~ubuntu-branches/ubuntu/maverick/samba/maverick-security

Viewing changes to docs/htmldocs/Samba3-ByExample/upgrades.html

Committer: Bazaar Package Importer
Author(s): Chuck Short
Date: 2010-01-29 06:16:15 UTC
mfrom: (0.27.9 upstream) (0.34.4 squeeze)
Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld

Tags: 2:3.4.5~dfsg-1ubuntu1

* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control:
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apoort hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
    family... it's obviously /not/ an address family, but it's what gets
    sent when using NM, so we'll cope for now.  (LP: #462169). Taken from karmic-proposed.
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Dropped patches:
    - debian/patches/security-CVE-2009-3297.patch: No longer needed
    - debian/patches/fix-too-many-open-files.patch: No longer needed

files added:
.pc/debian-changes-2:3.4.5~dfsg-1ubuntu1

.pc/debian-changes-2:3.4.5~dfsg-1ubuntu1/source3

.pc/debian-changes-2:3.4.5~dfsg-1ubuntu1/source3/client

.pc/debian-changes-2:3.4.5~dfsg-1ubuntu1/source3/client/mount.cifs.c

debian/patches/debian-changes-2:3.4.5~dfsg-1ubuntu1

docs-xml/registry/Win7_Samba3DomainMember.reg

docs-xml/smbdotconf/base/enablecorefiles.xml

docs-xml/smbdotconf/ldap/ldappagesize.xml

docs-xml/smbdotconf/misc/cachedirectory.xml

docs-xml/smbdotconf/misc/directorynamecachesize.xml

docs-xml/smbdotconf/misc/statedirectory.xml

docs-xml/smbdotconf/printing/enablespoolss.xml

docs-xml/smbdotconf/tuning/aiowritebehind.xml

docs/registry/Win7_Samba3DomainMember.reg

source3/include/krb5_protos.h

source3/include/smb_krb5.h

files removed:
.pc/fix-manpages-warnings.patch

.pc/fix-manpages-warnings.patch/docs

.pc/fix-manpages-warnings.patch/docs/manpages

.pc/fix-manpages-warnings.patch/docs/manpages/cifs.upcall.8

.pc/fix-manpages-warnings.patch/docs/manpages/eventlogadm.8

.pc/fix-manpages-warnings.patch/docs/manpages/findsmb.1

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_ad.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_adex.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_hash.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_ldap.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_nss.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_rid.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_tdb.8

.pc/fix-manpages-warnings.patch/docs/manpages/idmap_tdb2.8

.pc/fix-manpages-warnings.patch/docs/manpages/ldb.3

.pc/fix-manpages-warnings.patch/docs/manpages/ldbadd.1

.pc/fix-manpages-warnings.patch/docs/manpages/ldbdel.1

.pc/fix-manpages-warnings.patch/docs/manpages/ldbedit.1

.pc/fix-manpages-warnings.patch/docs/manpages/ldbmodify.1

.pc/fix-manpages-warnings.patch/docs/manpages/ldbsearch.1

.pc/fix-manpages-warnings.patch/docs/manpages/libsmbclient.7

.pc/fix-manpages-warnings.patch/docs/manpages/lmhosts.5

.pc/fix-manpages-warnings.patch/docs/manpages/log2pcap.1

.pc/fix-manpages-warnings.patch/docs/manpages/mount.cifs.8

.pc/fix-manpages-warnings.patch/docs/manpages/net.8

.pc/fix-manpages-warnings.patch/docs/manpages/nmbd.8

.pc/fix-manpages-warnings.patch/docs/manpages/nmblookup.1

.pc/fix-manpages-warnings.patch/docs/manpages/ntlm_auth.1

.pc/fix-manpages-warnings.patch/docs/manpages/pam_winbind.8

.pc/fix-manpages-warnings.patch/docs/manpages/pdbedit.8

.pc/fix-manpages-warnings.patch/docs/manpages/profiles.1

.pc/fix-manpages-warnings.patch/docs/manpages/rpcclient.1

.pc/fix-manpages-warnings.patch/docs/manpages/samba.7

.pc/fix-manpages-warnings.patch/docs/manpages/smb.conf.5

.pc/fix-manpages-warnings.patch/docs/manpages/smbcacls.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbclient.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbcontrol.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbcquotas.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbd.8

.pc/fix-manpages-warnings.patch/docs/manpages/smbget.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbgetrc.5

.pc/fix-manpages-warnings.patch/docs/manpages/smbpasswd.5

.pc/fix-manpages-warnings.patch/docs/manpages/smbpasswd.8

.pc/fix-manpages-warnings.patch/docs/manpages/smbspool.8

.pc/fix-manpages-warnings.patch/docs/manpages/smbstatus.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbtar.1

.pc/fix-manpages-warnings.patch/docs/manpages/smbtree.1

.pc/fix-manpages-warnings.patch/docs/manpages/swat.8

.pc/fix-manpages-warnings.patch/docs/manpages/tdbbackup.8

.pc/fix-manpages-warnings.patch/docs/manpages/tdbdump.8

.pc/fix-manpages-warnings.patch/docs/manpages/tdbtool.8

.pc/fix-manpages-warnings.patch/docs/manpages/testparm.1

.pc/fix-manpages-warnings.patch/docs/manpages/umount.cifs.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_audit.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_cacheprime.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_cap.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_catia.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_commit.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_default_quota.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_extd_audit.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_fake_perms.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_fileid.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_full_audit.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_gpfs.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_netatalk.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_notify_fam.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_prealloc.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_readahead.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_readonly.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_recycle.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_shadow_copy.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_shadow_copy2.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_smb_traffic_analyzer.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_streams_depot.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_streams_xattr.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfs_xattr_tdb.8

