Rowland Penny
2022-Jun-01 09:08 UTC
[Samba] Migration 3.5 to 4.x, realm identical to domain
On Wed, 2022-06-01 at 11:01 +0200, Philippe Maladjian wrote:> Le mercredi 01 juin 2022 ? 09:29 +0100, Rowland Penny via samba a > ?crit : > > On Wed, 2022-06-01 at 08:59 +0200, Philippe Maladjian wrote: > > > That's exactly what I do. I copied the VM from my samba 3.5 and > > > created a VM of a user station, all placed in a dedicated network > > > that does not communicate with the prod network. After adding the > > > VM > > > pc to the domain at 3.5 test, I make several > > > connection/disconnection > > > attempts to make sure that the rights management works correctly. > > > > > > To perform the migration by changing the domain name I should > > > follow > > > this procedure: > > > - take the test pc out of the domain; > > > > If by 'pc' you mean the Samba PDC, then yes, but I would 'clone' it > > and > > then place this on a separate subnet that isn't connected to your > > production network. > > No 'pc' is a Windows user station that I cloned by a p2v to my test > network.You need to clone your Samba PDC, this is what holds your users & groups in ldap. Rowland
Philippe Maladjian
2022-Jun-01 09:38 UTC
[Samba] Migration 3.5 to 4.x, realm identical to domain
Le mercredi 01 juin 2022 ? 10:08 +0100, Rowland Penny via samba a ?crit?:> On Wed, 2022-06-01 at 11:01 +0200, Philippe Maladjian wrote: > > Le mercredi 01 juin 2022 ? 09:29 +0100, Rowland Penny via samba a > > ?crit : > > > On Wed, 2022-06-01 at 08:59 +0200, Philippe Maladjian wrote: > > > > That's exactly what I do. I copied the VM from my samba 3.5 and > > > > created a VM of a user station, all placed in a dedicated > > > > network > > > > that does not communicate with the prod network. After adding > > > > the > > > > VM > > > > pc to the domain at 3.5 test, I make several > > > > connection/disconnection > > > > attempts to make sure that the rights management works > > > > correctly. > > > > > > > > To perform the migration by changing the domain name I should > > > > follow > > > > this procedure: > > > > - take the test pc out of the domain; > > > > > > If by 'pc' you mean the Samba PDC, then yes, but I would 'clone' > > > it > > > and > > > then place this on a separate subnet that isn't connected to your > > > production network. > > > > No 'pc' is a Windows user station that I cloned by a p2v to my test > > network. > > You need to clone your Samba PDC, this is what holds your users & > groups in ldap.I cloned a user workstation and the Samba domain controller (ldap/dns/dhcp) to my test network.> > Rowland > > >
If I know what files in Samba's private folder I can delete and remove the join using one of my other DC, I don't know if I can delete the entire folder. How do I switch the DC from MIT to Heimdal? Modifying DNS is off the table for right now, because it could cripple my entire network's Name resolution. The file server issue deals with the relative smallness of my network. I don't keep all DCs or all servers active at one time. Only one server runs constantly.