Piers Kittel
2019-Feb-04 18:32 UTC
[Samba] Windows client still tries to connect to old AD after replacement
Thanks Rowland, OK, sorry about this... Note that the "Old AD" has some errors in their config files, but everything sort of work so I'm not going to fix those errors - my concern is obviously just the "New AD". I've not set up printing in the new AD yet as it doesn't work in the old one anyway, and that's a discussion in a future thread. Note "domain" is a replacement for the actual domain name. Nothing is internet facing, and shouldn't be apart from DNS (well, I hope!). --------------------------------------------------------------------- Old AD Name - ad.domain.intranet IP - 192.168.0.17 Operating System: Debian GNU/Linux 9 (stretch) Kernel: Linux 4.9.0-8-amd64 Samba version: 4.5.12-Debian /etc/hostname: ad /etc/hosts: 127.0.0.1 localhost 192.168.0.17 ad.domain.intranet ad 192.168.0.21 domain-ad.domain.intranet domain-ad # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters /etc/resolv.conf: domain Hitronhub.home search Hitronhub.home nameserver 192.168.0.1 /etc/krb5.conf [libdefaults] default_realm = DOMAIN.INTRANET dns_lookup_realm = false dns_lookup_kdc = true /etc/samba/smb.conf # Global parameters [global] netbios name = AD realm = DOMAIN.INTRANET workgroup = DOMAIN dns forwarder = 192.168.0.1 server role = active directory domain controller rpc_server:spoolss = external rpc_daemon:spoolssd = fork printing = CUPS spoolss: architecture = Windows x64 [netlogon] path = /var/lib/samba/sysvol/cfd.intranet/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [Profiles] path = /home/samba/Profiles read only = no veto files = /*sync*/ [users] path = /home/samba/users read only = no [printers] path = /var/spool/samba printable = yes [print$] path = /srv/samba/printer_drivers/ read only = no --------------------------------------------------------------------- New AD Name - domain-ad.domain.intranet IP - 192.168.0.11 Operating System: Debian GNU/Linux 9 (stretch) Kernel: Linux 4.9.0-8-amd64 Samba version: 4.5.12-Debian /etc/hostname: domain-ad /etc/hosts: 127.0.0.1 localhost 192.168.0.11 domain-ad.domain.intranet domain-ad # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters /etc/resolv.conf domain domain.intranet search domain-ad.domain.intranet nameserver 192.168.0.11 /etc/krb5.conf [libdefaults] default_realm = DOMAIN.INTRANET dns_lookup_realm = false dns_lookup_kdc = true /etc/samba/smb.conf # Global parameters [global] netbios name = DOMAIN-AD realm = DOMAIN.INTRANET workgroup = DOMAIN dns forwarder = 192.168.0.1 server role = active directory domain controller vfs objects = acl_xattr map acl inherit = yes store dos attributes = yes [netlogon] path = /var/lib/samba/sysvol/domain.intranet/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No [Profiles] path = /home/samba/Profiles read only = no veto files = /*sync*/ [users] path = /home/samba/users read only = no --------------------------------------------------------------------- > I see that they are both subdomains of the 'domain.intranet' dns > domain, but have you used a new workgroup name for the new AD domain ? Wasn't aware workgroups were used? The workgroup is blanked out in the "Computer Name\Domain Changes" box? > Have your clients left the old domain and joined the new domain ? Yes - I just used one client - disconnected it from the old domain, joined the workgroup "WORKGROUP", changed the DNS settings as per the how-to page here: https://wiki.samba.org/index.php/Windows_DNS_Configuration so it points to 192.168.0.11. Then I turned off the old server and rebooted the test client, connected it to the new AD server, and then followed the following how-to pages here to point them all to the new server: https://wiki.samba.org/index.php/User_Home_Folders https://wiki.samba.org/index.php/Roaming_Windows_User_Profiles but I get the issues I spoke about earlier. I'm sure I'm missing something. Many thanks again for your time! With kind regards - Piers
Rowland Penny
2019-Feb-04 19:10 UTC
