocols was an entirely autonomous entity. There was no concept … … 105 105 Windows NT 3.10. 106 106 </p><p> 107 <a class="indexterm" name="id36 6353"></a>108 <a class="indexterm" name="id36 6360"></a>109 <a class="indexterm" name="id36 6367"></a>110 <a class="indexterm" name="id36 6374"></a>111 <a class="indexterm" name="id36 6380"></a>112 <a class="indexterm" name="id36 6387"></a>107 <a class="indexterm" name="id364879"></a> 108 <a class="indexterm" name="id364886"></a> 109 <a class="indexterm" name="id364893"></a> 110 <a class="indexterm" name="id364900"></a> 111 <a class="indexterm" name="id364906"></a> 112 <a class="indexterm" name="id364913"></a> 113 113 Versions of Samba prior to 1.9 did not make use of a SID. Instead they make exclusive use 114 114 of the username that is embedded in the SessionSetUpAndX component of the connection 115 115 setup process between a Windows client and an SMB/CIFS server. 116 116 </p><p> 117 <a class="indexterm" name="id36 6402"></a>118 <a class="indexterm" name="id36 6409"></a>119 <a class="indexterm" name="id36 6415"></a>117 <a class="indexterm" name="id364927"></a> 118 <a class="indexterm" name="id364934"></a> 119 <a class="indexterm" name="id364941"></a> 120 120 Around November 1997 support was added to Samba-1.9 to handle the Windows security 121 121 RPC-based protocols that implemented support for Samba to store a machine SID. This 122 122 information was stored in a file called <code class="filename">MACHINE.SID.</code> 123 123 </p><p> 124 <a class="indexterm" name="id36 6433"></a>125 <a class="indexterm" name="id36 6440"></a>126 <a class="indexterm" name="id36 6446"></a>124 <a class="indexterm" name="id364958"></a> 125 <a class="indexterm" name="id364965"></a> 126 <a class="indexterm" name="id364972"></a> 127 127 Within the lifetime of the early Samba 2.x series, the machine SID information was 128 128 relocated into a tdb file called <code class="filename">secrets.tdb</code>, which is where … … 130 130 local machine and its role within a domain security context. 131 131 </p><p> 132 <a class="indexterm" name="id36 6464"></a>133 <a class="indexterm" name="id36 6474"></a>134 <a class="indexterm" name="id36 6483"></a>135 <a class="indexterm" name="id36 6489"></a>132 <a class="indexterm" name="id364990"></a> 133 <a class="indexterm" name="id364999"></a> 134 <a class="indexterm" name="id365008"></a> 135 <a class="indexterm" name="id365015"></a> 136 136 There are two types of SID, those pertaining to the machine itself and the domain to 137 137 which it may belong, and those pertaining to users and groups within the security … … 139 139 servers (DMS). 140 140 </p><p> 141 <a class="indexterm" name="id36 6501"></a>142 <a class="indexterm" name="id36 6508"></a>143 <a class="indexterm" name="id36 6515"></a>144 <a class="indexterm" name="id36 6522"></a>145 <a class="indexterm" name="id36 6529"></a>146 <a class="indexterm" name="id36 6535"></a>141 <a class="indexterm" name="id365027"></a> 142 <a class="indexterm" name="id365034"></a> 143 <a class="indexterm" name="id365041"></a> 144 <a class="indexterm" name="id365048"></a> 145 <a class="indexterm" name="id365055"></a> 146 <a class="indexterm" name="id365061"></a> 147 147 When the Samba <code class="literal">smbd</code> daemon is first started, if the <code class="filename">secrets.tdb</code> 148 148 file does not exist, it is created at the first client connection attempt. If this file does … … 154 154 (hostname) and domain name (workgroup), it will be different. 155 155 </p><p> 156 <a class="indexterm" name="id36 6580"></a>156 <a class="indexterm" name="id365106"></a> 157 157 The SID is the key used by MS Windows networking for all networking operations. This means 158 158 that when the machine or domain SID changes, all security-encoded objects such as profiles … … 163 163 be restored to its previous value. 