.pc/fix-manpages-warnings.patch/docs/manpages/vfstest.1

.pc/fix-manpages-warnings.patch/docs/manpages/wbinfo.1

.pc/fix-manpages-warnings.patch/docs/manpages/winbind_krb5_locator.7

.pc/fix-manpages-warnings.patch/docs/manpages/winbindd.8

.pc/fix-too-many-open-files.patch

.pc/fix-too-many-open-files.patch/source3

.pc/fix-too-many-open-files.patch/source3/include

.pc/fix-too-many-open-files.patch/source3/include/local.h

.pc/fix-too-many-open-files.patch/source3/param

.pc/fix-too-many-open-files.patch/source3/param/loadparm.c

.pc/fix-too-many-open-files.patch/source3/smbd

.pc/fix-too-many-open-files.patch/source3/smbd/files.c

.pc/security-CVE-2009-3297.patch

.pc/security-CVE-2009-3297.patch/source3

.pc/security-CVE-2009-3297.patch/source3/client

.pc/security-CVE-2009-3297.patch/source3/client/mount.cifs.c

debian/patches/fix-too-many-open-files.patch

debian/patches/security-CVE-2009-2813.patch

debian/patches/security-CVE-2009-2906.patch

debian/patches/security-CVE-2009-2948.patch

debian/patches/security-CVE-2009-3297.patch

source4/ldap_server/devdocs/draft-armijo-ldap-syntax-00.txt

source4/ldap_server/devdocs/ldapext-ldapv3-vlv-04.txt

files modified:
.pc/VERSION.patch/source3/VERSION

.pc/adapt_machine_creation_script.patch/docs/manpages/smb.conf.5

.pc/applied-patches

.pc/autoconf.patch/source3/configure

.pc/codepages-location.patch/source3/Makefile.in

.pc/debian-changes-2:3.4.3-2ubuntu1/source3/VERSION

.pc/documentation.patch/docs/manpages/lmhosts.5

.pc/documentation.patch/docs/manpages/nmbd.8

.pc/documentation.patch/docs/manpages/ntlm_auth.1

.pc/documentation.patch/docs/manpages/smbd.8

.pc/documentation.patch/docs/manpages/swat.8

.pc/documentation.patch/docs/manpages/tdbbackup.8

.pc/documentation.patch/docs/manpages/winbindd.8

.pc/external-talloc-support.patch/source3/configure.in

.pc/smbclient-pager.patch/source3/include/local.h

.pc/undefined-symbols.patch/source3/Makefile.in

.pc/usershare.patch/docs/manpages/net.8

.pc/usershare.patch/source3/param/loadparm.c

WHATSNEW.txt

debian/changelog

debian/control

debian/patches/adapt_machine_creation_script.patch

debian/patches/autoconf.patch

debian/patches/documentation.patch

debian/patches/series

debian/samba-common.dirs

debian/samba.postinst

debian/watch

docs-xml/manpages-3/mount.cifs.8.xml

docs-xml/manpages-3/pdbedit.8.xml

docs-xml/smbdotconf/filename/manglednames.xml

docs-xml/smbdotconf/locking/oplocks.xml

docs/Samba3-ByExample.pdf

docs/Samba3-Developers-Guide.pdf

docs/Samba3-HOWTO.pdf

docs/htmldocs/Samba3-ByExample/2000users.html

docs/htmldocs/Samba3-ByExample/Big500users.html

docs/htmldocs/Samba3-ByExample/DMSMig.html

docs/htmldocs/Samba3-ByExample/DomApps.html

docs/htmldocs/Samba3-ByExample/ExNetworks.html

docs/htmldocs/Samba3-ByExample/HA.html

docs/htmldocs/Samba3-ByExample/RefSection.html

docs/htmldocs/Samba3-ByExample/apa.html

docs/htmldocs/Samba3-ByExample/appendix.html

docs/htmldocs/Samba3-ByExample/ch14.html

docs/htmldocs/Samba3-ByExample/go01.html

docs/htmldocs/Samba3-ByExample/happy.html

docs/htmldocs/Samba3-ByExample/index.html

docs/htmldocs/Samba3-ByExample/ix01.html

docs/htmldocs/Samba3-ByExample/kerberos.html

docs/htmldocs/Samba3-ByExample/ntmigration.html

docs/htmldocs/Samba3-ByExample/nw4migration.html

docs/htmldocs/Samba3-ByExample/pr01.html

docs/htmldocs/Samba3-ByExample/pr02.html

docs/htmldocs/Samba3-ByExample/pr03.html

docs/htmldocs/Samba3-ByExample/preface.html

docs/htmldocs/Samba3-ByExample/primer.html

docs/htmldocs/Samba3-ByExample/secure.html

docs/htmldocs/Samba3-ByExample/simple.html

docs/htmldocs/Samba3-ByExample/small.html

docs/htmldocs/Samba3-ByExample/unixclients.html

docs/htmldocs/Samba3-ByExample/upgrades.html

docs/htmldocs/Samba3-Developers-Guide/CodingSuggestions.html

docs/htmldocs/Samba3-Developers-Guide/Packaging.html

docs/htmldocs/Samba3-Developers-Guide/architecture.html

docs/htmldocs/Samba3-Developers-Guide/contributing.html

docs/htmldocs/Samba3-Developers-Guide/debug.html

docs/htmldocs/Samba3-Developers-Guide/devprinting.html

docs/htmldocs/Samba3-Developers-Guide/index.html

docs/htmldocs/Samba3-Developers-Guide/internals.html

docs/htmldocs/Samba3-Developers-Guide/modules.html

docs/htmldocs/Samba3-Developers-Guide/ntdomain.html

docs/htmldocs/Samba3-Developers-Guide/parsing.html

docs/htmldocs/Samba3-Developers-Guide/pr01.html

docs/htmldocs/Samba3-Developers-Guide/pt01.html

docs/htmldocs/Samba3-Developers-Guide/pt02.html

docs/htmldocs/Samba3-Developers-Guide/pt03.html

docs/htmldocs/Samba3-Developers-Guide/pt04.html

docs/htmldocs/Samba3-Developers-Guide/pt05.html

docs/htmldocs/Samba3-Developers-Guide/pwencrypt.html

docs/htmldocs/Samba3-Developers-Guide/rpc-plugin.html

docs/htmldocs/Samba3-Developers-Guide/tracing.html

docs/htmldocs/Samba3-Developers-Guide/unix-smb.html

docs/htmldocs/Samba3-Developers-Guide/vfs.html

docs/htmldocs/Samba3-Developers-Guide/wins.html

docs/htmldocs/Samba3-HOWTO/AccessControls.html

docs/htmldocs/Samba3-HOWTO/AdvancedNetworkManagement.html

docs/htmldocs/Samba3-HOWTO/Appendix.html

docs/htmldocs/Samba3-HOWTO/Backup.html

docs/htmldocs/Samba3-HOWTO/CUPS-printing.html

docs/htmldocs/Samba3-HOWTO/ChangeNotes.html

docs/htmldocs/Samba3-HOWTO/ClientConfig.html

docs/htmldocs/Samba3-HOWTO/DNSDHCP.html

docs/htmldocs/Samba3-HOWTO/FastStart.html

docs/htmldocs/Samba3-HOWTO/InterdomainTrusts.html

docs/htmldocs/Samba3-HOWTO/IntroSMB.html

docs/htmldocs/Samba3-HOWTO/NT4Migration.html

docs/htmldocs/Samba3-HOWTO/NetCommand.html

docs/htmldocs/Samba3-HOWTO/NetworkBrowsing.html

docs/htmldocs/Samba3-HOWTO/Other-Clients.html

docs/htmldocs/Samba3-HOWTO/PolicyMgmt.html

docs/htmldocs/Samba3-HOWTO/Portability.html

docs/htmldocs/Samba3-HOWTO/ProfileMgmt.html

docs/htmldocs/Samba3-HOWTO/SWAT.html

docs/htmldocs/Samba3-HOWTO/SambaHA.html

docs/htmldocs/Samba3-HOWTO/ServerType.html

docs/htmldocs/Samba3-HOWTO/StandAloneServer.html

docs/htmldocs/Samba3-HOWTO/TOSHpreface.html

docs/htmldocs/Samba3-HOWTO/VFS.html

docs/htmldocs/Samba3-HOWTO/apa.html

docs/htmldocs/Samba3-HOWTO/bugreport.html

docs/htmldocs/Samba3-HOWTO/cfgsmarts.html

docs/htmldocs/Samba3-HOWTO/ch-ldap-tls.html

docs/htmldocs/Samba3-HOWTO/ch47.html

docs/htmldocs/Samba3-HOWTO/classicalprinting.html

docs/htmldocs/Samba3-HOWTO/compiling.html

docs/htmldocs/Samba3-HOWTO/diagnosis.html

docs/htmldocs/Samba3-HOWTO/domain-member.html

docs/htmldocs/Samba3-HOWTO/go01.html

docs/htmldocs/Samba3-HOWTO/groupmapping.html

docs/htmldocs/Samba3-HOWTO/idmapper.html

docs/htmldocs/Samba3-HOWTO/index.html

docs/htmldocs/Samba3-HOWTO/install.html

docs/htmldocs/Samba3-HOWTO/integrate-ms-networks.html

docs/htmldocs/Samba3-HOWTO/introduction.html

docs/htmldocs/Samba3-HOWTO/ix01.html

docs/htmldocs/Samba3-HOWTO/largefile.html

docs/htmldocs/Samba3-HOWTO/locking.html

docs/htmldocs/Samba3-HOWTO/migration.html

docs/htmldocs/Samba3-HOWTO/msdfs.html

docs/htmldocs/Samba3-HOWTO/optional.html

docs/htmldocs/Samba3-HOWTO/pam.html

docs/htmldocs/Samba3-HOWTO/passdb.html

docs/htmldocs/Samba3-HOWTO/pr01.html

docs/htmldocs/Samba3-HOWTO/pr02.html

docs/htmldocs/Samba3-HOWTO/pr03.html

docs/htmldocs/Samba3-HOWTO/problems.html

docs/htmldocs/Samba3-HOWTO/rights.html

docs/htmldocs/Samba3-HOWTO/samba-bdc.html

docs/htmldocs/Samba3-HOWTO/samba-pdc.html

docs/htmldocs/Samba3-HOWTO/securing-samba.html

docs/htmldocs/Samba3-HOWTO/speed.html

docs/htmldocs/Samba3-HOWTO/tdb.html

docs/htmldocs/Samba3-HOWTO/troubleshooting.html

docs/htmldocs/Samba3-HOWTO/type.html

docs/htmldocs/Samba3-HOWTO/unicode.html

docs/htmldocs/Samba3-HOWTO/upgrading-to-3.0.html

docs/htmldocs/Samba3-HOWTO/winbind.html

docs/htmldocs/manpages/cifs.upcall.8.html

docs/htmldocs/manpages/eventlogadm.8.html

docs/htmldocs/manpages/findsmb.1.html

docs/htmldocs/manpages/idmap_ad.8.html

docs/htmldocs/manpages/idmap_adex.8.html

docs/htmldocs/manpages/idmap_hash.8.html

docs/htmldocs/manpages/idmap_ldap.8.html

docs/htmldocs/manpages/idmap_nss.8.html

docs/htmldocs/manpages/idmap_rid.8.html

