If I know what files in Samba's private folder I can delete and remove the join using one of my other DC, I don't know if I can delete the entire folder. How do I switch the DC from MIT to Heimdal? Modifying DNS is off the table for right now, because it could cripple my entire network's Name resolution. The file server issue deals with the relative smallness of my network. I don't keep all DCs or all servers active at one time. Only one server runs constantly.
Just answering this for now: On Wed, 2022-06-01 at 05:49 -0400, Zombie Ryushu via samba wrote:> How do I switch the DC from MIT to Heimdal?That is just a matter of the packages installed. If you use a build with the defaults, it will be the internal Heimdal. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions
On Wed, 2022-06-01 at 05:49 -0400, Zombie Ryushu via samba wrote:> If I know what files in Samba's private folder I can delete and > remove > the join using one of my other DC, I don't know if I can delete the > entire folder.You need to demote a DC first, forcibly if necessary, then purge Samba.> > How do I switch the DC from MIT to Heimdal?Join another DC that uses the builtin Heimdal, either by using a distro that uses it by default, finding Samba packages for your distro that use Heimdal or by compiling Samba yourself.> > Modifying DNS is off the table for right now, because it could > cripple > my entire network's Name resolution.You are crippling your DC's now, they are supposed to be authoritative for the AD dns domain.> > The file server issue deals with the relative smallness of my > network. I > don't keep all DCs or all servers active at one time. Only one > server > runs constantly.Do you have multiple DC's ? if so, they will get out of sync unless they are all on at the same time. Rowland
On Wed, 2022-06-01 at 05:49 -0400, Zombie Ryushu via samba wrote:> If I know what files in Samba's private folder I can delete and > remove > > the join using one of my other DC, I don't know if I can delete the > > entire folder.If you do have another full, working DC then rejoining the domain would be a good, easy idea. Just re-run the same samba-tool domain join command you did to build this DC and it will overwrite everything (so take care!). You may have to delete secrets.ldb and secrets.tdb first to get past the foot- shooting protection. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Team Lead, Catalyst IT https://catalyst.net.nz/services/samba Samba Development and Support, Catalyst IT - Expert Open Source Solutions