164 164 </p></div><p> 165 <a class="indexterm" name="id36 6598"></a>166 <a class="indexterm" name="id36 6604"></a>167 <a class="indexterm" name="id36 6611"></a>168 <a class="indexterm" name="id36 6617"></a>169 <a class="indexterm" name="id36 6624"></a>170 <a class="indexterm" name="id36 6631"></a>171 <a class="indexterm" name="id36 6638"></a>172 <a class="indexterm" name="id36 6645"></a>173 <a class="indexterm" name="id36 6651"></a>174 <a class="indexterm" name="id36 6658"></a>165 <a class="indexterm" name="id365124"></a> 166 <a class="indexterm" name="id365131"></a> 167 <a class="indexterm" name="id365137"></a> 168 <a class="indexterm" name="id365144"></a> 169 <a class="indexterm" name="id365151"></a> 170 <a class="indexterm" name="id365157"></a> 171 <a class="indexterm" name="id365164"></a> 172 <a class="indexterm" name="id365171"></a> 173 <a class="indexterm" name="id365178"></a> 174 <a class="indexterm" name="id365184"></a> 175 175 In Samba-3 on a domain controller (PDC or BDC), the domain name controls the domain 176 176 SID. On all prior versions the hostname (computer name, or NetBIOS name) controlled 177 177 the SID. On a standalone server the hostname still controls the SID. 178 178 </p><p> 179 <a class="indexterm" name="id36 6670"></a>180 <a class="indexterm" name="id36 6679"></a>179 <a class="indexterm" name="id365196"></a> 180 <a class="indexterm" name="id365205"></a> 181 181 The local machine SID can be backed up using this procedure (Samba-3): 182 182 </p><pre class="screen"> … … 201 201 This is not a reversible process it is a one-way upgrade. 202 202 </p><p> 203 <a class="indexterm" name="id36 6761"></a>203 <a class="indexterm" name="id365287"></a> 204 204 In the course of the Samba 2.0.x series the <code class="literal">smbpasswd</code> was modified to 205 205 permit the domain SID to be captured to the <code class="filename">secrets.tdb</code> file by executing: … … 218 218 </pre><p> 219 219 </p><p> 220 <a class="indexterm" name="id36 6829"></a>221 <a class="indexterm" name="id36 6835"></a>220 <a class="indexterm" name="id365355"></a> 221 <a class="indexterm" name="id365362"></a> 222 222 Domain security information, which includes the domain SID, can be obtained from Samba-2.2.x 223 223 systems by executing: … … 238 238 case it is ever needed at a later date. 239 239 </p><p> 240 <a class="indexterm" name="id36 6877"></a>241 <a class="indexterm" name="id36 6884"></a>242 <a class="indexterm" name="id36 6891"></a>240 <a class="indexterm" name="id365404"></a> 241 <a class="indexterm" name="id365410"></a> 242 <a class="indexterm" name="id365417"></a> 243 243 Take note that the domain SID is used extensively in Samba. Where LDAP is used for the 244 244 <em class="parameter"><code>passdb backend</code></em>, all user, group, and trust accounts are encoded … … 251 251 </pre><p> 252 252 </p><p> 253 <a class="indexterm" name="id36 6922"></a>254 <a class="indexterm" name="id36 6929"></a>255 <a class="indexterm" name="id36 6936"></a>253 <a class="indexterm" name="id365449"></a> 254 <a class="indexterm" name="id365455"></a> 255 <a class="indexterm" name="id365462"></a> 256 256 When the domain SID has changed, roaming profiles cease to be functional. The recovery 257 257 of roaming profiles necessitates resetting of the domain portion of the user SID … … 262 262 addressed to the creator of the RPM package. The Samba Team do their best to make 263 263 available all the tools needed to manage a Samba-based Windows networking environment. 264 </p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id36 6964"></a>Change of hostname</h4></div></div></div><p>265 <a class="indexterm" name="id36 6972"></a>266 <a class="indexterm" name="id36 6981"></a>264 </p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id365491"></a>Change of hostname</h4></div></div></div><p> 265 <a class="indexterm" name="id365499"></a> 266 <a class="indexterm" name="id365508"></a> 267 267 Samba uses two methods by which the primary NetBIOS machine name (also known as a computer 268 268 name or the hostname) may be determined: If the <code class="filename">smb.conf</code> file contains a … … 278 278 is changed, be sure to reset the machine SID to the original setting. Otherwise 279 279 there may be serious interoperability and/or operational problems. 