docs/htmldocs/manpages/idmap_tdb.8.html

docs/htmldocs/manpages/idmap_tdb2.8.html

docs/htmldocs/manpages/index.html

docs/htmldocs/manpages/ldb.3.html

docs/htmldocs/manpages/ldbadd.1.html

docs/htmldocs/manpages/ldbdel.1.html

docs/htmldocs/manpages/ldbedit.1.html

docs/htmldocs/manpages/ldbmodify.1.html

docs/htmldocs/manpages/ldbrename.1.html

docs/htmldocs/manpages/ldbsearch.1.html

docs/htmldocs/manpages/libsmbclient.7.html

docs/htmldocs/manpages/lmhosts.5.html

docs/htmldocs/manpages/log2pcap.1.html

docs/htmldocs/manpages/mount.cifs.8.html

docs/htmldocs/manpages/net.8.html

docs/htmldocs/manpages/nmbd.8.html

docs/htmldocs/manpages/nmblookup.1.html

docs/htmldocs/manpages/ntlm_auth.1.html

docs/htmldocs/manpages/pam_winbind.8.html

docs/htmldocs/manpages/pdbedit.8.html

docs/htmldocs/manpages/profiles.1.html

docs/htmldocs/manpages/rpcclient.1.html

docs/htmldocs/manpages/samba.7.html

docs/htmldocs/manpages/sharesec.1.html

docs/htmldocs/manpages/smb.conf.5.html

docs/htmldocs/manpages/smbcacls.1.html

docs/htmldocs/manpages/smbclient.1.html

docs/htmldocs/manpages/smbcontrol.1.html

docs/htmldocs/manpages/smbcquotas.1.html

docs/htmldocs/manpages/smbd.8.html

docs/htmldocs/manpages/smbget.1.html

docs/htmldocs/manpages/smbgetrc.5.html

docs/htmldocs/manpages/smbpasswd.5.html

docs/htmldocs/manpages/smbpasswd.8.html

docs/htmldocs/manpages/smbspool.8.html

docs/htmldocs/manpages/smbstatus.1.html

docs/htmldocs/manpages/smbtar.1.html

docs/htmldocs/manpages/smbtree.1.html

docs/htmldocs/manpages/swat.8.html

docs/htmldocs/manpages/tdbbackup.8.html

docs/htmldocs/manpages/tdbdump.8.html

docs/htmldocs/manpages/tdbtool.8.html

docs/htmldocs/manpages/testparm.1.html

docs/htmldocs/manpages/umount.cifs.8.html

docs/htmldocs/manpages/vfs_acl_tdb.8.html

docs/htmldocs/manpages/vfs_acl_xattr.8.html

docs/htmldocs/manpages/vfs_audit.8.html

docs/htmldocs/manpages/vfs_cacheprime.8.html

docs/htmldocs/manpages/vfs_cap.8.html

docs/htmldocs/manpages/vfs_catia.8.html

docs/htmldocs/manpages/vfs_commit.8.html

docs/htmldocs/manpages/vfs_default_quota.8.html

docs/htmldocs/manpages/vfs_dirsort.8.html

docs/htmldocs/manpages/vfs_extd_audit.8.html

docs/htmldocs/manpages/vfs_fake_perms.8.html

docs/htmldocs/manpages/vfs_fileid.8.html

docs/htmldocs/manpages/vfs_full_audit.8.html

docs/htmldocs/manpages/vfs_gpfs.8.html

docs/htmldocs/manpages/vfs_netatalk.8.html

docs/htmldocs/manpages/vfs_notify_fam.8.html

docs/htmldocs/manpages/vfs_prealloc.8.html

docs/htmldocs/manpages/vfs_preopen.8.html

docs/htmldocs/manpages/vfs_readahead.8.html

docs/htmldocs/manpages/vfs_readonly.8.html

docs/htmldocs/manpages/vfs_recycle.8.html

docs/htmldocs/manpages/vfs_shadow_copy.8.html

docs/htmldocs/manpages/vfs_shadow_copy2.8.html

docs/htmldocs/manpages/vfs_smb_traffic_analyzer.8.html

docs/htmldocs/manpages/vfs_streams_depot.8.html

docs/htmldocs/manpages/vfs_streams_xattr.8.html

docs/htmldocs/manpages/vfs_xattr_tdb.8.html

docs/htmldocs/manpages/vfstest.1.html

docs/htmldocs/manpages/wbinfo.1.html

docs/htmldocs/manpages/winbind_krb5_locator.7.html

docs/htmldocs/manpages/winbindd.8.html

docs/manpages/cifs.upcall.8

docs/manpages/eventlogadm.8

docs/manpages/findsmb.1

docs/manpages/idmap_ad.8

docs/manpages/idmap_adex.8

docs/manpages/idmap_hash.8

docs/manpages/idmap_ldap.8

docs/manpages/idmap_nss.8

docs/manpages/idmap_rid.8

docs/manpages/idmap_tdb.8

docs/manpages/idmap_tdb2.8

docs/manpages/ldb.3

docs/manpages/ldbadd.1

docs/manpages/ldbdel.1

docs/manpages/ldbedit.1

docs/manpages/ldbmodify.1

docs/manpages/ldbrename.1

docs/manpages/ldbsearch.1

docs/manpages/libsmbclient.7

docs/manpages/lmhosts.5

docs/manpages/log2pcap.1

docs/manpages/mount.cifs.8

docs/manpages/net.8

docs/manpages/nmbd.8

docs/manpages/nmblookup.1

docs/manpages/ntlm_auth.1

docs/manpages/pam_winbind.8

docs/manpages/pdbedit.8

docs/manpages/profiles.1

docs/manpages/rpcclient.1

docs/manpages/samba.7

docs/manpages/sharesec.1

docs/manpages/smb.conf.5

docs/manpages/smbcacls.1

docs/manpages/smbclient.1

docs/manpages/smbcontrol.1

docs/manpages/smbcquotas.1

docs/manpages/smbd.8

docs/manpages/smbget.1

docs/manpages/smbgetrc.5

docs/manpages/smbpasswd.5

docs/manpages/smbpasswd.8

docs/manpages/smbspool.8

docs/manpages/smbstatus.1

docs/manpages/smbtar.1

docs/manpages/smbtree.1

docs/manpages/swat.8

docs/manpages/tdbbackup.8

docs/manpages/tdbdump.8

docs/manpages/tdbtool.8

docs/manpages/testparm.1

docs/manpages/umount.cifs.8

docs/manpages/vfs_acl_tdb.8

docs/manpages/vfs_acl_xattr.8

docs/manpages/vfs_audit.8

docs/manpages/vfs_cacheprime.8

docs/manpages/vfs_cap.8

docs/manpages/vfs_catia.8

docs/manpages/vfs_commit.8

docs/manpages/vfs_default_quota.8

docs/manpages/vfs_dirsort.8

docs/manpages/vfs_extd_audit.8

docs/manpages/vfs_fake_perms.8

docs/manpages/vfs_fileid.8

docs/manpages/vfs_full_audit.8

docs/manpages/vfs_gpfs.8

docs/manpages/vfs_netatalk.8

docs/manpages/vfs_notify_fam.8

docs/manpages/vfs_prealloc.8

docs/manpages/vfs_preopen.8

docs/manpages/vfs_readahead.8

docs/manpages/vfs_readonly.8

docs/manpages/vfs_recycle.8

docs/manpages/vfs_shadow_copy.8

docs/manpages/vfs_shadow_copy2.8

docs/manpages/vfs_smb_traffic_analyzer.8

docs/manpages/vfs_streams_depot.8

docs/manpages/vfs_streams_xattr.8

docs/manpages/vfs_xattr_tdb.8

docs/manpages/vfstest.1

docs/manpages/wbinfo.1

docs/manpages/winbind_krb5_locator.7

docs/manpages/winbindd.8

lib/async_req/async_req.c

lib/async_req/async_req.h

lib/util/util.c

librpc/gen_ndr/cli_echo.c

librpc/gen_ndr/cli_epmapper.c

librpc/gen_ndr/cli_eventlog.c

librpc/gen_ndr/cli_ntsvcs.c

librpc/gen_ndr/cli_spoolss.c

librpc/gen_ndr/cli_spoolss.h

librpc/gen_ndr/cli_srvsvc.c

librpc/gen_ndr/cli_svcctl.c

librpc/gen_ndr/cli_winreg.c

librpc/gen_ndr/misc.h

librpc/gen_ndr/ndr_misc.c

librpc/gen_ndr/ndr_misc.h

librpc/gen_ndr/ndr_spoolss.c

librpc/gen_ndr/ndr_spoolss.h

librpc/gen_ndr/ndr_winreg.c

librpc/gen_ndr/ndr_winreg.h

librpc/gen_ndr/spoolss.h

librpc/gen_ndr/srv_spoolss.c

librpc/gen_ndr/winreg.h

librpc/idl/misc.idl

librpc/idl/spoolss.idl

librpc/idl/winreg.idl

nsswitch/winbind_krb5_locator.c

packaging/RHEL-CTDB/samba.spec

packaging/RHEL/makerpms.git.sh

packaging/RHEL/makerpms.sh

packaging/RHEL/makerpms.sh.tmpl

packaging/RHEL/samba.spec

pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm

pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm

pidl/tests/samba3-cli.pl

release-scripts/create-tarball

source3/Makefile.in

source3/VERSION

source3/auth/auth_sam.c

source3/client/cifs.upcall.c

source3/configure

source3/configure.in

source3/include/ads.h

source3/include/authdata.h

source3/include/config.h.in

source3/include/includes.h

source3/include/proto.h

source3/include/version.h

source3/lib/dbwrap_util.c

source3/lib/util_reg.c

source3/libaddns/dnsgss.c

source3/libads/ads_status.c

source3/libads/authdata.c

source3/libads/kerberos.c

source3/libads/kerberos_keytab.c

source3/libads/kerberos_verify.c

source3/libads/krb5_errs.c

source3/libads/krb5_setpw.c

source3/libads/ldap.c

source3/libnet/libnet.h

source3/librpc/gen_ndr/messaging.h

source3/librpc/gen_ndr/notify.h

source3/libsmb/cliconnect.c

source3/libsmb/clikrb5.c

source3/libsmb/clispnego.c

source3/libsmb/libsmb_context.c

source3/libsmb/libsmb_dir.c

source3/libsmb/libsmb_path.c

source3/libsmb/libsmb_setget.c

source3/m4/aclocal.m4

source3/modules/vfs_cap.c

source3/modules/vfs_default.c

source3/passdb/pdb_ldap.c

source3/rpc_client/cli_lsarpc.c

source3/rpc_client/cli_netlogon.c

source3/rpc_client/cli_pipe.c

source3/rpc_client/cli_spoolss.c

source3/rpc_server/srv_pipe_hnd.c

source3/rpc_server/srv_samr_nt.c

source3/rpc_server/srv_spoolss_nt.c

source3/smbd/blocking.c

source3/smbd/dosmode.c

source3/smbd/mangle_hash.c

source3/smbd/nttrans.c

source3/smbd/open.c

source3/smbd/pipes.c

source3/smbd/posix_acls.c

source3/smbd/reply.c

source3/smbd/trans2.c

source3/utils/net_rpc.c

source3/utils/ntlm_auth.c

source3/utils/pdbedit.c

source3/winbindd/idmap_ldap.c

