To connect Windows 7 to our shiny samba server, we need to upgrade at least to samba version 3.3. At backports.org we can find samba version 3.4 (amd64) ready to install. But how to upgrade 3.2?

Here's what to do:

echo "deb http://www.backports.org/debian lenny-backports main contrib non-free" >> /etc/apt/sources.list
apt-get update
apt-get install debian-backports-keyring
aptitude -t lenny-backports install libwbclient0 samba-common samba-doc smbclient smbfs swat winbind \
libsmbclient samba-common-bin samba-tools
 
#not all of the packages above are always needed - minimal list is:
 
aptitude -t lenny-backports install samba libwbclient0 samba-common smbclient samba-common-bin

Steps you should take a look at if you're going to update:

• First of all: RTFM!
• Check http://samba.org/samba/docs/man/Samba-Guide/upgrades.html#id332913
• Charset: apt-get install convmv to convert filenames to utf-8
• Take a close look at winbind

# convert from cp850 to utf-8 in current directory
# shows what will be done without actually doing it ;-)
 
convmv -f cp850 -t utf-8 *

Moving from Samba 2.2.12 (build from source) to Samba 3.0.24 (Debian Etch). We're going to upgrade the hardware as well.

What to do on the old (Samba 2) host:
Backup all the needed files.

#!/bin/bash

SMBDIR=/usr/local/samba
DESTDIR=~/smb-bkup

#---------------------------------------------

if [ ! -d $DESTDIR ]; then
  mkdir $DESTDIR
fi

# backup SID
smbpasswd -X your_domain > $DESTDIR/domain.sid

cp -a $SMBDIR/lib/smb.conf $DESTDIR
cp -a $SMBDIR/private/smbpasswd $DESTDIR
cp -a $SMBDIR/private/secrets.tdb $DESTDIR

if [ ! -d $DESTDIR/locks ]; then
  mkdir $DESTDIR/locks
fi

cp -a $SMBDIR/var/locks/*.tdb $DESTDIR/locks

Copy the files to the destination host.

I wrote a small perl script to extract the relavant UID/GIDs that allowed me to recreate the UID/GIDs on the new system. Make sure /root/smb-upgrade/ exists.

#!/usr/bin/perl -w
#
# 2007-03-12/TB
#
use strict;
use Text::CSV_XS;
 
my $csv = Text::CSV_XS->new();
my $line = "-" x 50 . "\n";
 
print "Extracting users and groups > 1000 and <  65534\n";
print $line;
 
if (! open PASSWD, "/etc/passwd") {
  die "kann /etc/passwd nicht oeffnen!";
}
 
if (! open GROUP, "/etc/group") {
  die "kann /etc/group nicht oeffnen!";
}
 
if (! open ACCOUT, ">/root/smb-upgrade/account.out" ) {
  die "kann account.out nicht oeffnen! $!";
}
 
if (! open GRPOUT, ">/root/smb-upgrade/group.out" ) {
  die "kann group.out nicht oeffnen! $!";
}
 
my (@felder,@grpmember);
 
print ACCOUT "#!/bin/bash\n";
print GRPOUT "#!/bin/bash\n";
 
while (<PASSWD>) {
  chomp(@felder = split /:/, $_);
  if ($felder[2] > 1000 && $felder[2] < 65534 ) {
    print ACCOUT "useradd -u $felder[2] -g $felder[3] -s $felder[6] -d $felder[5]  $felder[0]\n";
  }
}
 
close PASSWD;
print ACCOUT "# " . $line;
 
while (<GROUP>) {
  @felder = split /:/, $_;
  if ($felder[2] > 1000 && $felder[2] < 65534 ) {
    print GRPOUT "groupadd -g $felder[2] $felder[0]\n";
 
    my $status = $csv->parse($felder[3]);
    @grpmember = $csv->fields();
    if ( scalar @grpmember > 0 ) {
      foreach ( @grpmember ) {
        print ACCOUT "gpasswd -a $_ $felder[0]\n";
      }
    }
    print ACCOUT "# " . $line;
  }
}
 
close GROUP;
close ACCOUT;
close GRPOUT;

The script above creates two (bash)scripts you can execute on the new host to create users and groups as needed.

What to do on the new (Samba 3 host:
Find the locations of the various files:

smbd -b | less
# Output:
 
Build environment:
   Built by:    vorlon@borges
   Built on:    Mon Feb  5 20:38:21 PST 2007
   Built using: gcc
   Build host:  Linux borges 2.6.18-3-amd64 #1 SMP Sun Dec 10 19:57:44 CET 2006 i686 GNU/Linux
   SRCDIR:      /home/devel/samba/samba-3.0.24/source
   BUILDDIR:    /home/devel/samba/samba-3.0.24/source
 
Paths:
   SBINDIR: /usr/sbin
   BINDIR: /usr/bin
   SWATDIR: /usr/share/samba/swat
   CONFIGFILE: /etc/samba/smb.conf
   LOGFILEBASE: /var/log/samba
   LMHOSTSFILE: /etc/samba/lmhosts
   LIBDIR: /usr/lib/samba
   SHLIBEXT: so
   LOCKDIR: /var/run/samba
   PIDDIR: /var/run/samba
   SMB_PASSWD_FILE: /etc/samba/smbpasswd
   PRIVATE_DIR: /etc/samba

Copy the files from the old server in place.

IMPORTANT: do not change the hostname nor the domainname!

Check your smb.conf

cd /etc/samba
testparm -s smb.conf.master > smb.conf

The following parameters are new to Samba-3 and should be correctly configured.

add group script
add machine script
add user to group script
delete group script
delete user from group script
passdb backend
set primary group script

Assure your system users and groups (/etc/passwd and /etc/group) are migrated to new host now.

Start your smbd and nmbd. Now it's time to map your unix groups to Windows groups. The following example is taken from the samba3-HOWTO an should give you an idea what to do:

#!/bin/bash
 
net groupmap add ntgroup="Domain Admins" unixgroup=ntadmin rid=512 type=d
net groupmap add ntgroup="Domain Users" unixgroup=users rid=513 type=d
net groupmap add ntgroup="Domain Guests" unixgroup=nobody rid=514 type=d
 
net groupmap add ntgroup="Orks"   unixgroup=Orks   type=d
net groupmap add ntgroup="Elves"  unixgroup=Elves  type=d
net groupmap add ntgroup="Gnomes" unixgroup=Gnomes type=d

Verify your mappings:

net groupmap list

To migrate from the smbpasswd database format to the new tdbsam format, make the following change to your smb.conf configuration file in the [global] section:

passdb backend = tdbsam:/var/lib/samba/passdb.tdb smbpasswd:/etc/samba/smbpasswd 

Use spaces to indicate the two different password backends, do no use commas as some documents suggest. Make sure to restart Samba and run:

pdbedit -i smbpasswd -e tdbsam

Then modify your smb.conf file so that the entry reads:

passdb backend = tdbsam:/var/lib/samba/passdb.tdb

Make sure to restart Samba for the new settings to take effect.