280 </p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id36 7023"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>281 <a class="indexterm" name="id36 7030"></a>280 </p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id365549"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p> 281 <a class="indexterm" name="id365557"></a> 282 282 The domain name of a Samba server is identical to the workgroup name and is 283 283 set in the <code class="filename">smb.conf</code> file using the <em class="parameter"><code>workgroup</code></em> parameter. 284 284 This has been consistent throughout the history of Samba and across all versions. 285 285 </p><p> 286 <a class="indexterm" name="id36 7054"></a>286 <a class="indexterm" name="id365580"></a> 287 287 Be aware that when the workgroup name is changed, a new SID will be generated. 288 288 The old domain SID can be reset using the procedure outlined earlier in this chapter. … … 293 293 for network administrators. 294 294 </p><p> 295 <a class="indexterm" name="id36 7081"></a>295 <a class="indexterm" name="id365608"></a> 296 296 The Samba 1.9.x <code class="filename">smb.conf</code> file may be found either in the <code class="filename">/etc</code> 297 297 directory or in <code class="filename">/usr/local/samba/lib</code>. … … 301 301 remains located also for Samba 3.0.x installations. 302 302 </p><p> 303 <a class="indexterm" name="id36 7126"></a>303 <a class="indexterm" name="id365653"></a> 304 304 Samba 2.x introduced the <code class="filename">secrets.tdb</code> file that is also stored in the 305 305 <code class="filename">/etc/samba</code> directory, or in the <code class="filename">/usr/local/samba/lib</code> 306 306 directory subsystem. 307 307 </p><p> 308 <a class="indexterm" name="id36 7154"></a>308 <a class="indexterm" name="id365681"></a> 309 309 The location at which <code class="literal">smbd</code> expects to find all configuration and control 310 310 files is determined at the time of compilation of Samba. For versions of Samba prior to … … 318 318 <code class="filename">/usr/local/samba/sbin</code>. 319 319 </p><p> 320 <a class="indexterm" name="id36 7209"></a>320 <a class="indexterm" name="id365736"></a> 321 321 Samba-3 provides a neat new way to track the location of all control files as well as to 322 322 find the compile-time options used as the Samba package was built. Here is how the dark … … 349 349 </pre><p> 350 350 </p><p> 351 <a class="indexterm" name="id36 7238"></a>351 <a class="indexterm" name="id365765"></a> 352 352 It is important that both the <code class="filename">smb.conf</code> file and the <code class="filename">secrets.tdb</code> 353 353 be backed up before attempting any upgrade. The <code class="filename">secrets.tdb</code> file … … 355 355 of Samba. A backup means that it is always possible to revert a failed or problematic 356 356 upgrade. 357 </p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id36 7266"></a>International Language Support</h4></div></div></div><p>358 <a class="indexterm" name="id36 7273"></a>359 <a class="indexterm" name="id36 7280"></a>360 <a class="indexterm" name="id36 7287"></a>361 <a class="indexterm" name="id36 7294"></a>357 </p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id365792"></a>International Language Support</h4></div></div></div><p> 358 <a class="indexterm" name="id365800"></a> 359 <a class="indexterm" name="id365807"></a> 360 <a class="indexterm" name="id365814"></a> 361 <a class="indexterm" name="id365821"></a> 362 362 Samba-2.x had no support for Unicode; instead, all national language character-set support in file names 363 363 was done using particular locale codepage mapping techniques. Samba-3 supports Unicode in file names, thus 364 364 providing true internationalization support. 365 365 </p><p> 366 <a class="indexterm" name="id36 7306"></a>366 <a class="indexterm" name="id365833"></a> 367 367 Non-English users whose national language character set has special characters and who upgrade naively will 368 368 find that many files that have the special characters in the file name will see them garbled and jumbled up. … … 370 370 that was in use with Samba-2.x using an 8-bit encoding scheme. 