source3/winbindd/winbindd_cred_cache.c

source3/winbindd/winbindd_pam.c

source3/winbindd/winbindd_rpc.c

source4/torture/rpc/spoolss.c

source4/torture/rpc/spoolss_win.c

Show diffs side-by-side

added added

removed removed

docs/htmldocs/Samba3-ByExample/upgrades.html

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�8.�Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.74.0"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part�II.�Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter�7.�Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter�9.�Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�8.�Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a>�</td><th width="60%" align="center">Part�II.�Domain Members, Updating Samba and Migration</th><td width="20%" align="right">�<a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" lang="en"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter�8.�Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id2598126">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2598223">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2599552">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2599920">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600254">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2600436">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2600546">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2600749">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2601164">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>

<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter�8.�Updating Samba-3</title><link rel="stylesheet" href="../samba.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Samba-3 by Example"><link rel="up" href="DMSMig.html" title="Part�II.�Domain Members, Updating Samba and Migration"><link rel="prev" href="unixclients.html" title="Chapter�7.�Adding Domain Member Servers and Clients"><link rel="next" href="ntmigration.html" title="Chapter�9.�Migrating NT4 Domain to Samba-3"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">Chapter�8.�Updating Samba-3</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="unixclients.html">Prev</a>�</td><th width="60%" align="center">Part�II.�Domain Members, Updating Samba and Migration</th><td width="20%" align="right">�<a accesskey="n" href="ntmigration.html">Next</a></td></tr></table><hr></div><div class="chapter" title="Chapter�8.�Updating Samba-3"><div class="titlepage"><div><div><h2 class="title"><a name="upgrades"></a>Chapter�8.�Updating Samba-3</h2></div></div></div><div class="toc"><p><b>Table of Contents</b></p><dl><dt><span class="sect1"><a href="upgrades.html#id2604185">Introduction</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2604281">Cautions and Notes</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2605610">Upgrading from Samba 1.x and 2.x to Samba-3</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#sbeug2">Samba 1.9.x and 2.x Versions Without LDAP</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2605979">Applicable to All Samba 2.x to Samba-3 Upgrades</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2606312">Samba-2.x with LDAP Support</a></span></dt></dl></dd><dt><span class="sect1"><a href="upgrades.html#id2606494">Updating a Samba-3 Installation</a></span></dt><dd><dl><dt><span class="sect2"><a href="upgrades.html#id2606604">Samba-3 to Samba-3 Updates on the Same Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2606808">Migrating Samba-3 to a New Server</a></span></dt><dt><span class="sect2"><a href="upgrades.html#id2607222">Migration of Samba Accounts to Active Directory</a></span></dt></dl></dd></dl></div><p>

It was a little difficult to select an appropriate title for this chapter.

From email messages on the Samba mailing lists it is clear that many people

consider the updating and upgrading of Samba to be a migration matter. Others

talk about migrating Samba servers when in fact the issue at hand is one of

installing a new Samba server to replace an older existing Samba server.

</p><p>

There has also been much talk about migration of Samba-3 from an smbpasswd

passdb backend to the use of the tdbsam or ldapsam facilities that are new

to Samba-3.

people apply to these modes by which Samba servers are updated. This is further

highlighted by an email posting that included the following neat remark:

</p><div class="blockquote"><blockquote class="blockquote"><p>

I like the “<span class="quote">net rpc vampire</span>” on NT4, but that to my surprise does

I like the <span class="quote">“<span class="quote">net rpc vampire</span>”</span> on NT4, but that to my surprise does

not seem to work against a Samba PDC and, if addressed in the Samba to Samba

context in either book, I could not find it.

</p></blockquote></div><p>

So in response to the significant request for these situations to be better

documented, this chapter has now been added. User contributions and documentation

of real-world experiences are a most welcome addition to this chapter.

</p><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2598126"></a>Introduction</h2></div></div></div><p>

</p><div class="sect1" title="Introduction"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2604185"></a>Introduction</h2></div></div></div><p>

A Windows network administrator explained in an email what changes he was

planning to make and followed with the question: “<span class="quote">Anyone done this

before?</span>” Many of us have upgraded and updated Samba without incident.

planning to make and followed with the question: <span class="quote">“<span class="quote">Anyone done this

before?</span>”</span> Many of us have upgraded and updated Samba without incident.

Others have experienced much pain and user frustration. So it is to be hoped

that the notes in this chapter will make a positive difference by assuring

that someone will be saved a lot of discomfort.

this precautionary step, users will punish an administrator who

fails to take adequate steps to avoid situations that may inflict lost

productivity on them.

</p><div class="warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>

</p><div class="warning" title="Warning" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Warning</h3><p>

Samba makes it possible to upgrade and update configuration files, but it

is not possible to downgrade the configuration files. Please ensure that

all configuration and control files are backed up to permit a down-grade

in the rare event that this may be necessary.

</p></div><p>

It is prudent also to backup all data files on the server before attempting

to perform a major upgrade. Many administrators have experienced the consequences

of failure to take adequate precautions. So what is adequate? That is simple!

If data is lost during an upgrade or update and it can not be restored,

the precautions taken were inadequate. If a backup was not needed, but was available,

caution was on the side of the victor.

</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2598223"></a>Cautions and Notes</h3></div></div></div><p>

Someone once said, “<span class="quote">It is good to be sorry, but better never to need to be!</span>”

</p><div class="sect2" title="Cautions and Notes"><div class="titlepage"><div><div><h3 class="title"><a name="id2604281"></a>Cautions and Notes</h3></div></div></div><p>

Someone once said, <span class="quote">“<span class="quote">It is good to be sorry, but better never to need to be!</span>”</span>

These are wise words of advice to those contemplating a Samba upgrade or update.

</p><p>

This is as good a time as any to define the terms <code class="constant">upgrade</code> and

<code class="constant">update</code>. The term <code class="constant">upgrade</code> refers to

the installation of a version of Samba that is a whole generation or more ahead of

number. So far Samba has been released in generations 1.x, 2.x, 3.x, and currently 4.0

is in development.

