Hi Andrew,
I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. I
have the following
Just to clarify, sam3DC is the current DC with samba 3.6.3
smb.conf
[global]
workgroup = STEST
netbios name = Sam4DC
password server = Sam3DC (This is the current DC)
security = user
resolv.conf
nameserver = 192.168.10.1 (IP of Sam3DC)
I can ping the sam3dc from the sam4dc box using fqdn.
When I try to join sam4dc into stest domain I get:
net rpc join -U dadmin
cannot join as standalone machine
If I add the server role = member server , I get the same error message.
If I add the security = domain , it asks me DO you really want to join an
Active Directory Domain. If I put the password in, I get smb_signing_good:
BAD SIG : seq 1
Do I copy the smb.conf file from sam3dc and change the bit about domain
master = no ? Or do I have join the machine to the domain as DC using
server role = DC in smb.conf?
Thank you
RT
On Tue, Feb 20, 2018 at 8:29 PM, Rob Thoman <emailthomasrob at gmail.com>
wrote:
> Hi Andrew,
> Thank you for that. So it doesn't matter if I have TDB as my DB? Also,
how
> do I replicate the data? Copy and paste ? /vat/lib/samba ,/private , passwd
> and group files?
>
> On Tue, Feb 20, 2018 at 8:02 PM, Andrew Bartlett <abartlet at
samba.org>
> wrote:
>
>> On Tue, 2018-02-20 at 18:11 +1000, Rob Thoman via samba wrote:
>> > Hi Guys,
>> > Have not had any feedback on this. I found the following article
but not
>> > sure if it is valid
>> >
>> > Here is what we are planning, high level
>> > Phase1:
>> >
>> > - Add a new Samba 4 server (VM in a new hardware). Join it to the
>> existing
>> > domain
>> > - Promote this server as DC in the Samba 3 environment ,
>> > - Migrate the DNS, DHCP from Samba 3 to Samba 4 server
>> > - Demote the old Samba box as Domain Controller, leave the Shares
in the
>> > old server
>> >
>> > Phase2:
>> > - Take a copy of the new samba DC VM and test NT4 to AD migration
using
>> the
>> > classic upgrade
>> >
>> > The urgency is do get Phase1 done but Phase2 is approved.
>> >
>> > What we would like to know if conceptually the above makes sense
and is
>> > doable? The bit we are not very sure about is Adding the BDC and
>> demoting
>> > the PDC. Any suggestions will be appreciated.
>>
>> Sounds good to me. For the Samba 'classic/nt4-like' mode just
removing
>> the 'domain master = no' makes it a PDC. You can even have
multiple
>> PDCs as long as they can't see each other over netbios, the
protocol is
>> so simple it doesn't really matter (unlike AD).
>>
>> Andrew Bartlett
>>
>> > Thank you.
>> >
>> > RT
>> --
>> Andrew Bartlett http://samba.org/~abartlet/
>> Authentication Developer, Samba Team http://samba.org
>> Samba Developer, Catalyst IT http://catalyst.net.nz/service
>> s/samba
>>
>>
>
On Wed, 2018-02-21 at 15:06 +1000, Rob Thoman wrote:> Hi Andrew, > > I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. I have the following > > Just to clarify, sam3DC is the current DC with samba 3.6.3 > > smb.conf > > [global] > workgroup = STEST > netbios name = Sam4DC > password server = Sam3DC (This is the current DC) > security = user > > resolv.conf > nameserver = 192.168.10.1 (IP of Sam3DC) > > I can ping the sam3dc from the sam4dc box using fqdn. > > When I try to join sam4dc into stest domain I get: > net rpc join -U dadmin > cannot join as standalone machine > > If I add the server role = member server , I get the same error message. > If I add the security = domain , it asks me DO you really want to join an Active Directory Domain. If I put the password in, I get smb_signing_good: BAD SIG : seq 1 > > Do I copy the smb.conf file from sam3dc and change the bit about domain master = no ? Or do I have join the machine to the domain as DC using server role = DC in smb.conf?If you are trying to change which machine is the DC of the old 'classic' domain, then just move the files and turn off the old server. You can't join the BDC to the domain in the way you would with Active Directory, as we don't have any replication support in the classic DC. Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Hi Andrew, I can't shutdown the old samba box as it will still be hosting the shares. Can I do any of the following? Would it make sense for me to migrate the backend to LDAP ? Or following your first comment, can I setup rysnc every 5 minutes to replicate data. You're right it is a migration path but I can't migrate until this works in the test environment Thank you RT On Wed, Feb 21, 2018 at 4:04 PM, Andrew Bartlett <abartlet at samba.org> wrote:> On Wed, 2018-02-21 at 15:06 +1000, Rob Thoman wrote: > > Hi Andrew, > > > > I've setup a new Samba 4 box (sam4dc) on Ubuntu 14.04 with Samba 4.3.11. > I have the following > > > > Just to clarify, sam3DC is the current DC with samba 3.6.3 > > > > smb.conf > > > > [global] > > workgroup = STEST > > netbios name = Sam4DC > > password server = Sam3DC (This is the current DC) > > security = user > > > > resolv.conf > > nameserver = 192.168.10.1 (IP of Sam3DC) > > > > I can ping the sam3dc from the sam4dc box using fqdn. > > > > When I try to join sam4dc into stest domain I get: > > net rpc join -U dadmin > > cannot join as standalone machine > > > > If I add the server role = member server , I get the same error message. > > If I add the security = domain , it asks me DO you really want to join > an Active Directory Domain. If I put the password in, I get > smb_signing_good: BAD SIG : seq 1 > > > > Do I copy the smb.conf file from sam3dc and change the bit about domain > master = no ? Or do I have join the machine to the domain as DC using > server role = DC in smb.conf? > > If you are trying to change which machine is the DC of the old > 'classic' domain, then just move the files and turn off the old server. > You can't join the BDC to the domain in the way you would with Active > Directory, as we don't have any replication support in the classic DC. > > Andrew Bartlett > -- > Andrew Bartlett http://samba.org/~abartlet/ > Authentication Developer, Samba Team http://samba.org > Samba Developer, Catalyst IT http://catalyst.net.nz/ > services/samba > >