371 371 </p><p> 372 <a class="indexterm" name="id36 7320"></a>372 <a class="indexterm" name="id365846"></a> 373 373 Files that are created with Samba-3 will use UTF-8 encoding. Should the file system ever end up with a 374 374 mix of codepage (unix charset)-encoded file names and UTF-8-encoded file names, the mess will take some 375 375 effort to set straight. 376 376 </p><p> 377 <a class="indexterm" name="id36 7332"></a>377 <a class="indexterm" name="id365859"></a> 378 378 A very helpful tool is available from Bjorn Jacke's <a class="ulink" href="http://j3e.de/linux/convmv/" target="_top">convmv</a> 379 379 work. Convmv is a tool that can be used to convert file and directory names from one encoding method to 380 380 another. The most common use for this tool is to convert locale-encoded files to UTF-8 Unicode encoding. 381 </p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id36 7349"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>381 </p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id365876"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p> 382 382 The smbldap-tools have been maturing rapidly over the past year. With maturation comes change. 383 383 The location of the <code class="filename">smbldap.conf</code> and the <code class="filename">smbldap_bind.conf</code> … … 393 393 current release should note that the information stored under <code class="constant">NextFreeUnixId</code> 394 394 must now be relocated to the DIT object <code class="constant">sambaDomainName</code>. 395 </p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id36 7413"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>395 </p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id365940"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p> 396 396 Sites that are being upgraded from Samba-2 (or earlier versions) to Samba-3 397 397 may experience little difficulty or may require a lot of effort, depending … … 406 406 Where it is necessary to upgrade an old Samba installation to Samba-3, 407 407 the following procedure can be followed: 408 </p><div class="procedure" title="Procedure 8.1. Upgrading from a Pre-Samba-3 Version"><a name="id36 7444"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>409 <a class="indexterm" name="id36 7455"></a>410 <a class="indexterm" name="id36 7462"></a>411 <a class="indexterm" name="id36 7468"></a>408 </p><div class="procedure" title="Procedure 8.1. Upgrading from a Pre-Samba-3 Version"><a name="id365971"></a><p class="title"><b>Procedure 8.1. Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 409 <a class="indexterm" name="id365982"></a> 410 <a class="indexterm" name="id365988"></a> 411 <a class="indexterm" name="id365995"></a> 412 412 Stop Samba. This can be done using the appropriate system tool 413 413 that is particular for each operating system or by executing the … … 424 424 back it up to a safe location. 425 425 </p></li><li class="step" title="Step 5"><p> 426 <a class="indexterm" name="id36 7546"></a>427 <a class="indexterm" name="id36 7553"></a>428 <a class="indexterm" name="id36 7560"></a>429 <a class="indexterm" name="id36 7567"></a>426 <a class="indexterm" name="id366073"></a> 427 <a class="indexterm" name="id366080"></a> 428 <a class="indexterm" name="id366087"></a> 429 <a class="indexterm" name="id366094"></a> 430 430 Find the location of the lock directory. This is the directory 431 431 in which Samba stores all its tdb control files. The default … … 438 438 tdb files to a safe location. 439 439 </p></li><li class="step" title="Step 6"><p> 440 <a class="indexterm" name="id36 7601"></a>440 <a class="indexterm" name="id366128"></a> 441 441 It is now safe to upgrade the Samba installation. On Linux systems 442 442 it is not necessary to remove the Samba RPMs because a simple … … 457 457 Do not change the workgroup name. 458 458 </p></li><li class="step" title="Step 10"><p> 459 <a class="indexterm" name="id36 7650"></a>459 <a class="indexterm" name="id366178"></a> 460 460 Execute the <code class="literal">testparm</code> to validate the <code class="filename">smb.conf</code> file. 461 461 This process will flag any parameters that are no longer supported. … … 469 469 <code class="prompt">root# </code> testparm -s smb.conf.master > smb.conf 470 470 </pre><p> 471 <a class="indexterm" name="id36 7704"></a>471 <a class="indexterm" name="id366232"></a> 472 472 The resulting <code class="filename">smb.conf</code> file will be stripped of all comments 473 473 and of all nonconforming configuration settings. 