</p><p>

The term <code class="constant">update</code> refers to a minor version number installation

in place of one of the same generation. For example, updating from Samba 3.0.10 to 3.0.14

is an update. The move from Samba 2.0.7 to 3.0.14 is an upgrade.

</p><p>

While the use of these terms is an exercise in semantics, what needs to be realized

is that there are major functional differences between a Samba 2.x release and a Samba

3.0.x release. Such differences may require a significantly different approach to

latest documentation to identify precisely how the new installation may need to be

modified to preserve prior functionality.

</p><p>

There is an old axiom that says, “<span class="quote">The greater the volume of the documentation,

There is an old axiom that says, <span class="quote">“<span class="quote">The greater the volume of the documentation,

the greater the risk that noone will read it, but where there is no documentation,

noone can read it!</span>” While true, some documentation is an evil necessity.

noone can read it!</span>”</span> While true, some documentation is an evil necessity.

It is hoped that this update to the documentation will avoid both extremes.

</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2598326"></a>Security Identifiers (SIDs)</h4></div></div></div><p>

</p><div class="sect3" title="Security Identifiers (SIDs)"><div class="titlepage"><div><div><h4 class="title"><a name="id2604385"></a>Security Identifiers (SIDs)</h4></div></div></div><p>

100

Before the days of Windows NT and OS/2, every Windows and DOS networking client

101

that used the SMB protocols was an entirely autonomous entity. There was no concept

102

of a security identifier for a machine or a user outside of the username, the

104

in the same context as the way that the SID is used since the development of

105

Windows NT 3.10.

106

</p><p>

107

108

109

110

111

112

107

108

109

110

111

112

113

Versions of Samba prior to 1.9 did not make use of a SID. Instead they make exclusive use

114

of the username that is embedded in the SessionSetUpAndX component of the connection

115

setup process between a Windows client and an SMB/CIFS server.

116

</p><p>

117

118

119

117

118

119

120

Around November 1997 support was added to Samba-1.9 to handle the Windows security

121

RPC-based protocols that implemented support for Samba to store a machine SID. This

122

information was stored in a file called <code class="filename">MACHINE.SID.</code>

123

</p><p>

124

125

126

124

125

126

127

Within the lifetime of the early Samba 2.x series, the machine SID information was

128

relocated into a tdb file called <code class="filename">secrets.tdb</code>, which is where

129

it is still located in Samba 3.0.x along with other information that pertains to the

130

local machine and its role within a domain security context.

131

</p><p>

132

133

134

135

132

133

134

135

136

There are two types of SID, those pertaining to the machine itself and the domain to

137

which it may belong, and those pertaining to users and groups within the security

138

context of the local machine, in the case of standalone servers (SAS) and domain member

139

servers (DMS).

140

</p><p>

141

142

143

144

145

146

141

142

143

144

145

146

147

When the Samba <code class="literal">smbd</code> daemon is first started, if the <code class="filename">secrets.tdb</code>

148

file does not exist, it is created at the first client connection attempt. If this file does

149

exist, <code class="literal">smbd</code> checks that there is a machine SID (if it is a domain controller,

153

manner. This means that each time it is generated for a particular combination of machine name

154

(hostname) and domain name (workgroup), it will be different.

155

</p><p>

156

156

157

The SID is the key used by MS Windows networking for all networking operations. This means

158

that when the machine or domain SID changes, all security-encoded objects such as profiles

159

and ACLs may become unusable.

160

</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>

160

</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>

161

It is of paramount importance that the machine and domain SID be backed up so that in

162

the event of a change of hostname (machine name) or domain name (workgroup) the SID can

163

be restored to its previous value.

164

</p></div><p>

165

166

167

168

169

170

171

172

173

174

165

166

167

168

169

170

171

172

173

174

175

In Samba-3 on a domain controller (PDC or BDC), the domain name controls the domain

176

SID. On all prior versions the hostname (computer name, or NetBIOS name) controlled

177

the SID. On a standalone server the hostname still controls the SID.

178

</p><p>

179

180

179

180

181

The local machine SID can be backed up using this procedure (Samba-3):

182

</p><pre class="screen">

183

<code class="prompt">root# </code> net getlocalsid > /etc/samba/my-local-SID

200

ability to read the older tdb file and to perform an in-situ update to the latest tdb format.

201

This is not a reversible process it is a one-way upgrade.

202

</p><p>

203

203

204

In the course of the Samba 2.0.x series the <code class="literal">smbpasswd</code> was modified to

205

permit the domain SID to be captured to the <code class="filename">secrets.tdb</code> file by executing:

206

</p><pre class="screen">

217

<code class="prompt">root# </code> smbpasswd -W S-1-5-21-726309263-4128913605-1168186429

218

</pre><p>

219

</p><p>

220

221

220

221

222

Domain security information, which includes the domain SID, can be obtained from Samba-2.2.x

223

systems by executing:

224

</p><pre class="screen">

237

It is a very good practice to store this SID information in a safely kept file, just in

238

case it is ever needed at a later date.

239

</p><p>

240

241

242

240

241

242

243

Take note that the domain SID is used extensively in Samba. Where LDAP is used for the

244

<em class="parameter"><code>passdb backend</code></em>, all user, group, and trust accounts are encoded

245

with the domain SID. This means that if the domain SID changes for any reason, the entire

250

<code class="prompt">root# </code> slapcat -v -l filename.ldif

251

</pre><p>

252

</p><p>

253

254

255

253

254

255

256

When the domain SID has changed, roaming profiles cease to be functional. The recovery

257

of roaming profiles necessitates resetting of the domain portion of the user SID

258

that owns the profile. This is encoded in the <code class="filename">NTUser.DAT</code> and can be

261

complain to the Samba Team if this utility is missing; that issue that must be

262

addressed to the creator of the RPM package. The Samba Team do their best to make

263

available all the tools needed to manage a Samba-based Windows networking environment.

264

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599055"></a>Change of hostname</h4></div></div></div><p>

265

266

264

</p></div><div class="sect3" title="Change of hostname"><div class="titlepage"><div><div><h4 class="title"><a name="id2605113"></a>Change of hostname</h4></div></div></div><p>

265

266

267

Samba uses two methods by which the primary NetBIOS machine name (also known as a computer

268

name or the hostname) may be determined: If the <code class="filename">smb.conf</code> file contains a

269

<em class="parameter"><code>netbios name</code></em> entry, its value will be used directly. In the absence

273

hostname was changed for one reason or another. Such a change will cause a new machine

274

SID to be generated. If this happens on a domain controller, it will also change the

275

domain SID. These SIDs can be updated (restored) using the procedure outlined previously.

276

</p><div class="note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>

276

</p><div class="note" title="Note" style="margin-left: 0.5in; margin-right: 0.5in;"><h3 class="title">Note</h3><p>

277

Do NOT change the hostname or the <em class="parameter"><code>netbios name</code></em>. If this

278

is changed, be sure to reset the machine SID to the original setting. Otherwise

279

there may be serious interoperability and/or operational problems.

280

</p></div></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599120"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>

281

280

</p></div></div><div class="sect3" title="Change of Workgroup (Domain) Name"><div class="titlepage"><div><div><h4 class="title"><a name="id2605179"></a>Change of Workgroup (Domain) Name</h4></div></div></div><p>

281

282

The domain name of a Samba server is identical to the workgroup name and is

283

set in the <code class="filename">smb.conf</code> file using the <em class="parameter"><code>workgroup</code></em> parameter.

284

This has been consistent throughout the history of Samba and across all versions.

285

</p><p>

286

286

287

Be aware that when the workgroup name is changed, a new SID will be generated.

288

The old domain SID can be reset using the procedure outlined earlier in this chapter.

289

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="sbeug1"></a>Location of config files</h4></div></div></div><p>

289

</p></div><div class="sect3" title="Location of config files"><div class="titlepage"><div><div><h4 class="title"><a name="sbeug1"></a>Location of config files</h4></div></div></div><p>

290

The Samba-Team has maintained a constant default location for all Samba control files

291

throughout the life of the project. People who have produced binary packages of Samba

292

have varied the location of the Samba control files. This has led to some confusion

293

for network administrators.

294

</p><p>

295

295

296

The Samba 1.9.x <code class="filename">smb.conf</code> file may be found either in the <code class="filename">/etc</code>

297

directory or in <code class="filename">/usr/local/samba/lib</code>.

298

</p><p>

300

on Linux systems to the <code class="filename">/etc/samba</code> directory where it

301

remains located also for Samba 3.0.x installations.

