Knowledgebase:
Samba - How to upgrade Samba-3.22 to Samba3x on CentOS 5
Posted by rbTech Staff, Last modified by rbTech Staff on 10 May 2013 10:34 AM

We've done this somewhere around 100 times, and I'm just now getting around to writing the steps down!  Better late than never I suppose.

First off, Why upgrade Samba-3.22 to the RPMforge Samba3x version?  Windows 7 (or Windows 8).  The 'stock' versions of Samba only support up to Windows XP for domain members.  Samba3x allows newer computers to be joined to the domain.  And since it's rather difficult to find new computers running Windows XP these days, your hand is somewhat forced to perform this upgrade.

The steps below need to be followed exactly, because Samba3x keeps it's information in different places than Samba3-22 did.  With minor tweaks, this information can be used to migrate any older Samba to current versions that support Win7 or 8.

Ok, here we go:

First, check your groupmaps:

# net groupmap list

MAKE SURE YOU COPY THIS INFO somewhere for future reference, you WILL NEED IT!

Next, back up your existing Samba installation:

# tar cvf /path/to/archive.tgz /etc/samba /var/cache/samba

Take a deep breath.  Now, shut down Samba, and remove your existing Samba rpms:

# /etc/init.d/smb stop

# rpm -qa | grep samba  <- VERIFY the packages that will be removed BEFORE you run the next step!!!!  system-config-samba usually will not work with Samba3x, so I generally remove it.

# rpm -e $(rpm -qa | grep samba)

Install Samba3x from Repoforge:

# yum install samba3x samba3x-client

Begin 'moving in' to the new Samba installation:

  • The removal of the old version of Samba almost certainly copied your /etc/samba/smb.conf to /etc/samba.conf.rpmsave.  Copy it back:
    • # cp /etc/samba/smb.conf.rpmsave /etc/samba/smb.conf
    • Check your user and machine accounts:
    • # pdbedit -Lv
    • Look for missing or wrong entries - this is a CRITICAL step - if your user and machine accounts are screwed up, you're going to have a Bad Time!!!
  • Check your passdb-backend, you really shouldn't be using smbpasswd anymore.  If you are, you'll want to migrate that to tdbsam:
    • Change the passdb-backend in /etc/samba/smb.conf to tdbsam.
    • run pdbedit -i smbpasswd:/etc/samba/smbpasswd (<- or wherever your smbpasswd file lived, this is 'standard' for CentOS5)
    • Confirm that you have user and machine accounts:
    • # pdbedit -Lv
    • See above about warnings and missing entries!!!  You'll really hate yourself if you unleash your users on a screwed up Samba installation, and you WILL spend the next several days playing whack-a-mole with machines that have lost their domain credentials and other hateful issues.

Move your tdb and dat files: (here's a definitive list from the Samba folks of which of these files should be preserved/ copied)

# cp -a /var/cache/samba/account_policy.tdb /var/lib/samba
# cp -a /var/cache/samba/group_mapping.tdb /var/lib/samba
# cp -a /var/cache/samba/netsamlogon_cache /var/lib/samba
# cp -a /var/cache/samba/ntdrivers.tdb /var/lib/samba
# cp -a /var/cache/samba/ntforms.tdb /var/lib/samba
# cp -a /var/cache/samba/ntprinters.tdb /var/lib/samba
# cp -a /var/cache/samba/registry.tdb /var/lib/samba 
# cp -a /var/cache/samba/share_info.tdb /var/lib/samba 
# cp -a /var/cache/samba/winbindd_idmap.tdb /var/lib/samba 
# cp -a /var/cache/samba/wins.tdb /var/lib/samba 
# cp -a /var/cache/samba/schannel_store.tdb /var/lib/samba
# cp -a /var/cache/samba/private/secrets.tdb /var/lib/samba/private
# cp -a /var/cache/samba/private/passdb.tdb /var/lib/samba/private

Ensure once more that your user accounts are populated, and run a testparm to check for any old entries in your smb.conf that are not compatible with Samba3x (there will likely be a few).  Addressing the myriad issues that you may encounter is outside the scope of this article, but the Google will likely be able to help :)

Take a deep breath, and start the samba services (a key thing to be aware of, Samba3x splits smbd and nmbd into separate init scripts, you need to start, and enable both at startup:

# /etc/init.d/smb start; /etc/init.d/nmb start; chkconfig smb on; chkconfig nmb on

Check your groupmappings:  The SID ABSOLUTELY MUST MATCH THE PREVIOUS VALUES!!!

# net groupmap list

Assuming that you've got valid accounts and your group mappings match, take another deep breath and go to a workstation and see if everything is working as it should.

Best of luck!

(1 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).