474 474 </p></li><li class="step" title="Step 11"><p> 475 <a class="indexterm" name="id36 7725"></a>475 <a class="indexterm" name="id366252"></a> 476 476 It is now safe to start Samba using the appropriate system tool. 477 477 Alternately, it is possible to just execute <code class="literal">nmbd</code>, 478 478 <code class="literal">smbd</code>, and <code class="literal">winbindd</code> for the command 479 479 line while logged in as the root user. 480 </p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id36 7754"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>481 <a class="indexterm" name="id36 7762"></a>482 <a class="indexterm" name="id36 7769"></a>483 <a class="indexterm" name="id36 7776"></a>480 </p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id366282"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p> 481 <a class="indexterm" name="id366290"></a> 482 <a class="indexterm" name="id366296"></a> 483 <a class="indexterm" name="id366303"></a> 484 484 Samba 2.x servers that were running as a domain controller (PDC) 485 485 require changes to the configuration of the scripting interface … … 487 487 users, groups, and trust accounts (machines and interdomain). 488 488 </p><p> 489 <a class="indexterm" name="id36 7788"></a>489 <a class="indexterm" name="id366315"></a> 490 490 The following parameters are new to Samba-3 and should be correctly configured. 491 491 Please refer to <a class="link" href="secure.html" title="Chapter 3. Secure Office Networking">“Secure Office Networking”</a> through <a class="link" href="net2000users.html" title="Chapter 6. A Distributed 2000-User Network">“A Distributed 2000-User Network”</a> 492 492 in this book for examples of use of the new parameters shown here: 493 <a class="indexterm" name="id36 7807"></a>494 <a class="indexterm" name="id36 7814"></a>495 <a class="indexterm" name="id36 7821"></a>496 <a class="indexterm" name="id36 7828"></a>497 <a class="indexterm" name="id36 7834"></a>498 <a class="indexterm" name="id36 7841"></a>499 <a class="indexterm" name="id36 7848"></a>493 <a class="indexterm" name="id366335"></a> 494 <a class="indexterm" name="id366341"></a> 495 <a class="indexterm" name="id366348"></a> 496 <a class="indexterm" name="id366355"></a> 497 <a class="indexterm" name="id366362"></a> 498 <a class="indexterm" name="id366369"></a> 499 <a class="indexterm" name="id366376"></a> 500 500 </p><p> 501 501 </p><table border="0" summary="Simple list" class="simplelist"><tr><td>add group script</td></tr><tr><td>add machine script</td></tr><tr><td>add user to group script</td></tr><tr><td>delete group script</td></tr><tr><td>delete user from group script</td></tr><tr><td>passdb backend</td></tr><tr><td>set primary group script</td></tr></table><p> 502 502 </p><p> 503 <a class="indexterm" name="id36 7892"></a>504 <a class="indexterm" name="id36 7898"></a>503 <a class="indexterm" name="id366419"></a> 504 <a class="indexterm" name="id366426"></a> 505 505 The <em class="parameter"><code>add machine script</code></em> functionality was previously 506 506 handled by the <em class="parameter"><code>add user script</code></em>, which in Samba-3 is 507 507 used exclusively to add user accounts. 508 508 </p><p> 509 <a class="indexterm" name="id36 7921"></a>510 <a class="indexterm" name="id36 7928"></a>511 <a class="indexterm" name="id36 7935"></a>512 <a class="indexterm" name="id36 7942"></a>513 <a class="indexterm" name="id36 7948"></a>514 <a class="indexterm" name="id36 7955"></a>515 <a class="indexterm" name="id36 7962"></a>516 <a class="indexterm" name="id36 7969"></a>517 <a class="indexterm" name="id36 7976"></a>509 <a class="indexterm" name="id366449"></a> 510 <a class="indexterm" name="id366456"></a> 511 <a class="indexterm" name="id366462"></a> 512 <a class="indexterm" name="id366469"></a> 513 <a class="indexterm" name="id366476"></a> 514 <a