302

</p><p>

303

303

304

Samba 2.x introduced the <code class="filename">secrets.tdb</code> file that is also stored in the

305

<code class="filename">/etc/samba</code> directory, or in the <code class="filename">/usr/local/samba/lib</code>

306

directory subsystem.

307

</p><p>

308

308

309

The location at which <code class="literal">smbd</code> expects to find all configuration and control

310

files is determined at the time of compilation of Samba. For versions of Samba prior to

311

3.0, one way to find the expected location of these files is to execute:

317

Note: The <code class="literal">smbd</code> executable may be located in the path

318

<code class="filename">/usr/local/samba/sbin</code>.

319

</p><p>

320

320

321

Samba-3 provides a neat new way to track the location of all control files as well as to

322

find the compile-time options used as the Samba package was built. Here is how the dark

323

secrets of the internals of the location of control files within Samba executables can

348

...

349

</pre><p>

350

</p><p>

351

351

352

It is important that both the <code class="filename">smb.conf</code> file and the <code class="filename">secrets.tdb</code>

353

be backed up before attempting any upgrade. The <code class="filename">secrets.tdb</code> file

354

is version-encoded, and therefore a newer version may not work with an older version

355

of Samba. A backup means that it is always possible to revert a failed or problematic

356

upgrade.

357

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599386"></a>International Language Support</h4></div></div></div><p>

358

359

360

361

357

</p></div><div class="sect3" title="International Language Support"><div class="titlepage"><div><div><h4 class="title"><a name="id2605445"></a>International Language Support</h4></div></div></div><p>

358

359

360

361

362

Samba-2.x had no support for Unicode; instead, all national language character-set support in file names

363

was done using particular locale codepage mapping techniques. Samba-3 supports Unicode in file names, thus

364

providing true internationalization support.

365

</p><p>

366

366

367

Non-English users whose national language character set has special characters and who upgrade naively will

368

find that many files that have the special characters in the file name will see them garbled and jumbled up.

369

This typically happens with umlauts and accents because these characters were particular to the codepage

370

that was in use with Samba-2.x using an 8-bit encoding scheme.

371

</p><p>

372

372

373

Files that are created with Samba-3 will use UTF-8 encoding. Should the file system ever end up with a

374

mix of codepage (unix charset)-encoded file names and UTF-8-encoded file names, the mess will take some

375

effort to set straight.

376

</p><p>

377

377

378

A very helpful tool is available from Bjorn Jacke's <a class="ulink" href="http://j3e.de/linux/convmv/" target="_top">convmv</a>

379

work. Convmv is a tool that can be used to convert file and directory names from one encoding method to

380

another. The most common use for this tool is to convert locale-encoded files to UTF-8 Unicode encoding.

381

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2599480"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>

381

</p></div><div class="sect3" title="Updates and Changes in Idealx smbldap-tools"><div class="titlepage"><div><div><h4 class="title"><a name="id2605539"></a>Updates and Changes in Idealx smbldap-tools</h4></div></div></div><p>

382

The smbldap-tools have been maturing rapidly over the past year. With maturation comes change.

383

The location of the <code class="filename">smbldap.conf</code> and the <code class="filename">smbldap_bind.conf</code>

384

configuration files have been moved from the directory <code class="filename">/etc/smbldap-tools</code> to

392

<code class="constant">sambaDomainName</code>. Anyone who updates from an older version to the

393

current release should note that the information stored under <code class="constant">NextFreeUnixId</code>

394

must now be relocated to the DIT object <code class="constant">sambaDomainName</code>.

395

</p></div></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2599552"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>

395

</p></div></div></div><div class="sect1" title="Upgrading from Samba 1.x and 2.x to Samba-3"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2605610"></a>Upgrading from Samba 1.x and 2.x to Samba-3</h2></div></div></div><p>

396

Sites that are being upgraded from Samba-2 (or earlier versions) to Samba-3

397

may experience little difficulty or may require a lot of effort, depending

398

on the complexity of the configuration. Samba-1.9.x upgrades to Samba-3 will

402

There are two basic modes of use of Samba versions prior to Samba-3. The first

403

does not use LDAP, the other does. Samba-1.9.x did not provide LDAP support.

404

Samba-2.x could be compiled with LDAP support.

405

</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sbeug2"></a>Samba 1.9.x and 2.x Versions Without LDAP</h3></div></div></div><p>

405

</p><div class="sect2" title="Samba 1.9.x and 2.x Versions Without LDAP"><div class="titlepage"><div><div><h3 class="title"><a name="sbeug2"></a>Samba 1.9.x and 2.x Versions Without LDAP</h3></div></div></div><p>

406

Where it is necessary to upgrade an old Samba installation to Samba-3,

407

the following procedure can be followed:

408

</p><div class="procedure"><a name="id2599590"></a><p class="title"><b>Procedure�8.1.�Upgrading from a Pre-Samba-3 Version</b></p><ol type="1"><li><p>

409

410

411

408

</p><div class="procedure" title="Procedure�8.1.�Upgrading from a Pre-Samba-3 Version"><a name="id2605648"></a><p class="title"><b>Procedure�8.1.�Upgrading from a Pre-Samba-3 Version</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>

409

410

411

412

Stop Samba. This can be done using the appropriate system tool

413

that is particular for each operating system or by executing the

414

<code class="literal">kill</code> command on <code class="literal">smbd</code>,

415

<code class="literal">nmbd</code>, and <code class="literal">winbindd</code>.

416

</p></li><li><p>

416

</p></li><li class="step" title="Step 2"><p>

417

Find the location of the Samba <code class="filename">smb.conf</code> file and back it up to a

418

safe location.

419

</p></li><li><p>

419

</p></li><li class="step" title="Step 3"><p>

420

Find the location of the <code class="filename">smbpasswd</code> file and

421

back it up to a safe location.

422

</p></li><li><p>

422

</p></li><li class="step" title="Step 4"><p>

423

Find the location of the <code class="filename">secrets.tdb</code> file and

424

back it up to a safe location.

425

</p></li><li><p>

426

427

428

429

425

</p></li><li class="step" title="Step 5"><p>

426

427

428

429

430

Find the location of the lock directory. This is the directory

431

in which Samba stores all its tdb control files. The default

432

location used by the Samba Team is in

436

Linux Standards Base specified location is now under the

437

<code class="filename">/var/lib/samba</code> directory. Copy all the

438

tdb files to a safe location.

439

</p></li><li><p>

440

439

</p></li><li class="step" title="Step 6"><p>

440

441

It is now safe to upgrade the Samba installation. On Linux systems

442

it is not necessary to remove the Samba RPMs because a simple

443

upgrade installation will automatically remove the old files.

446

it is advisable either to delete the Samba old installation or to

447

move it out of the way by renaming the directories that contain the

448

Samba binary files.

449

</p></li><li><p>

449

</p></li><li class="step" title="Step 7"><p>

450

When the Samba upgrade has been installed, the first step that should

451

be completed is to identify the new target locations for the control

452

files. Follow the steps shown in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">“Location of config files”</a> to locate

453

the correct directories to which each control file must be moved.

454

</p></li><li><p>

454

</p></li><li class="step" title="Step 8"><p>

455

Do not change the hostname.

456

</p></li><li><p>

456

</p></li><li class="step" title="Step 9"><p>

457

Do not change the workgroup name.

458

</p></li><li><p>

459

458

</p></li><li class="step" title="Step 10"><p>

459

460

Execute the <code class="literal">testparm</code> to validate the <code class="filename">smb.conf</code> file.

461

This process will flag any parameters that are no longer supported.

462

It will also flag configuration settings that may be in conflict.

468

<code class="prompt">root# </code> cd /etc/samba

469

<code class="prompt">root# </code> testparm -s smb.conf.master > smb.conf

470

</pre><p>

471

471

472

The resulting <code class="filename">smb.conf</code> file will be stripped of all comments

473

and of all nonconforming configuration settings.

474

</p></li><li><p>

475

474

</p></li><li class="step" title="Step 11"><p>

475

476

It is now safe to start Samba using the appropriate system tool.

477

Alternately, it is possible to just execute <code class="literal">nmbd</code>,

478

<code class="literal">smbd</code>, and <code class="literal">winbindd</code> for the command

479

line while logged in as the root user.

480

</p></li></ol></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2599920"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>

481

482

483

480

</p></li></ol></div></div><div class="sect2" title="Applicable to All Samba 2.x to Samba-3 Upgrades"><div class="titlepage"><div><div><h3 class="title"><a name="id2605979"></a>Applicable to All Samba 2.x to Samba-3 Upgrades</h3></div></div></div><p>

481

482

483

484

Samba 2.x servers that were running as a domain controller (PDC)

485

require changes to the configuration of the scripting interface

486

tools that Samba uses to perform OS updates for

487

users, groups, and trust accounts (machines and interdomain).

