Upgrade a Samba member server on Debian, ensuring minimal downtime and user disruption.

System Setup:

• Install and prepare your system for Samba.
• Hostname Configuration: Ensure the new server has the same hostname as the old server to maintain consistency in the network.

Network Configuration:

• IP Address: Assign a static IP address to the new server. It doesn't need to match the old server's IP. If you require same IP address, initially use a temporary IP for data transfer and config.
• DNS Settings: Configure DNS to point to your DCs.

Install Required Packages:

• Install required packages for a member server.
• Follow instruction to configure a member server, up to and including “ Configure the Name Service Switch”. Do not configure samba or smb.conf at this point. Configuration will be copied from old server later.

Initial Sync: While the old server is operational, perform an initial data synchronization from the ols server to the new server:

rsync -AXav --progress /path/to/shares/ new-server:/path/to/shares/

• -A Preserve ACLs
• -X Preserve extended attributes
• -a Archive mode (preserves permissions, timestamps, etc.)
• -v Verbose output (optional)

Configuration Sync: Transfer the Samba configuration file:

rsync -AXav /etc/samba/smb.conf new-server-ip:/etc/samba/smb.conf

If share(s) location are different in new server, adjust shares paths and details as required in smb.conf accordingly.

Announce Downtime: Notify users about the planned downtime for the transition. At the agreed time, leave the domain and shut down the old server’s Samba services. It is recommended to ask users to shut down their computers so that they boot later with a new Kerberos ticket, avoiding connection issues. See “Test Share Accessibility” below.

net ads leave -U Administrator 
systemctl stop smb
systemctl stop winbind
systemctl disable smb
systemctl disable winbind

DNS A record check: If the new server has a different IP address, remove the old DNS A record from the AD, as this can not be done automatically.

Perform Final Sync: Sync any changes made since the last sync:

rsync -AXav --delete /path/to/shares/ new-server-ip:/path/to/shares/

Update old server's IP address and / or power down:

If the new server needs to use the same IP as the old one, either swap the IP addresses now or power down the old server and assign the IP to the new server. Do not power on the old server again, as this will cause an IP address conflict.

Also, if the network card predictable name has changed from old to new server - most probably -, review “Get info on your network card “predictable” name” here and update smb.conf accordingly.

Start Services on New Server: On the new server, start Samba services, and join domain:

systemctl enable smb
systemctl enable winbind
systemctl start smb 
systemctl enable winbind
net ads join -U Administrator 

Reboot: A reboot is recommended now.

Verify Domain Membership: Check that the new server is properly joined to the domain:

net ads testjoin

Test Share Accessibility:

Beware clients authenticating via Kerberos with an existing service ticket for the old server will not be able to authenticate to the new server using that ticket. This requires manual intervention on the client side—either by manually clearing the Kerberos credential cache or rebooting, which achieves the same result.

From a client machine, attempt to access the shared resources to confirm functionality.

If everything goes well, users will likely not notice any changes. According to Rowland Penny’s comment, the only way anything might be noticed is if a search involves the computer’s SID. Even though everything remains the same, leaving and rejoining the domain will cause the computer to be treated as a new machine with a new SID.

Caponato's Samba notebook. Start here or else Main menu