class="indexterm" name="id366483"></a> 515 <a class="indexterm" name="id366490"></a> 516 <a class="indexterm" name="id366496"></a> 517 <a class="indexterm" name="id366503"></a> 518 518 Where the <em class="parameter"><code>passdb backend</code></em> used is either <code class="constant">smbpasswd</code> 519 519 (the default) or the new <code class="constant">tdbsam</code>, the system interface scripts … … 522 522 <code class="literal">groupmod</code>, <code class="literal">groupdel</code>, and so on. 523 523 </p><p> 524 <a class="indexterm" name="id36 8035"></a>525 <a class="indexterm" name="id36 8042"></a>526 <a class="indexterm" name="id36 8048"></a>524 <a class="indexterm" name="id366562"></a> 525 <a class="indexterm" name="id366569"></a> 526 <a class="indexterm" name="id366576"></a> 527 527 Where the <em class="parameter"><code>passdb backend</code></em> makes use of an LDAP directory, 528 528 it is necessary either to use the <code class="constant">smbldap-tools</code> provided 529 529 by Idealx or to use an alternate toolset provided by a third 530 530 party or else home-crafted to manage the LDAP directory accounts. 531 </p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id36 8069"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>531 </p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id366596"></a>Samba-2.x with LDAP Support</h3></div></div></div><p> 532 532 Samba version 2.x could be compiled for use either with or without LDAP. 533 533 The LDAP control settings in the <code class="filename">smb.conf</code> file in this old version are … … 539 539 of all files to the correct locations. 540 540 </p><p> 541 <a class="indexterm" name="id36 8099"></a>542 <a class="indexterm" name="id36 8106"></a>541 <a class="indexterm" name="id366627"></a> 542 <a class="indexterm" name="id366634"></a> 543 543 The Samba SAM schema required for Samba-3 is significantly different from that 544 544 used with Samba 2.x. This means that the LDAP directory must be updated … … 695 695 the DN's with quotation marks. 696 696 </pre><p> 697 </p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id36 8184"></a>Updating a Samba-3 Installation</h2></div></div></div><p>697 </p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id366712"></a>Updating a Samba-3 Installation</h2></div></div></div><p> 698 698 The key concern in this section is to deal with the changes that have been 699 699 affected in Samba-3 between the Samba-3.0.0 release and the current update. … … 701 701 taken to update Samba-3 versions. 702 702 </p><p> 703 <a class="indexterm" name="id36 8197"></a>703 <a class="indexterm" name="id366725"></a> 704 704 The information in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">“Location of config files”</a> would not be necessary if every 705 705 person who has ever produced Samba executable (binary) files could agree on … … 707 707 Clearly, such agreement is further away than a pipedream. 708 708 </p><p> 709 <a class="indexterm" name="id36 8220"></a>709 <a class="indexterm" name="id366748"></a> 710 710 Vendors and packagers who produce Samba binary installable packages do not, 711 711 as a rule, use the default paths used by the Samba-Team for the location of … … 720 720 effect. 721 721 </p><p> 722 <a class="indexterm" name="id36 8248"></a>722 <a class="indexterm" name="id366776"></a> 723 723 The best advice for those lacking in code compilation experience is to use 724 724 only vendor (or Samba-Team) provided binary packages. The Samba packages … … 726 726 that are compatible with the original OS vendor's practices. 727 727 </p><p> 728 <a class="indexterm" name="id36 8261"></a>729 <a class="indexterm" name="id36 8268"></a>728 <a class="indexterm" name="id366789"></a> 729 <a class="indexterm" name="id366796"></a> 730 730 If you are not sure whether a binary package complies with the OS 731 731 vendor's practices, it is better to ask the package maintainer via … … 733 733 Alternately, just diagnose the paths specified by the binary files following 734 734 the procedure outlined above. 