488

</p><p>

489

489

490

The following parameters are new to Samba-3 and should be correctly configured.

491

Please refer to <a class="link" href="secure.html" title="Chapter�3.�Secure Office Networking">“Secure Office Networking”</a> through <a class="link" href="2000users.html" title="Chapter�6.�A Distributed 2000-User Network">“A Distributed 2000-User Network”</a>

492

in this book for examples of use of the new parameters shown here:

493

494

495

496

497

498

499

500

</p><p>

501

</p><table class="simplelist" border="0" summary="Simple list"><tr><td><p>add group script</p></td></tr><tr><td><p>add machine script</p></td></tr><tr><td><p>add user to group script</p></td></tr><tr><td><p>delete group script</p></td></tr><tr><td><p>delete user from group script</p></td></tr><tr><td><p>passdb backend</p></td></tr><tr><td><p>set primary group script</p></td></tr></table><p>

502

</p><p>

503

504

493

494

495

496

497

498

499

500

</p><p>

501

</p><table border="0" summary="Simple list" class="simplelist"><tr><td><p>add group script</p></td></tr><tr><td><p>add machine script</p></td></tr><tr><td><p>add user to group script</p></td></tr><tr><td><p>delete group script</p></td></tr><tr><td><p>delete user from group script</p></td></tr><tr><td><p>passdb backend</p></td></tr><tr><td><p>set primary group script</p></td></tr></table><p>

502

</p><p>

503

504

505

The <em class="parameter"><code>add machine script</code></em> functionality was previously

506

handled by the <em class="parameter"><code>add user script</code></em>, which in Samba-3 is

507

used exclusively to add user accounts.

508

</p><p>

509

510

511

512

513

514

515

516

517

509

510

511

512

513

514

515

516

517

518

Where the <em class="parameter"><code>passdb backend</code></em> used is either <code class="constant">smbpasswd</code>

519

(the default) or the new <code class="constant">tdbsam</code>, the system interface scripts

520

are typically used. These involve use of OS tools such as <code class="literal">useradd</code>,

521

<code class="literal">usermod</code>, <code class="literal">userdel</code>, <code class="literal">groupadd</code>,

522

<code class="literal">groupmod</code>, <code class="literal">groupdel</code>, and so on.

523

</p><p>

524

525

526

524

525

526

527

Where the <em class="parameter"><code>passdb backend</code></em> makes use of an LDAP directory,

528

it is necessary either to use the <code class="constant">smbldap-tools</code> provided

529

by Idealx or to use an alternate toolset provided by a third

530

party or else home-crafted to manage the LDAP directory accounts.

531

</p></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600254"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>

531

</p></div><div class="sect2" title="Samba-2.x with LDAP Support"><div class="titlepage"><div><div><h3 class="title"><a name="id2606312"></a>Samba-2.x with LDAP Support</h3></div></div></div><p>

532

Samba version 2.x could be compiled for use either with or without LDAP.

533

The LDAP control settings in the <code class="filename">smb.conf</code> file in this old version are

534

completely different (and less complete) than they are with Samba-3. This

538

Follow the procedure outlined in <a class="link" href="upgrades.html#sbeug2" title="Samba 1.9.x and 2.x Versions Without LDAP">“Samba 1.9.x and 2.x Versions Without LDAP”</a> to affect a migration

539

of all files to the correct locations.

540

</p><p>

541

542

541

542

543

The Samba SAM schema required for Samba-3 is significantly different from that

544

used with Samba 2.x. This means that the LDAP directory must be updated

545

using the procedure outlined in the Samba WHATSNEW.txt file that accompanies

694

Due to a limitation in Samba's smb.conf parsing, you should not surround

695

the DN's with quotation marks.

696

</pre><p>

697

</p></div></div><div class="sect1" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2600436"></a>Updating a Samba-3 Installation</h2></div></div></div><p>

697

</p></div></div><div class="sect1" title="Updating a Samba-3 Installation"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="id2606494"></a>Updating a Samba-3 Installation</h2></div></div></div><p>

698

The key concern in this section is to deal with the changes that have been

699

affected in Samba-3 between the Samba-3.0.0 release and the current update.

700

Network administrators have expressed concerns over the steps that should be

701

taken to update Samba-3 versions.

702

</p><p>

703

703

704

The information in <a class="link" href="upgrades.html#sbeug1" title="Location of config files">“Location of config files”</a> would not be necessary if every

705

person who has ever produced Samba executable (binary) files could agree on

706

the preferred location of the <code class="filename">smb.conf</code> file and other Samba control files.

707

Clearly, such agreement is further away than a pipedream.

708

</p><p>

709

709

710

Vendors and packagers who produce Samba binary installable packages do not,

711

as a rule, use the default paths used by the Samba-Team for the location of

712

the binary files, the <code class="filename">smb.conf</code> file, and the Samba control files (tdb's

719

uninformed administrator deals with apparent failure of the update to take

720

effect.

721

</p><p>

722

722

723

The best advice for those lacking in code compilation experience is to use

724

only vendor (or Samba-Team) provided binary packages. The Samba packages

725

that are provided by the Samba-Team are generally built to use file paths

726

that are compatible with the original OS vendor's practices.

727

</p><p>

728

729

728

729

730

If you are not sure whether a binary package complies with the OS

731

vendor's practices, it is better to ask the package maintainer via

732

email than to waste much time dealing with the nuances.

733

Alternately, just diagnose the paths specified by the binary files following

734

the procedure outlined above.

735

</p><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600546"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>

735

</p><div class="sect2" title="Samba-3 to Samba-3 Updates on the Same Server"><div class="titlepage"><div><div><h3 class="title"><a name="id2606604"></a>Samba-3 to Samba-3 Updates on the Same Server</h3></div></div></div><p>

736

The guidance in this section deals with updates to an existing

737

Samba-3 server installation.

738

</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600557"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>

738

</p><div class="sect3" title="Updating from Samba Versions Earlier than 3.0.5"><div class="titlepage"><div><div><h4 class="title"><a name="id2606616"></a>Updating from Samba Versions Earlier than 3.0.5</h4></div></div></div><p>

739

With the provision that the binary Samba-3 package has been built

740

with the same path and feature settings as the existing Samba-3

741

package that is being updated, an update of Samba-3 versions 3.0.0

742

through 3.0.4 can be updated to 3.0.5 without loss of functionality

743

and without need to change either the <code class="filename">smb.conf</code> file or, where

744

used, the LDAP schema.

745

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600580"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>

746

747

745

</p></div><div class="sect3" title="Updating from Samba Versions between 3.0.6 and 3.0.10"><div class="titlepage"><div><div><h4 class="title"><a name="id2606638"></a>Updating from Samba Versions between 3.0.6 and 3.0.10</h4></div></div></div><p>

746

747

748

When updating versions of Samba-3 prior to 3.0.6 to 3.0.6 through 3.0.10,

749

it is necessary only to update the LDAP schema (where LDAP is used).

750

Always use the LDAP schema file that is shipped with the latest Samba-3

751

update.

752

</p><p>

753

754

755

753

754

755

756

Samba-3.0.6 introduced the ability to remember the last <span class="emphasis"><em>n</em></span> number

757

of passwords a user has used. This information will work only with

758

the <code class="constant">tdbsam</code> and <code class="constant">ldapsam</code>

759

<em class="parameter"><code>passdb backend</code></em> facilities.

760

</p><p>

761

After updating the LDAP schema, do not forget to re-index the LDAP database.

762

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600658"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>

763

762

</p></div><div class="sect3" title="Updating from Samba Versions after 3.0.6 to a Current Release"><div class="titlepage"><div><div><h4 class="title"><a name="id2606717"></a>Updating from Samba Versions after 3.0.6 to a Current Release</h4></div></div></div><p>

763

764

Samba-3.0.8 introduced changes in how the <em class="parameter"><code>username map</code></em>

765

behaves. It also included a change in behavior of <code class="literal">winbindd</code>.

766

Please refer to the man page for <code class="filename">smb.conf</code> before implementing any update

767

from versions prior to 3.0.8 to a current version.

768

</p><p>

769

769

770

In Samba-3.0.11 a new privileges interface was implemented. Please

771

refer to <a class="link" href="happy.html#sbehap-ppc" title="Addition of Machines to the Domain">“Addition of Machines to the Domain”</a> for information regarding this new

772

feature. It is not necessary to implement the privileges interface, but it

788

below the machine suffix. Previous Samba releases would fall

789

back to searching the 'ldap suffix' in some cases.