[Samba] Windows client still tries to connect to old AD after replacement
See inline comments: On Mon, 4 Feb 2019 18:32:49 +0000 Piers Kittel via samba <samba at lists.samba.org> wrote:> Thanks Rowland, > > OK, sorry about this... > > Note that the "Old AD" has some errors in their config files, but > everything sort of work so I'm not going to fix those errors - my > concern is obviously just the "New AD". I've not set up printing in > the new AD yet as it doesn't work in the old one anyway, and that's a > discussion in a future thread. Note "domain" is a replacement for > the actual domain name. Nothing is internet facing, and shouldn't be > apart from DNS (well, I hope!). > > --------------------------------------------------------------------- > Old AD > > Name - ad.domain.intranet > IP - 192.168.0.17 > Operating System: Debian GNU/Linux 9 (stretch) > Kernel: Linux 4.9.0-8-amd64 > Samba version: 4.5.12-Debian > > /etc/hostname: > ad > > /etc/hosts: > 127.0.0.1 localhost > 192.168.0.17 ad.domain.intranet ad > 192.168.0.21 domain-ad.domain.intranet domain-adRemove the line above, this is the old AD domain and shouldn't have anything pointing to the new one.> > /etc/resolv.conf: > domain Hitronhub.home > search Hitronhub.home > nameserver 192.168.0.1This is a DC, it should be pointing to itself as a nameserver.> > /etc/samba/smb.conf > # Global parameters > [global] > netbios name = AD > realm = DOMAIN.INTRANET > workgroup = DOMAINWhat did you say about workgroups ? I do hope that 'DOMAIN' in the above line isn't the same as on the new AD DC.> dns forwarder = 192.168.0.1 > server role = active directory domain controller > rpc_server:spoolss = external > rpc_daemon:spoolssd = fork > printing = CUPS > spoolss: architecture = Windows x64 > > --------------------------------------------------------------------- > New AD > > Name - domain-ad.domain.intranet > IP - 192.168.0.11 > Operating System: Debian GNU/Linux 9 (stretch) > Kernel: Linux 4.9.0-8-amd64 > Samba version: 4.5.12-Debian > > /etc/hostname: > domain-ad > > /etc/hosts: > 127.0.0.1 localhost > 192.168.0.11 domain-ad.domain.intranet domain-ad > > # The following lines are desirable for IPv6 capable hosts > > /etc/resolv.conf > > domain domain.intranet > search domain-ad.domain.intranet > nameserver 192.168.0.11Hmm, that looks like you are trying to search the DC hostname instead of the dns domain name, remove 'domain-ad' from the search line. This does of course raise another problem, even though you claim you have set up a new domain, you haven't. Both your DC's use the same ip range, dns domain and presumably, the same workgroup name.> > /etc/samba/smb.conf > # Global parameters > [global] > netbios name = DOMAIN-AD > realm = DOMAIN.INTRANET > workgroup = DOMAIN > dns forwarder = 192.168.0.1 > server role = active directory domain controller > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > [netlogon] > path = /var/lib/samba/sysvol/domain.intranet/scripts > read only = No > [sysvol] > path = /var/lib/samba/sysvol > read only = No > [Profiles] > path = /home/samba/Profiles > read only = no > veto files = /*sync*/ > [users] > path = /home/samba/users > read only = no > > --------------------------------------------------------------------- > > I see that they are both subdomains of the 'domain.intranet' dns > > domain, but have you used a new workgroup name for the new AD > > domain ? > > Wasn't aware workgroups were used? The workgroup is blanked out in > the "Computer Name\Domain Changes" box?It might be, but they are still used Rowland
Seemingly Similar Threads
- Windows client still tries to connect to old AD after replacement
- Windows client still tries to connect to old AD after replacement
- Replication problem when adding new DC member
- Fwd: Dynamic DNS Updates not working. samba_dnsupdate : (sambalist: message 3 of 20) RuntimeError: (sambalist: to exclusive) kinit for [DC@Realm] failed (Cannot contact any KDC for requested realm)
- Debian Jessie AD DC w. BIND9 : DNS update fails for debian squeezy member server