735 </p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id36 8281"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>735 </p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id366809"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p> 736 736 The guidance in this section deals with updates to an existing 737 737 Samba-3 server installation. 738 </p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id36 8291"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>738 </p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id366819"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p> 739 739 With the provision that the binary Samba-3 package has been built 740 740 with the same path and feature settings as the existing Samba-3 … … 743 743 and without need to change either the <code class="filename">smb.conf</code> file or, where 744 744 used, the LDAP schema. 745 </p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id36 8310"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>746 <a class="indexterm" name="id36 8318"></a>747 <a class="indexterm" name="id36 8324"></a>745 </p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id366838"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p> 746 <a class="indexterm" name="id366846"></a> 747 <a class="indexterm" name="id366852"></a> 748 748 When updating versions of Samba-3 prior to 3.0.6 to 3.0.6 through 3.0.10, 749 749 it is necessary only to update the LDAP schema (where LDAP is used). … … 751 751 update. 752 752 </p><p> 753 <a class="indexterm" name="id36 8339"></a>754 <a class="indexterm" name="id36 8346"></a>755 <a class="indexterm" name="id36 8352"></a>753 <a class="indexterm" name="id366867"></a> 754 <a class="indexterm" name="id366874"></a> 755 <a class="indexterm" name="id366880"></a> 756 756 Samba-3.0.6 introduced the ability to remember the last <span class="emphasis"><em>n</em></span> number 757 757 of passwords a user has used. This information will work only with … … 760 760 </p><p> 761 761 After updating the LDAP schema, do not forget to re-index the LDAP database. 762 </p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id36 8384"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>763 <a class="indexterm" name="id36 8392"></a>762 </p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id366912"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p> 763 <a class="indexterm" name="id366920"></a> 764 764 Samba-3.0.8 introduced changes in how the <em class="parameter"><code>username map</code></em> 765 765 behaves. It also included a change in behavior of <code class="literal">winbindd</code>. … … 767 767 from versions prior to 3.0.8 to a current version. 768 768 </p><p> 769 <a class="indexterm" name="id36 8421"></a>769 <a class="indexterm" name="id366949"></a> 770 770 In Samba-3.0.11 a new privileges interface was implemented. Please 771 771 refer to <a class="link" href="happy.html#sbehap-ppc" title="Addition of Machines to the Domain">“Addition of Machines to the Domain”</a> for information regarding this new … … 789 789 back to searching the 'ldap suffix' in some cases. 790 790 </pre><p> 791 </p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id36 8465"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>791 </p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id366993"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p> 792 792 The two most likely candidates for replacement of a server are 793 793 domain member servers and domain controllers. Each needs to be 794 794 handled slightly differently. 795 </p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id36 8475"></a>Replacing a Domain Member Server</h4></div></div></div><p>796 <a class="indexterm" name="id36 8483"></a>795 </p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id367004"></a>Replacing a Domain Member Server</h4></div></div></div><p> 796 <a class="indexterm" name="id367012"></a> 797 797 Replacement of a domain member server should be done 798 798 using the same procedure as outlined in <a class="link" href="unixclients.html" title="Chapter 7. Adding Domain Member Servers and Clients">“Adding Domain Member Servers and Clients”</a>. … … 803 803 change its SID and will necessitate rejoining to the domain. 