790

</pre><p>

791

</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2600749"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>

791

</p></div></div><div class="sect2" title="Migrating Samba-3 to a New Server"><div class="titlepage"><div><div><h3 class="title"><a name="id2606808"></a>Migrating Samba-3 to a New Server</h3></div></div></div><p>

792

The two most likely candidates for replacement of a server are

793

domain member servers and domain controllers. Each needs to be

794

handled slightly differently.

795

</p><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600761"></a>Replacing a Domain Member Server</h4></div></div></div><p>

796

795

</p><div class="sect3" title="Replacing a Domain Member Server"><div class="titlepage"><div><div><h4 class="title"><a name="id2606820"></a>Replacing a Domain Member Server</h4></div></div></div><p>

796

797

Replacement of a domain member server should be done

798

using the same procedure as outlined in <a class="link" href="unixclients.html" title="Chapter�7.�Adding Domain Member Servers and Clients">“Adding Domain Member Servers and Clients”</a>.

799

</p><p>

802

that the new server be renamed to that of the old server. This will

803

change its SID and will necessitate rejoining to the domain.

804

</p><p>

805

806

807

808

809

810

805

806

807

808

809

810

811

Following a change of hostname (NetBIOS name) it is a good idea on all servers

812

to shut down the Samba <code class="literal">smbd</code>, <code class="literal">nmbd</code>, and

813

<code class="literal">winbindd</code> services, delete the <code class="filename">wins.dat</code>

817

resolution problems. These problems usually clear within 45 minutes of a name

818

change, but can persist for a longer period of time.

819

</p><p>

820

821

822

823

820

821

822

823

824

If the old domain member server had local accounts, it is necessary to create

825

on the new domain member server the same accounts with the same UID and GID

826

for each account. Where the <em class="parameter"><code>passdb backend</code></em> database

831

<code class="filename">/etc/group</code> files. In this case, be sure to copy these

832

account entries to the new target server.

833

</p><p>

834

834

835

Where the user accounts for both UNIX and Samba are stored in LDAP, the new

836

target server must be configured to use the <code class="literal">nss_ldap</code> tool set.

837

This will automatically ensure that the appropriate user entities are

838

available on the new server.

839

</p></div><div class="sect3" lang="en"><div class="titlepage"><div><div><h4 class="title"><a name="id2600964"></a>Replacing a Domain Controller</h4></div></div></div><p>

840

839

</p></div><div class="sect3" title="Replacing a Domain Controller"><div class="titlepage"><div><div><h4 class="title"><a name="id2607022"></a>Replacing a Domain Controller</h4></div></div></div><p>

840

841

In the past, people who replaced a Windows NT4 domain controller typically

842

installed a new server, created printers and file shares on it, then migrate across

843

all data that was destined to reside on it. The same can of course be done with

847

have the intent to just replace the old Samba server with a new one with

848

the same name as the old one. In this case, simply follow the same process

849

as for upgrading a Samba 2.x system and do the following:

850

</p><div class="itemizedlist"><ul type="disc"><li><p>

850

</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>

851

Where UNIX (POSIX) user and group accounts are stored in the system

852

<code class="filename">/etc/passwd</code>, <code class="filename">/etc/shadow</code>, and

853

<code class="filename">/etc/group</code> files, be sure to add the same accounts

862

<code class="literal">slapadd</code> command. Do not forget to install and configure

863

the <code class="literal">nss_ldap</code> tool and the <code class="filename">/etc/nsswitch.conf</code>

864

(as shown in <a class="link" href="happy.html" title="Chapter�5.�Making Happy Users">“Making Happy Users”</a>).

865

</p></li><li><p>

865

</p></li><li class="listitem"><p>

866

Copy the <code class="filename">smb.conf</code> file from the old server to the new server into the correct

867

location as indicated previously in this chapter.

868

</p></li><li><p>

868

</p></li><li class="listitem"><p>

869

Copy the <code class="filename">secrets.tdb</code> file, the <code class="filename">smbpasswd</code>

870

file (if it is used), the <code class="filename">/etc/samba/passdb.tdb</code> file (only

871

used by the <code class="constant">tdbsam</code> backend), and all the tdb control files

872

from the old system to the correct location on the new system.

873

</p></li><li><p>

873

</p></li><li class="listitem"><p>

874

Before starting the Samba daemons, verify that the hostname of the new server

875

is identical to that of the old one. Note: The IP address can be different

876

from that of the old server.

877

</p></li><li><p>

877

</p></li><li class="listitem"><p>

878

Copy all files from the old server to the new server, taking precaution to

879

preserve all file ownership and permissions as well as any POSIX ACLs that

880

may have been created on the old server.

890

or the <em class="parameter"><code>netbios name</code></em> is set to the original server name, Samba

891

should correctly pick up the original SID and preserve all other settings. It is

892

sound advice to validate this before turning the system over to users.

893

</p></div></div><div class="sect2" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="id2601164"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>

893

</p></div></div><div class="sect2" title="Migration of Samba Accounts to Active Directory"><div class="titlepage"><div><div><h3 class="title"><a name="id2607222"></a>Migration of Samba Accounts to Active Directory</h3></div></div></div><p>

894

Yes, it works. The Windows ADMT tool can be used to migrate Samba accounts

895

to MS Active Directory. There are a few pitfalls to be aware of:

896

</p><div class="procedure"><a name="id2601176"></a><p class="title"><b>Procedure�8.2.�Migration to Active Directory</b></p><ol type="1"><li><p>

896

</p><div class="procedure" title="Procedure�8.2.�Migration to Active Directory"><a name="id2607234"></a><p class="title"><b>Procedure�8.2.�Migration to Active Directory</b></p><ol class="procedure" type="1"><li class="step" title="Step 1"><p>

897

Administrator password must be THE SAME on the Samba server,

898

the 2003 ADS, and the local Administrator account on the workstations.

899

Perhaps this goes without saying, but there needs to be an account

900

called <code class="constant">Administrator</code> in your Samba domain, with

901

full administrative (root) rights to that domain.

902

</p></li><li><p>

902

</p></li><li class="step" title="Step 2"><p>

903

In the Advanced/DNS section of the TCP/IP settings on your Windows

904

workstations, make sure the <em class="parameter"><code>DNS suffix for this

905

connection</code></em> field is blank.

906

</p></li><li><p>

906

</p></li><li class="step" title="Step 3"><p>

907

Because you are migrating from Samba, user passwords cannot be

908

migrated. You'll have to reset everyone's passwords. (If you were

909

migrating from NT4 to ADS, you could migrate passwords as well.)

910

</p><p>

911

To date this has not been attempted with roaming profile support;

912

it has been documented as working with local profiles.

913

</p></li><li><p>

913

</p></li><li class="step" title="Step 4"><p>

914

Disable the Windows Firewall on all workstations. Otherwise,

915

workstations won't be migrated to the new domain.

916

</p></li><li><p>

917

916

</p></li><li class="step" title="Step 5"><p>

917

918

When migrating machines, always test first (using ADMT's test mode)

919

and satisfy all errors before committing the migration. Note that the

920

test will always fail, because the machine will not have been actually

922

failure was due to a problem or simply to the fact that it was just

923

a test.

924

</p></li></ol></div><p>

925

925

926

There are some significant benefits of using the ADMT, besides just

927

migrating user accounts. ADMT can be found on the Windows 2003 CD.

928

</p><div class="itemizedlist"><ul type="disc"><li><p>

928

</p><div class="itemizedlist"><ul class="itemizedlist" type="disc"><li class="listitem"><p>

929

You can migrate workstations remotely. You can specify that SIDs

930

be simply added instead of replaced, giving you the option of joining a

931

workstation back to the old domain if something goes awry. The

932

workstations will be joined to the new domain.

933

</p></li><li><p>

933

</p></li><li class="listitem"><p>

934

Not only are user accounts migrated from the old domain to the new

935

domain, but ACLs on the workstations are migrated as well. Like SIDs,

936

ACLs can be added instead of replaced.

937

</p></li><li><p>

937

</p></li><li class="listitem"><p>

938

Locally stored user profiles on workstations are migrated as well,

939

presenting almost no disruption to the user. Saved passwords will be

940

lost, just as when you administratively reset the password in Windows ADS.

941

</p></li><li><p>

941

</p></li><li class="listitem"><p>

942

The ADMT lets you test all operations before actually performing the

943

migration. Accounts and workstations can be migrated individually or in

944

batches. User accounts can be safely migrated all at once (since no

Older »