samba - Jun 2022 - Migration 3.5 to 4.x, realm identical to domain

In order to comply with the recommendations, I thought of renaming the
domain with my external domain (mondomaine.fr) and adding a prefix for
the AD domain.

Currently the Samba 3 domain is: dom.mondomain
TLD after migration: mondomaine.fr
Realm: nomrue205.mondomaine.fr
AD domain: nomrue205

Can I do this through a classic update?



Le mardi 31 mai 2022 ? 14:26 +0100, Rowland Penny via samba a
?crit?:
> On Tue, 2022-05-31 at 10:00 +0200, Philippe Maladjian via samba
> wrote:
> > Hi there,
> > 
> > I am performing tests to migrate an old domain controller from
> > Samba
> > 3.5 + ldap + bind to Samba branch 4 to simulate an AD and I find
> > myself
> > facing a problem with the domain name.
> > 
> > The current domain name is DOM.MONDOMAIN and according to the docs
> > that
> > I read and test carried out, I cannot have an identical NDD and
> > realm.
> 
> I take it that 'DOM.MONODOMAIN' is a very bad Netbios domain name
> (aka
> workgroup), if so then you are going to have to change it. I would do
> this before the upgrade. I suggest you read this:
> 
>
https://wiki.samba.org/index.php/Migrating_a_Samba_NT4_Domain_to_Samba_AD_(Classic_Upgrade)
> 
> Rowland
> 
> 
>

On Tue, 2022-05-31 at 16:17 +0200, Philippe Maladjian via samba
wrote:
> In order to comply with the recommendations, I thought of renaming
> the
> domain with my external domain (mondomaine.fr) and adding a prefix
> for
> the AD domain.
> 
> Currently the Samba 3 domain is: dom.mondomain
> TLD after migration: mondomaine.fr
No, the TLD would be 'fr'. 'TLD' is short for 'Top Level
Domain'
> Realm: nomrue205.mondomaine.fr
No, that would be the dns domain name, the realm is that in uppercase
'NOMRUE205.MONODOMAINE.FR'
> AD domain: nomrue205
No, that would be the Netbios domain name (aka workgroup)

Sorry to be a bit pedantic about this, but it saves problems in the
long term :-)
> 
> Can I do this through a classic update?
Again, no, you need to do all this before the classic upgrade, which is
one of the reasons we suggest doing a trial upgrade before doing it for
real, you find all the problems before destroying your production
domain.

Rowland

Le mardi 31 mai 2022 ? 16:45 +0100, Rowland Penny via samba a
?crit?:
> On Tue, 2022-05-31 at 16:17 +0200, Philippe Maladjian via samba
> wrote:
> > In order to comply with the recommendations, I thought of renaming
> > the
> > domain with my external domain (mondomaine.fr) and adding a prefix
> > for
> > the AD domain.
> > 
> > Currently the Samba 3 domain is: dom.mondomain
> > TLD after migration: mondomaine.fr
> 
> No, the TLD would be 'fr'. 'TLD' is short for 'Top
Level Domain'
> 
> > Realm: nomrue205.mondomaine.fr
> 
> No, that would be the dns domain name, the realm is that in uppercase
> 'NOMRUE205.MONODOMAINE.FR'
> 
> > AD domain: nomrue205
> 
> No, that would be the Netbios domain name (aka workgroup)
> 
> Sorry to be a bit pedantic about this, but it saves problems in the
> long term :-)
No problem, these are notions that I don't necessarily master well so I
have no problem being taken up on the subject ;)
> 
> > 
> > Can I do this through a classic update?
> 
> Again, no, you need to do all this before the classic upgrade, which
> is
> one of the reasons we suggest doing a trial upgrade before doing it
> for
> real, you find all the problems before destroying your production
> domain.
That's exactly what I do. I copied the VM from my samba 3.5 and created
a VM of a user station, all placed in a dedicated network that does not
communicate with the prod network. After adding the VM pc to the domain
at 3.5 test, I make several connection/disconnection attempts to make
sure that the rights management works correctly.

To perform the migration by changing the domain name I should follow
this procedure:
- take the test pc out of the domain;
- stop samba;
- change the workgroup name in smb.conf;
- modify LDAP data by replacing the old domain (dom.mondomain) with the
new one (nomrue205);
- restart samba;
- reintegrate the test pc.

Won't I encounter a problem with user and machine SIDs?
> 
> Rowland
> 
Philippe.
> 
>