804 804 </p><p> 805 <a class="indexterm" name="id36 8506"></a>806 <a class="indexterm" name="id36 8512"></a>807 <a class="indexterm" name="id36 8519"></a>808 <a class="indexterm" name="id36 8526"></a>809 <a class="indexterm" name="id36 8532"></a>810 <a class="indexterm" name="id36 8539"></a>805 <a class="indexterm" name="id367034"></a> 806 <a class="indexterm" name="id367041"></a> 807 <a class="indexterm" name="id367047"></a> 808 <a class="indexterm" name="id367054"></a> 809 <a class="indexterm" name="id367061"></a> 810 <a class="indexterm" name="id367068"></a> 811 811 Following a change of hostname (NetBIOS name) it is a good idea on all servers 812 812 to shut down the Samba <code class="literal">smbd</code>, <code class="literal">nmbd</code>, and … … 818 818 change, but can persist for a longer period of time. 819 819 </p><p> 820 <a class="indexterm" name="id36 8583"></a>821 <a class="indexterm" name="id36 8589"></a>822 <a class="indexterm" name="id36 8596"></a>823 <a class="indexterm" name="id36 8603"></a>820 <a class="indexterm" name="id367111"></a> 821 <a class="indexterm" name="id367118"></a> 822 <a class="indexterm" name="id367125"></a> 823 <a class="indexterm" name="id367131"></a> 824 824 If the old domain member server had local accounts, it is necessary to create 825 825 on the new domain member server the same accounts with the same UID and GID … … 832 832 account entries to the new target server. 833 833 </p><p> 834 <a class="indexterm" name="id36 8648"></a>834 <a class="indexterm" name="id367176"></a> 835 835 Where the user accounts for both UNIX and Samba are stored in LDAP, the new 836 836 target server must be configured to use the <code class="literal">nss_ldap</code> tool set. 837 837 This will automatically ensure that the appropriate user entities are 838 838 available on the new server. 839 </p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id36 8664"></a>Replacing a Domain Controller</h4></div></div></div><p>840 <a class="indexterm" name="id36 8672"></a>839 </p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id367193"></a>Replacing a Domain Controller</h4></div></div></div><p> 840 <a class="indexterm" name="id367201"></a> 841 841 In the past, people who replaced a Windows NT4 domain controller typically 842 842 installed a new server, created printers and file shares on it, then migrate across … … 891 891 should correctly pick up the original SID and preserve all other settings. It is 892 892 sound advice to validate this before turning the system over to users. 893 </p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id36 8842"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>893 </p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id367371"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p> 894 894 Yes, it works. The Windows ADMT tool can be used to migrate Samba accounts 895 895 to MS Active Directory. There are a few pitfalls to be aware of: 896 </p><div class="procedure" title="Procedure 8.2. Migration to Active Directory"><a name="id36 8853"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>896 </p><div class="procedure" title="Procedure 8.2. Migration to Active Directory"><a name="id367381"></a><p class="title"><b>Procedure 8.2. Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p> 897 897 Administrator password must be THE SAME on the Samba server, 898 898 the 2003 ADS, and the local Administrator account on the workstations. … … 915 915 workstations won't be migrated to the new domain. 916 916 </p></li><li class="step" title="Step 5"><p> 917 <a class="indexterm" name="id36 8911"></a>917 <a class="indexterm" name="id367439"></a> 918 918 When migrating machines, always test first (using ADMT's test mode) 919 919 and satisfy all errors before committing the migration. Note that the … … 923 923 a test. 924 924 </p></li></ol></div><p> 925 <a class="indexterm" name="id36 8925"></a>925 <a class="indexterm" name="id367454"></a> 926 926 There are some significant benefits of using the ADMT, besides just 927 927 migrating user accounts. ADMT can be found on the Windows 2003 CD.
Note:
See TracChangeset
for help on using the changeset viewer.